Searches redirected and browser keeps reverting to proxy

Inactive
By bpm120
Oct 21, 2010
Topic Status:
Not open for further replies.
  1. If someone could help me out with this issue I would greatly appreciate it.

    - links on searches ( google ) goto unintended sites.
    - Internet has become really slow since this has been happening
    - Broswer (s) have started to divert to a proxy 127.0.0.1:50370


    It is a Windows 7 /64 machine so no Gmer Log.
    -----------------------------------------------------

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4905

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    10/21/2010 4:57:21 PM
    mbam-log-2010-10-21 (16-57-21).txt

    Scan type: Quick scan
    Objects scanned: 150789
    Time elapsed: 8 minute(s), 12 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    ---------------------------------------------------------


    DDS (Ver_10-10-21.02) - NTFS_AMD64
    Run by Y at 17:07:45.87 on Thu 10/21/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2313 [GMT -5:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    C:\Windows\twain_32\fjscan32\FJTWMKSV.exe
    C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\Program Files (x86)\Tether\TBService.exe
    C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Windows\twain_32\Fjscan32\ERG\FTErGuid.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\BatteryBar\BatteryBar.exe
    C:\Program Files (x86)\DeskPins\DeskPins.exe
    C:\Users\Y\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\Launch Manager\LManager.EXE
    C:\Program Files (x86)\Video Web Camera\traybar.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Java\jre6\bin\jusched.exe
    C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
    C:\Windows\twain_32\Fjscan32\FjtwMkup.exe
    C:\Windows\twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
    C:\Windows\twain_32\Fjscan32\FiWiaChecker.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\igfxext.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~2\FOXITS~1\FOXITR~1\FOXITR~1.EXE
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Y\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Users\Y\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=ec14_series&r=273603109106l0333z125a49l1w94q
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=ec14_series&r=273603109106l0333z125a49l1w94q
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=ec14_series&r=273603109106l0333z125a49l1w94q
    uInternet Settings,ProxyServer = http=127.0.0.1:50370
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Google Update] "C:\Users\Y\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
    uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
    mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
    mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    mRun: [FtLnSOP_setup] C:\Windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe
    mRun: [FJTWAIN Setup] C:\Windows\Twain_32\fjscan32\FjtwMkup.exe /Station
    mRun: [FTPWRENV] C:\Windows\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
    mRun: [FiWIA Service Checker] C:\Windows\Twain_32\Fjscan32\FiWiaChecker.exe
    mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    StartupFolder: C:\Users\Y\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BATTER~1.LNK - C:\Program Files\BatteryBar\BatteryBar.exe
    StartupFolder: C:\Users\Y\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DeskPins.lnk - C:\Program Files (x86)\DeskPins\DeskPins.exe
    StartupFolder: C:\Users\Y\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Y\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Y\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    StartupFolder: C:\Users\Y\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ERRORR~1.LNK - C:\Windows\twain_32\Fjscan32\ERG\FTErGuid.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    TCP: {E6C5314C-A8BA-4188-8093-6664DC53004B} = 208.67.222.222,208.67.220.220
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
    mRun-x64: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    mRun-x64: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\830egp9q.default\
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 50370
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\830egp9q.default\extensions\{000a9d1c-beef-4f90-9363-039d445309b8}\lib\ff36\gears.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.27\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Y\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Users\Y\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Y\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\System32\drivers\BtHidBus.sys [2009-1-7 24840]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-10-21 135336]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-10-21 267432]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-10-21 81072]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-10-23 844320]
    R2 FJTWMKSV;FJTWMKSV;C:\Windows\twain_32\Fjscan32\FJTWMKSV.exe [2010-3-17 45056]
    R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
    R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2010-3-9 14112]
    R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2010-3-7 11576]
    R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
    R2 Tether;Tether;C:\Program Files (x86)\Tether\TBService.exe [2010-4-10 49080]
    R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-10-23 240160]
    R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-7-29 130560]
    R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-7-29 952832]
    R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-7-29 484864]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-5-26 138752]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-10-23 6952960]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-7 133104]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-5-26 40448]
    S3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\System32\drivers\btnetBus.sys [2008-12-7 35848]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-4-10 35104]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-3-17 30192]
    S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\System32\drivers\IvtBtBus.sys [2008-7-2 31624]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-10-23 57344]
    S3 PTDUBus;PANTECH UM175 Composite Device Driver ;C:\Windows\System32\drivers\PTDUBus.sys [2010-8-28 70672]
    S3 PTDUMdm;PANTECH UM175 Drivers;C:\Windows\System32\drivers\PTDUMdm.sys [2010-8-28 173456]
    S3 PTDUVsp;PANTECH UM175 Diagnostic Port;C:\Windows\System32\drivers\PTDUVsp.sys [2010-8-28 173456]
    S3 PTDUWFLT;PTDUWWAN Filter Driver;C:\Windows\System32\drivers\PTDUWFLT.sys [2010-8-28 12688]
    S3 PTDUWWAN;PANTECH UM175 WWAN Driver;C:\Windows\System32\drivers\PTDUWWAN.sys [2010-8-28 141840]
    S3 qrkis;Tether Miniport;C:\Windows\System32\drivers\qrkis.sys [2010-4-2 50856]
    S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
    S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2010-2-12 43664]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]

    =============== Created Last 30 ================

    2010-10-21 22:01:07 -------- d-----w- C:\Users\Y\AppData\Roaming\Avira
    2010-10-21 19:20:09 81072 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2010-10-21 19:20:08 -------- d-----w- C:\Program Files (x86)\Avira
    2010-10-21 19:20:08 -------- d-----w- C:\PROGRA~3\Avira
    2010-10-20 22:47:45 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
    2010-10-20 22:47:45 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    2010-10-20 05:04:15 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPLHN.DLL
    2010-10-12 07:27:15 -------- d-----w- C:\Users\Y\AppData\Local\WDC
    2010-10-12 07:20:57 -------- d-----w- C:\PROGRA~3\Western Digital
    2010-10-12 07:20:03 -------- d-----w- C:\Program Files\Western Digital
    2010-10-12 07:20:03 -------- d-----w- C:\Program Files (x86)\Western Digital
    2010-10-12 07:19:39 -------- d-----w- C:\Users\Y\AppData\Local\Western Digital
    2010-10-11 20:36:38 -------- d-----w- C:\Users\Y\AppData\Roaming\Malwarebytes
    2010-10-11 20:36:29 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-10-11 20:36:28 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-10-11 20:36:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-10-11 20:36:28 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-10-11 16:46:45 -------- d-----w- C:\portableapps
    2010-10-11 16:43:38 -------- d-----w- C:\PROGRA~3\STOPzilla!
    2010-10-04 16:08:58 -------- d-----w- C:\starts and Turns

    ==================== Find3M ====================


    ============= FINISH: 17:08:34.00 ===============

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Welcome aboard [​IMG]

    Please, observe board's rule: http://www.techspot.com/vb/topic154928.html

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/


    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    • Close SUPERAntiSpyware.
    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    • Open SUPERAntiSpyware.
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Copy and paste the Scan Log results in your next reply with a new HijackThis log.
    • Click Close to exit the program.

    Post SUPERAntiSpyware log.

    ===================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
  3. bpm120

    bpm120 Newcomer, in training Topic Starter

    Thanks for replying sorry so long to get back to you. Here are the two logs that you asked for.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/25/2010 at 03:55 PM

    Application Version : 4.44.1000

    Core Rules Database Version : 5749
    Trace Rules Database Version: 3561

    Scan type : Complete Scan
    Total Scan Time : 01:59:06

    Memory items scanned : 319
    Memory threats detected : 0
    Registry items scanned : 14939
    Registry threats detected : 0
    File items scanned : 201780
    File threats detected : 1

    Trojan.Vundo-Variant/F
    C:\WINDOWS\TWAIN_32\FJSCAN32\V09L21\OCR\FJ\F5BDKAKU.DLL


    ---------------------------------------------------------------

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Gateway
    BIOS Manufacturer: INSYDE
    System Manufacturer: Gateway
    System Product Name: EC14 Series
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 201):
    0x0304D000 \SystemRoot\system32\ntoskrnl.exe
    0x03004000 \SystemRoot\system32\hal.dll
    0x00BBD000 \SystemRoot\system32\kdcom.dll
    0x00C05000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00C49000 \SystemRoot\system32\PSHED.dll
    0x00C5D000 \SystemRoot\system32\CLFS.SYS
    0x00CBB000 \SystemRoot\system32\CI.dll
    0x00E5C000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F00000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x01086000 \SystemRoot\System32\Drivers\spgj.sys
    0x011AC000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x011B5000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x01057000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x01061000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F0F000 \SystemRoot\system32\DRIVERS\pci.sys
    0x0106E000 \SystemRoot\System32\drivers\partmgr.sys
    0x011E4000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x011ED000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00F42000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00F57000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FB3000 \SystemRoot\System32\drivers\mountmgr.sys
    0x01237000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x01353000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x0135C000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x01386000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01391000 \SystemRoot\system32\drivers\fltmgr.sys
    0x013DD000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01446000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x00D7B000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x0160D000 \SystemRoot\System32\Drivers\cng.sys
    0x01680000 \SystemRoot\System32\drivers\pcw.sys
    0x01691000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x0169B000 \SystemRoot\system32\drivers\ndis.sys
    0x0178D000 \SystemRoot\system32\drivers\NETIO.SYS
    0x0141A000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01803000 \SystemRoot\System32\drivers\tcpip.sys
    0x00E00000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01ADE000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01B2A000 \SystemRoot\System32\Drivers\spldr.sys
    0x01B32000 \SystemRoot\SysWOW64\speedfan.sys
    0x01B39000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01B73000 \SystemRoot\System32\Drivers\mup.sys
    0x01B85000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01B8E000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01BC8000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01A00000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01A30000 \SystemRoot\System32\Drivers\BtHidBus.sys
    0x02FA3000 \SystemRoot\System32\Drivers\Null.SYS
    0x02FAC000 \SystemRoot\System32\Drivers\Beep.SYS
    0x02FB3000 \SystemRoot\System32\drivers\vga.sys
    0x02FC1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02FE6000 \SystemRoot\System32\drivers\watchdog.sys
    0x02FF6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02E00000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02E09000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x02E12000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02E1D000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02F79000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x02E2E000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x01A43000 \SystemRoot\system32\drivers\afd.sys
    0x03C16000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x03C5B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x03C64000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x03C8A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x03CA0000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x03CAF000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x03CCA000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
    0x03CD6000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
    0x03D04000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03D18000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x03D22000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x03D2C000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03D7D000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03D89000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03D94000 \SystemRoot\System32\drivers\discache.sys
    0x03DA3000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03DC1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03DD2000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x01200000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03C00000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x03DF4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x03E6A000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
    0x04644000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04738000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x0477E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x0478B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x047E1000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x04600000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x04A21000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
    0x050CE000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x050DB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x050F9000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
    0x05105000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x05114000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x0515D000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x0515F000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x0516E000 \SystemRoot\System32\Drivers\a5j0tgle.SYS
    0x051B1000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x051BA000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x051CA000 \SystemRoot\System32\Drivers\RootMdm.sys
    0x051D2000 \SystemRoot\system32\drivers\modem.sys
    0x051E1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x0456C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x04A00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x04590000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x04624000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x045BF000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x045E0000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
    0x04A0C000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
    0x03E22000 \SystemRoot\system32\DRIVERS\mcdbus.sys
    0x00FCD000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
    0x04A14000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x05480000 \SystemRoot\system32\DRIVERS\ks.sys
    0x054C3000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x054D5000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x0552F000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x05544000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x0556E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x07015000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x0557B000 \SystemRoot\system32\drivers\portcls.sys
    0x055B8000 \SystemRoot\system32\drivers\drmk.sys
    0x071F4000 \SystemRoot\system32\drivers\ksthunk.sys
    0x05400000 \SystemRoot\system32\drivers\IntcHdmi.sys
    0x05427000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x00060000 \SystemRoot\System32\win32k.sys
    0x07000000 \SystemRoot\System32\drivers\Dxapi.sys
    0x055DA000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x02E3B000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x055E8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x047F2000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x005C0000 \SystemRoot\System32\TSDDD.dll
    0x006D0000 \SystemRoot\System32\cdd.dll
    0x02F57000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x02294000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x022C2000 \SystemRoot\system32\drivers\luafv.sys
    0x022E5000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x02302000 \SystemRoot\system32\drivers\WudfPf.sys
    0x02323000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x0232F000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x02344000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x02397000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x023AA000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x02A1B000 \SystemRoot\system32\drivers\HTTP.sys
    0x02AE3000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x02B01000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x02B19000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x02B45000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x02B92000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x074A2000 \SystemRoot\system32\drivers\peauth.sys
    0x07548000 \??\C:\Windows\system32\drivers\regi.sys
    0x07550000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0755B000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x07588000 \??\C:\Windows\system32\Drivers\SSPORT.sys
    0x07590000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x07400000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x076EF000 \SystemRoot\System32\DRIVERS\srv.sys
    0x07789000 \??\C:\Programs Stand Alone - 1801 Tray\WinRing0x64.sys
    0x07600000 \SystemRoot\system32\drivers\spsys.sys
    0x779A0000 \Windows\System32\ntdll.dll
    0x47600000 \Windows\System32\smss.exe
    0xFFCC0000 \Windows\System32\apisetschema.dll
    0xFFDB0000 \Windows\System32\autochk.exe
    0xFFBA0000 \Windows\System32\msctf.dll
    0xFFB30000 \Windows\System32\gdi32.dll
    0xFFA60000 \Windows\System32\usp10.dll
    0xFF8E0000 \Windows\System32\urlmon.dll
    0xFF890000 \Windows\System32\Wldap32.dll
    0xFF860000 \Windows\System32\imm32.dll
    0xFF780000 \Windows\System32\oleaut32.dll
    0xFF730000 \Windows\System32\ws2_32.dll
    0xFF650000 \Windows\System32\advapi32.dll
    0xFF5B0000 \Windows\System32\comdlg32.dll
    0x77B70000 \Windows\System32\normaliz.dll
    0xFF530000 \Windows\System32\shlwapi.dll
    0x77880000 \Windows\System32\kernel32.dll
    0xFF490000 \Windows\System32\clbcatq.dll
    0xFE700000 \Windows\System32\shell32.dll
    0xFE660000 \Windows\System32\msvcrt.dll
    0xFE650000 \Windows\System32\lpk.dll
    0xFE470000 \Windows\System32\setupapi.dll
    0xFE340000 \Windows\System32\wininet.dll
    0x77780000 \Windows\System32\user32.dll
    0xFE320000 \Windows\System32\sechost.dll
    0xFE300000 \Windows\System32\imagehlp.dll
    0xFE1D0000 \Windows\System32\rpcrt4.dll
    0x77B60000 \Windows\System32\psapi.dll
    0xFDF70000 \Windows\System32\iertutil.dll
    0xFDEF0000 \Windows\System32\difxapi.dll
    0xFDEE0000 \Windows\System32\nsi.dll
    0xFDCD0000 \Windows\System32\ole32.dll
    0xFDC30000 \Windows\System32\comctl32.dll
    0xFDC10000 \Windows\System32\devobj.dll
    0xFDBD0000 \Windows\System32\wintrust.dll
    0xFDB60000 \Windows\System32\KernelBase.dll
    0xFD9F0000 \Windows\System32\crypt32.dll
    0xFD9B0000 \Windows\System32\cfgmgr32.dll
    0xFD9A0000 \Windows\System32\msasn1.dll
    0x75900000 \Windows\SysWOW64\normaliz.dll

    Processes (total 93):
    0 System Idle Process
    4 System
    308 C:\Windows\System32\smss.exe
    444 csrss.exe
    504 C:\Windows\System32\wininit.exe
    520 csrss.exe
    552 C:\Windows\System32\services.exe
    576 C:\Windows\System32\lsass.exe
    584 C:\Windows\System32\lsm.exe
    692 C:\Windows\System32\svchost.exe
    764 C:\Windows\System32\winlogon.exe
    820 C:\Windows\System32\svchost.exe
    892 C:\Windows\System32\svchost.exe
    992 C:\Windows\System32\svchost.exe
    328 C:\Windows\System32\svchost.exe
    340 C:\Windows\System32\audiodg.exe
    816 C:\Windows\System32\svchost.exe
    1080 C:\Windows\System32\svchost.exe
    1300 C:\Windows\System32\spoolsv.exe
    1352 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1376 C:\Windows\System32\svchost.exe
    1528 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    1548 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1580 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    1712 C:\Windows\System32\taskhost.exe
    1824 C:\Windows\System32\dwm.exe
    1864 C:\Windows\explorer.exe
    1916 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1940 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    2004 C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    2044 C:\Windows\twain_32\Fjscan32\FJTWMKSV.exe
    1104 C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    1560 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    1780 C:\Windows\System32\conhost.exe
    1276 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    1228 C:\Windows\System32\svchost.exe
    2096 C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    2136 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2360 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    2368 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    2392 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    2400 C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    2448 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2484 C:\Windows\System32\igfxtray.exe
    2496 C:\Windows\System32\hkcmd.exe
    2504 C:\Windows\System32\igfxpers.exe
    2568 C:\Windows\System32\igfxsrvc.exe
    2620 C:\Program Files (x86)\Skype\Phone\Skype.exe
    2748 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    2760 C:\Windows\twain_32\Fjscan32\ERG\FTErGuid.exe
    3008 C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    3028 C:\Program Files (x86)\Launch Manager\LManager.EXE
    3036 C:\Program Files (x86)\Video Web Camera\traybar.exe
    3048 C:\Program Files (x86)\Java\jre6\bin\jusched.exe
    3056 C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
    3064 C:\Windows\twain_32\Fjscan32\FjtwMkup.exe
    1832 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    1672 C:\Windows\twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
    1652 C:\Windows\twain_32\Fjscan32\FiWiaChecker.exe
    1732 C:\Windows\System32\taskeng.exe
    472 C:\Programs Stand Alone - 1801 Tray\1810Tray.exe
    2412 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    2724 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    980 C:\Program Files\BatteryBar\BatteryBar.exe
    468 C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    1248 C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe
    932 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    2840 C:\Program Files (x86)\DeskPins\DeskPins.exe
    2924 C:\Users\Y\AppData\Roaming\Dropbox\bin\Dropbox.exe
    3044 C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    1840 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    2632 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    2660 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    3564 C:\Windows\System32\igfxext.exe
    3632 C:\Windows\System32\wbem\unsecapp.exe
    3764 WmiPrvSE.exe
    3888 C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    3136 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
    3988 C:\Program Files\iPod\bin\iPodService.exe
    3600 C:\Windows\System32\SearchIndexer.exe
    4128 C:\Windows\System32\svchost.exe
    4172 C:\Windows\System32\svchost.exe
    4604 C:\Windows\System32\SearchProtocolHost.exe
    4772 C:\Windows\System32\svchost.exe
    5088 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5000 C:\Windows\System32\svchost.exe
    4084 C:\Windows\System32\sppsvc.exe
    1388 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    2184 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    4872 C:\Users\Y\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    2416 C:\Windows\System32\SearchFilterHost.exe
    4192 C:\Users\Y\Desktop\MBRCheck.exe
    2564 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`06500000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHTS545050B9A300, Rev: PB4OC60F

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
  4. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Which browser is getting redirected?
    Did you try different browser? Same issue?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  5. bpm120

    bpm120 Newcomer, in training Topic Starter

    Please note I tried pasting the OTL logs into the message but it surpasses the 50k character limit.

    The proxy changes are happening in google Chrome and my primary browser firefox. When I swtich the proxy back the redirection does not SEEM to happen. However, the browsers revert to the proxy settings after a bit after I change them to no proxy. The browser is reverting them back or something is "telling" the browser to revert back to the proxy settings. These are not proxy settings I have put in myself nor any program that I think I using that is doing such.


    I have run OTL three times trying to get it to spit out an extras file. I can not.

    I searched on my computer to the file to no avail also.

    I downloaded the OTL program from the link that was given above and did not change any settings.

    Attached Files:

    • OTL.Txt
      File size:
      115 KB
      Views:
      1
  6. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    http://www.techspot.com/vb/topic154928.html
  7. bpm120

    bpm120 Newcomer, in training Topic Starter

    OTL logfile created on: 10/26/2010 12:25:56 PM - Run 4
    OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Y\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free
    8.00 Gb Paging File | 5.00 Gb Available in Paging File | 63.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 453.66 Gb Total Space | 14.24 Gb Free Space | 3.14% Space Free | Partition Type: NTFS
    Drive D: | 3.50 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: YCOMP | User Name: Y | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/25 23:09:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Y\Desktop\OTL.exe
    PRC - [2010/10/12 16:59:03 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    PRC - [2010/10/12 16:58:53 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    PRC - [2010/03/05 10:32:28 | 001,135,912 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/02/26 00:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Y\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    PRC - [2009/10/21 14:58:56 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\Fjscan32\FiWiaChecker.exe
    PRC - [2009/09/24 07:14:46 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE
    PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    PRC - [2009/08/28 00:29:16 | 000,286,720 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\Fjscan32\ERG\FTErGuid.exe
    PRC - [2009/07/08 16:45:34 | 000,131,072 | ---- | M] (FUJITSU LIMITED) -- C:\Windows\twain_32\Fjscan32\FjtwMkup.exe
    PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    PRC - [2009/07/02 17:52:38 | 003,310,080 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe
    PRC - [2009/06/29 16:45:28 | 000,630,784 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
    PRC - [2009/06/04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/04/23 07:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    PRC - [2009/04/23 07:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    PRC - [2009/04/16 01:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    PRC - [2008/12/09 22:54:40 | 000,143,360 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
    PRC - [2007/10/16 19:58:38 | 000,045,056 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
    PRC - [2007/03/08 16:23:04 | 000,045,056 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\Fjscan32\FJTWMKSV.exe
    PRC - [2004/05/02 12:02:51 | 000,062,464 | ---- | M] (Elias Fotinis) -- C:\Program Files (x86)\DeskPins\DeskPins.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/25 23:09:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Y\Desktop\OTL.exe
    MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/07/29 15:27:20 | 000,130,560 | ---- | M] (WDC) [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
    SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2009/10/29 14:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2009/09/04 13:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
    SRV - [2010/07/29 15:25:00 | 000,952,832 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
    SRV - [2010/07/29 15:24:16 | 000,484,864 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
    SRV - [2010/07/07 07:42:57 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
    SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2007/03/08 16:23:04 | 000,045,056 | ---- | M] (PFU LIMITED) [Auto | Running] -- C:\Windows\twain_32\Fjscan32\FJTWMKSV.exe -- (FJTWMKSV)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VcommMgr.sys -- (VcommMgr)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VComm.sys -- (VComm)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwmodem.sys -- (btwmodem)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwhid.sys -- (btwhid)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwdndis.sys -- (BTWDNDIS)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btport.sys -- (BTDriver)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btcusb.sys -- (Btcsrusb)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btaudio.sys -- (btaudio)
    DRV:64bit: - [2010/06/30 15:18:41 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010/03/02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2010/02/16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2009/12/17 14:58:04 | 000,145,360 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
    DRV:64bit: - [2009/10/16 09:23:00 | 000,050,856 | ---- | M] (Tether) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qrkis.sys -- (qrkis)
    DRV:64bit: - [2009/09/20 22:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/09/14 23:40:00 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
    DRV:64bit: - [2009/08/28 21:15:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2009/08/28 21:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2009/08/28 21:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2009/08/12 06:14:16 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUMdm.sys -- (PTDUMdm)
    DRV:64bit: - [2009/08/12 06:14:16 | 000,141,840 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUWWAN.sys -- (PTDUWWAN)
    DRV:64bit: - [2009/08/12 06:14:16 | 000,070,672 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUBus.sys -- (PTDUBus)
    DRV:64bit: - [2009/08/12 06:14:16 | 000,012,688 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUWFLT.sys -- (PTDUWFLT)
    DRV:64bit: - [2009/08/12 06:14:12 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUVsp.sys -- (PTDUVsp)
    DRV:64bit: - [2009/07/28 15:35:52 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/06/18 07:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/05/26 08:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
    DRV:64bit: - [2009/05/26 04:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/27 03:25:58 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
    DRV:64bit: - [2009/04/07 17:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2009/03/02 14:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
    DRV:64bit: - [2009/03/02 14:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
    DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2009/01/07 23:38:18 | 000,024,840 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
    DRV:64bit: - [2008/12/07 12:44:56 | 000,035,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
    DRV:64bit: - [2008/08/19 22:16:42 | 000,056,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwusb.sys -- (BTWUSB)
    DRV:64bit: - [2008/07/02 14:58:50 | 000,031,624 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
    DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2008/03/28 10:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\OEM\factory\int15.sys -- (int15.sys)
    DRV:64bit: - [2007/04/17 12:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
    DRV - [2010/10/21 22:34:51 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Programs Stand Alone - 1801 Tray\WinRing0x64.sys -- (WinRing0_1_2_0)
    DRV - [2009/05/25 15:43:58 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys -- (SMSIVZAM5X64)
    DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2007/02/07 13:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=ec14_series&r=273603109106l0333z125a49l1w94q
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=ec14_series&r=273603109106l0333z125a49l1w94q
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=ec14_series&r=273603109106l0333z125a49l1w94q
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=ec14_series&r=273603109106l0333z125a49l1w94q

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=ec14_series&r=273603109106l0333z125a49l1w94q
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
    FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
    FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
    FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0
    FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/20 17:47:53 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/20 17:47:46 | 000,000,000 | ---D | M]

    [2010/03/06 08:34:37 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Mozilla\Extensions
    [2010/10/25 17:52:56 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\830egp9q.default\extensions
    [2010/04/27 09:02:21 | 000,000,000 | ---D | M] (Google Gears) -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\830egp9q.default\extensions\{000a9d1c-beef-4f90-9363-039d445309b8}
    [2010/04/27 09:02:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\830egp9q.default\extensions\{000a9d1c-beef-4f90-9363-039d445309b8}-trash
    [2010/03/13 22:20:15 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\830egp9q.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
    [2010/09/17 11:23:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\830egp9q.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
    [2010/03/13 22:20:16 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\830egp9q.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
    [2010/03/13 22:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\830egp9q.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
    [2010/10/22 12:44:41 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\hlhi8az4.extended\extensions
    [2010/10/20 10:28:52 | 000,002,278 | ---- | M] () -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\830egp9q.default\searchplugins\aopa-airports.xml
    [2010/10/25 19:25:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/03/16 15:05:36 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

    O1 HOSTS File: ([2010/10/11 11:49:40 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [FiWIA Service Checker] C:\Windows\twain_32\Fjscan32\FiWiaChecker.exe (PFU LIMITED)
    O4 - HKLM..\Run: [FJTWAIN Setup] C:\Windows\Twain_32\fjscan32\FjtwMkup.exe (FUJITSU LIMITED)
    O4 - HKLM..\Run: [FtLnSOP_setup] C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe (PFU LIMITED)
    O4 - HKLM..\Run: [FTPWRENV] C:\Windows\twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe (PFU LIMITED)
    O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.)
    O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
    O4 - HKCU..\Run: [ServiceName] c:\Programs Stand Alone - 1801 Tray\1801Tray.exe File not found
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Users\Y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BatteryBar.lnk = C:\Program Files\BatteryBar\BatteryBar.exe (Osiris Development)
    O4 - Startup: C:\Users\Y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk = C:\Program Files (x86)\DeskPins\DeskPins.exe (Elias Fotinis)
    O4 - Startup: C:\Users\Y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Y\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
    O4 - Startup: C:\Users\Y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O4 - Startup: C:\Users\Y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe File not found
    O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe File not found
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x64/MuCatalogWebControl.cab?1287552448678 (MUCatalogWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{0bef21ca-392e-11df-bdf4-00269eb3352b}\Shell - "" = AutoRun
    O33 - MountPoints2\{0bef21ca-392e-11df-bdf4-00269eb3352b}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
  8. bpm120

    bpm120 Newcomer, in training Topic Starter

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/10/25 23:09:18 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Y\Desktop\OTL.exe
    [2010/10/25 13:50:51 | 000,000,000 | ---D | C] -- C:\Users\Y\AppData\Roaming\SUPERAntiSpyware.com
    [2010/10/25 13:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/10/25 13:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2010/10/25 13:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/10/23 22:49:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
    [2010/10/23 13:00:55 | 006,187,744 | ---- | C] (ELTIMA Software ) -- C:\Users\Y\Desktop\application.exe
    [2010/10/22 22:06:00 | 000,000,000 | ---D | C] -- C:\Users\Y\Desktop\pics to file
    [2010/10/22 01:19:44 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Y\Desktop\SUPERAntiSpyware.exe
    [2010/10/22 00:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fiddler2
    [2010/10/22 00:43:40 | 000,620,184 | ---- | C] (Eric Lawrence) -- C:\Users\Y\Desktop\Fiddler2Setup.exe
    [2010/10/21 22:34:45 | 000,000,000 | ---D | C] -- C:\Programs Stand Alone - 1801 Tray
    [2010/10/21 17:01:07 | 000,000,000 | ---D | C] -- C:\Users\Y\AppData\Roaming\Avira
    [2010/10/21 14:20:09 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
    [2010/10/21 14:20:09 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
    [2010/10/21 14:20:09 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
    [2010/10/21 14:20:09 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
    [2010/10/21 14:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2010/10/21 14:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
    [2010/10/20 00:29:15 | 000,000,000 | ---D | C] -- C:\Users\Y\Desktop\Microsoft driver update for hp psc 1300 series
    [2010/10/18 17:37:57 | 000,000,000 | ---D | C] -- C:\Users\Y\Desktop\clean me up
    [2010/10/15 19:26:00 | 000,000,000 | ---D | C] -- C:\Users\Y\Desktop\2009 Taxes
    [2010/10/12 02:27:15 | 000,000,000 | ---D | C] -- C:\Users\Y\AppData\Local\WDC
    [2010/10/12 02:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
    [2010/10/12 02:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
    [2010/10/12 02:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
    [2010/10/12 02:19:39 | 000,000,000 | ---D | C] -- C:\Users\Y\AppData\Local\Western Digital
    [2010/10/11 15:36:38 | 000,000,000 | ---D | C] -- C:\Users\Y\AppData\Roaming\Malwarebytes
    [2010/10/11 15:36:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/10/11 15:36:28 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/10/11 15:36:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/10/11 15:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/10/11 11:46:45 | 000,000,000 | ---D | C] -- C:\portableapps
    [2010/10/11 11:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
    [2010/10/04 11:08:58 | 000,000,000 | ---D | C] -- C:\starts and Turns
    [2010/09/30 00:45:44 | 000,000,000 | ---D | C] -- C:\Users\Y\Desktop\These are duplicat MI pics from Jens Camera
    [2010/09/30 00:45:01 | 000,000,000 | ---D | C] -- C:\Users\Y\Desktop\Jens
    [2010/09/29 13:43:03 | 000,000,000 | ---D | C] -- C:\Users\Y\Desktop\Figure this out payments maybe flights
    [2010/03/07 12:01:43 | 000,212,992 | ---- | C] ( ) -- C:\Windows\SysWow64\Interop.ComctlLib.dll
    [2010/03/07 12:01:43 | 000,114,688 | ---- | C] ( ) -- C:\Windows\SysWow64\AxInterop.ComctlLib.dll
    [1 C:\Users\Y\*.tmp files -> C:\Users\Y\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/10/26 11:58:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1796360434-53067279-1229447859-1000UA.job
    [2010/10/26 11:36:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/10/26 10:47:37 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1796360434-53067279-1229447859-1000Core.job
    [2010/10/26 10:32:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/10/25 23:09:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Y\Desktop\OTL.exe
    [2010/10/25 18:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/10/25 16:10:26 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/10/25 16:10:26 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/10/25 16:07:23 | 000,080,384 | ---- | M] () -- C:\Users\Y\Desktop\MBRCheck.exe
    [2010/10/25 16:01:36 | 3144,871,936 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/25 13:50:47 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/10/25 13:49:34 | 000,001,116 | ---- | M] () -- C:\Users\Y\Desktop\1810Tray.exe - Shortcut.lnk
    [2010/10/23 22:49:59 | 000,001,014 | ---- | M] () -- C:\Users\Y\Desktop\SpeedFan.lnk
    [2010/10/23 22:49:57 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
    [2010/10/23 22:47:19 | 001,967,336 | ---- | M] () -- C:\Users\Y\Desktop\installspeedfan441.exe
    [2010/10/23 19:27:42 | 000,007,601 | ---- | M] () -- C:\Users\Y\AppData\Local\Resmon.ResmonCfg
    [2010/10/23 13:34:48 | 000,163,562 | ---- | M] () -- C:\Users\Y\Desktop\Modify your budget.com rese....pdf
    [2010/10/23 13:01:10 | 006,187,744 | ---- | M] (ELTIMA Software ) -- C:\Users\Y\Desktop\application.exe
    [2010/10/23 12:28:14 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/10/23 12:28:14 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/10/23 12:28:14 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/10/22 20:41:34 | 000,088,094 | ---- | M] () -- C:\Users\Y\Desktop\Falcon certificate of insurance 7825t.pdf
    [2010/10/22 12:42:39 | 000,119,296 | ---- | M] () -- C:\Users\Y\Desktop\Pilots.xls
    [2010/10/22 12:39:24 | 000,027,583 | ---- | M] () -- C:\Users\Y\Desktop\pilots.csv
    [2010/10/22 10:51:20 | 000,011,589 | ---- | M] () -- C:\Users\Y\Documents\Dickey History.pdf
    [2010/10/22 09:59:54 | 000,008,162 | ---- | M] () -- C:\Users\Y\Documents\Ward.pdf
    [2010/10/22 01:20:12 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Y\Desktop\SUPERAntiSpyware.exe
    [2010/10/22 00:43:43 | 000,620,184 | ---- | M] (Eric Lawrence) -- C:\Users\Y\Desktop\Fiddler2Setup.exe
    [2010/10/21 22:33:00 | 000,400,445 | ---- | M] () -- C:\Users\Y\Desktop\1810tray.52.zip
    [2010/10/21 22:03:20 | 000,058,859 | ---- | M] () -- C:\Users\Y\Documents\Untitled.wma
    [2010/10/21 14:20:16 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2010/10/21 14:13:16 | 044,089,904 | ---- | M] () -- C:\Users\Y\Desktop\avira_antivir_personal_en.exe
    [2010/10/21 14:10:41 | 000,247,981 | ---- | M] () -- C:\Users\Y\Desktop\UPDATED 8-step Viruses_Spyw....pdf
    [2010/10/21 01:45:01 | 000,150,528 | ---- | M] () -- C:\Users\Y\Documents\Treasurer Temp.xls
    [2010/10/20 17:47:49 | 000,001,970 | ---- | M] () -- C:\Users\Y\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/10/20 16:09:39 | 000,346,980 | ---- | M] () -- C:\Users\Y\Desktop\Payments inport - 101020.ods
    [2010/10/19 17:27:03 | 000,007,630 | ---- | M] () -- C:\Users\Y\Documents\Mike Watkins.pdf
    [2010/10/12 02:20:55 | 000,000,137 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2010/10/12 02:20:51 | 000,001,325 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
    [2010/10/11 13:39:40 | 000,001,368 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
    [2010/10/11 11:19:17 | 000,000,046 | ---- | M] () -- C:\Windows\wininit.ini
    [2010/10/08 17:20:51 | 000,264,717 | ---- | M] () -- C:\Users\Y\Desktop\BrakeRebate.pdf
    [2010/10/08 11:41:09 | 000,007,346 | ---- | M] () -- C:\Users\Y\Documents\mckenna - John - Final.pdf
    [2010/10/06 22:38:18 | 000,006,864 | ---- | M] () -- C:\Users\Y\Documents\Griswold.pdf
    [2010/10/02 01:11:44 | 000,021,504 | ---- | M] () -- C:\Users\Y\Documents\Note on Statement.doc
    [2010/10/01 20:25:07 | 000,080,808 | ---- | M] () -- C:\Users\Y\Desktop\Flight import ss - 1020.ods
    [2010/10/01 20:25:07 | 000,080,808 | ---- | M] () -- C:\Users\Y\Documents\Flight import ss - 100929.ods
    [2010/10/01 17:11:43 | 000,333,481 | ---- | M] () -- C:\Users\Y\Documents\Payments inport - 100930.ods
    [2010/09/28 17:33:00 | 000,026,979 | ---- | M] () -- C:\Users\Y\Documents\20100921 Pilots.prn
    [1 C:\Users\Y\*.tmp files -> C:\Users\Y\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/10/25 16:07:22 | 000,080,384 | ---- | C] () -- C:\Users\Y\Desktop\MBRCheck.exe
    [2010/10/25 13:50:47 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/10/25 13:49:34 | 000,001,116 | ---- | C] () -- C:\Users\Y\Desktop\1810Tray.exe - Shortcut.lnk
    [2010/10/23 22:49:59 | 000,001,014 | ---- | C] () -- C:\Users\Y\Desktop\SpeedFan.lnk
    [2010/10/23 22:49:57 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
    [2010/10/23 22:47:16 | 001,967,336 | ---- | C] () -- C:\Users\Y\Desktop\installspeedfan441.exe
    [2010/10/23 19:27:42 | 000,007,601 | ---- | C] () -- C:\Users\Y\AppData\Local\Resmon.ResmonCfg
    [2010/10/23 13:34:46 | 000,163,562 | ---- | C] () -- C:\Users\Y\Desktop\Modify your budget.com rese....pdf
    [2010/10/22 20:41:33 | 000,088,094 | ---- | C] () -- C:\Users\Y\Desktop\Falcon certificate of insurance 7825t.pdf
    [2010/10/22 12:42:38 | 000,119,296 | ---- | C] () -- C:\Users\Y\Desktop\Pilots.xls
    [2010/10/22 10:51:12 | 000,011,589 | ---- | C] () -- C:\Users\Y\Documents\Dickey History.pdf
    [2010/10/22 09:59:49 | 000,008,162 | ---- | C] () -- C:\Users\Y\Documents\Ward.pdf
    [2010/10/21 22:33:00 | 000,400,445 | ---- | C] () -- C:\Users\Y\Desktop\1810tray.52.zip
    [2010/10/21 22:03:19 | 000,058,859 | ---- | C] () -- C:\Users\Y\Documents\Untitled.wma
    [2010/10/21 14:20:16 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2010/10/21 14:11:09 | 044,089,904 | ---- | C] () -- C:\Users\Y\Desktop\avira_antivir_personal_en.exe
    [2010/10/21 14:10:37 | 000,247,981 | ---- | C] () -- C:\Users\Y\Desktop\UPDATED 8-step Viruses_Spyw....pdf
    [2010/10/20 12:39:14 | 000,346,980 | ---- | C] () -- C:\Users\Y\Desktop\Payments inport - 101020.ods
    [2010/10/20 12:39:05 | 000,080,808 | ---- | C] () -- C:\Users\Y\Desktop\Flight import ss - 1020.ods
    [2010/10/19 17:27:00 | 000,007,630 | ---- | C] () -- C:\Users\Y\Documents\Mike Watkins.pdf
    [2010/10/19 16:31:30 | 000,027,583 | ---- | C] () -- C:\Users\Y\Desktop\pilots.csv
    [2010/10/12 02:20:55 | 000,000,137 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2010/10/12 02:20:51 | 000,001,325 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
    [2010/10/11 13:39:21 | 000,001,368 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
    [2010/10/11 11:19:07 | 000,000,046 | ---- | C] () -- C:\Windows\wininit.ini
    [2010/10/08 17:23:19 | 000,264,717 | ---- | C] () -- C:\Users\Y\Desktop\BrakeRebate.pdf
    [2010/10/08 11:41:07 | 000,007,346 | ---- | C] () -- C:\Users\Y\Documents\mckenna - John - Final.pdf
    [2010/10/06 22:38:16 | 000,006,864 | ---- | C] () -- C:\Users\Y\Documents\Griswold.pdf
    [2010/09/29 13:59:53 | 000,080,808 | ---- | C] () -- C:\Users\Y\Documents\Flight import ss - 100929.ods
    [2010/09/29 13:50:42 | 000,333,481 | ---- | C] () -- C:\Users\Y\Documents\Payments inport - 100930.ods
    [2010/09/28 17:32:58 | 000,026,979 | ---- | C] () -- C:\Users\Y\Documents\20100921 Pilots.prn
    [2010/07/27 16:28:11 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\PROTOCOL.INI
    [2010/06/29 18:03:15 | 000,000,120 | ---- | C] () -- C:\Users\Y\AppData\Roaming\FixVTS.ini
    [2010/03/17 16:16:17 | 000,000,712 | ---- | C] () -- C:\Windows\FJTWSTI.INI
    [2010/03/16 10:33:20 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2010/03/09 19:00:02 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2010/03/09 19:00:02 | 000,000,088 | RHS- | C] () -- C:\ProgramData\215137770C.sys
    [2010/03/07 12:01:42 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\LFFPX7.DLL
    [2010/03/07 12:01:42 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\LFKODAK.DLL
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

    ========== LOP Check ==========

    [2010/03/17 05:07:07 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\allTunes
    [2010/05/24 20:30:29 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\BatteryBar
    [2010/10/25 16:02:46 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Dropbox
    [2010/07/26 00:27:17 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\esri
    [2010/03/16 15:05:46 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Foxit
    [2010/03/18 16:49:51 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Foxit Software
    [2010/03/17 16:51:11 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Fujitsu
    [2010/03/17 05:18:44 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\GHISLER
    [2010/07/26 19:47:36 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\GPS Utility
    [2010/03/17 05:13:48 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\IrfanView
    [2010/05/08 17:44:38 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Mp3tag
    [2010/03/16 14:49:44 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\OpenOffice.org
    [2010/06/21 08:53:19 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Research In Motion
    [2010/07/26 14:52:35 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\RipIt4Me
    [2010/04/17 13:56:26 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Tether
    [2009/07/14 00:08:49 | 000,027,916 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/10/23 19:02:28 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2010/07/26 02:15:58 | 049,304,674 | ---- | M] () -- C:\Detroit 80 North.tif
    [2010/10/25 16:01:36 | 3144,871,936 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/25 16:01:39 | 4193,165,312 | -HS- | M] () -- C:\pagefile.sys
    [2010/03/09 18:57:20 | 000,486,806 | ---- | M] () -- C:\vcredist_x86.log

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/07/10 15:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010/10/11 15:45:30 | 000,012,687 | ---- | M] () -- C:\Users\Y\AppData\Roaming\Microsoft\stor.cfg

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/03/06 08:24:29 | 000,000,221 | -HS- | M] () -- C:\Users\Y\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/10/23 13:01:10 | 006,187,744 | ---- | M] (ELTIMA Software ) -- C:\Users\Y\Desktop\application.exe
    [2010/10/21 14:13:16 | 044,089,904 | ---- | M] () -- C:\Users\Y\Desktop\avira_antivir_personal_en.exe
    [2010/10/22 00:43:43 | 000,620,184 | ---- | M] (Eric Lawrence) -- C:\Users\Y\Desktop\Fiddler2Setup.exe
    [2010/10/23 22:47:19 | 001,967,336 | ---- | M] () -- C:\Users\Y\Desktop\installspeedfan441.exe
    [2010/10/25 16:07:23 | 000,080,384 | ---- | M] () -- C:\Users\Y\Desktop\MBRCheck.exe
    [2010/10/25 23:09:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Y\Desktop\OTL.exe
    [2010/10/22 01:20:12 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Y\Desktop\SUPERAntiSpyware.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/08/14 18:51:32 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2010/08/14 18:51:33 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/07/26 17:52:55 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/07/26 17:52:55 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2010/08/14 18:51:33 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/03/06 07:55:13 | 000,000,402 | -HS- | M] () -- C:\Users\Y\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/06/07 13:02:44 | 000,000,088 | RHS- | M] () -- C:\ProgramData\215137770C.sys
    [2010/06/07 13:02:46 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
    [2010/10/12 02:20:55 | 000,000,137 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
  9. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    1.
    2. I still need Extras.txt log.
  10. bpm120

    bpm120 Newcomer, in training Topic Starter

    The answer to your questions are in a previous post. Sorry about not splitting the logs.

  11. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    OK. Let me take a look at OTL log.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    You're running extremely low on C drive free space:
    You have to start moving stuff out as soon, as possible.

    ========================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O4 - HKCU..\Run: [ServiceName] c:\Programs Stand Alone - 1801 Tray\1801Tray.exe File not found
      O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe File not found
      O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe File not found
      O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
      O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O20 - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      O33 - MountPoints2\{0bef21ca-392e-11df-bdf4-00269eb3352b}\Shell - "" = AutoRun
      O33 - MountPoints2\{0bef21ca-392e-11df-bdf4-00269eb3352b}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
      O33 - MountPoints2\D\Shell - "" = AutoRun
      O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
      [2010/10/11 11:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
      [1 C:\Users\Y\*.tmp files -> C:\Users\Y\*.tmp -> ]
      [2010/03/09 19:00:02 | 000,000,088 | RHS- | C] () -- C:\ProgramData\215137770C.sys
      
      
      :Services
      
      :Reg
      
      :Files
      ipconfig /flushdns /c
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
  13. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Are you still out there?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.