Solved System Check removal

[Andrew1234]

When I did Bootkit Remover and selected "Run As Administrator" the little windows logo was next to that too.

 

[Broni]

Go ahead with Combofix

 

[Andrew1234]

I have to uninstall AVG again?

 

[Broni]

Yes and when you do this see if those icons are still there.

 

[Andrew1234]

Ok. It took awhile last time so i may not post again until morning. Also, will the free Malwarebytes download bother combo fix this at all?

 

[Broni]

No, MBAM is fine.

 

[Andrew1234]

ComboFix won't work. After it gets to it's blue screen it says "The version of this file is not compatible with the version of Windows you're running".

 

[Broni]

Did you uninstall AVG?
Do you still have those icons after AVG removal?

 

[Andrew1234]

Yes I uninstalled AVG and yes the icons are still there.

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[Andrew1234]

Reinstall AVG first?

 

[Broni]

No, not yet.

 

[Andrew1234]

00:20:40.0229 1132 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
00:20:40.0494 1132 ============================================================
00:20:40.0494 1132 Current date / time: 2012/02/03 00:20:40.0494
00:20:40.0494 1132 SystemInfo:
00:20:40.0494 1132
00:20:40.0494 1132 OS Version: 6.0.6002 ServicePack: 2.0
00:20:40.0494 1132 Product type: Workstation
00:20:40.0494 1132 ComputerName: MARY-PC
00:20:40.0494 1132 UserName: Mary
00:20:40.0494 1132 Windows directory: C:\Windows
00:20:40.0494 1132 System windows directory: C:\Windows
00:20:40.0494 1132 Running under WOW64
00:20:40.0494 1132 Processor architecture: Intel x64
00:20:40.0494 1132 Number of processors: 4
00:20:40.0494 1132 Page size: 0x1000
00:20:40.0494 1132 Boot type: Normal boot
00:20:40.0494 1132 ============================================================
00:20:40.0868 1132 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:20:40.0884 1132 \Device\Harddisk0\DR0:
00:20:40.0884 1132 MBR used
00:20:40.0884 1132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x48E57000
00:20:40.0900 1132 Initialize success
00:20:40.0900 1132 ============================================================
00:20:48.0528 0496 ============================================================
00:20:48.0528 0496 Scan started
00:20:48.0528 0496 Mode: Manual;
00:20:48.0528 0496 ============================================================
00:20:48.0887 0496 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
00:20:48.0887 0496 ACPI - ok
00:20:48.0934 0496 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
00:20:48.0934 0496 adp94xx - ok
00:20:48.0980 0496 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
00:20:48.0996 0496 adpahci - ok
00:20:48.0996 0496 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
00:20:49.0012 0496 adpu160m - ok
00:20:49.0027 0496 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
00:20:49.0027 0496 adpu320 - ok
00:20:49.0105 0496 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
00:20:49.0105 0496 AFD - ok
00:20:49.0168 0496 AgereSoftModem (6051b172930f3b2723d04c555f7ec55a) C:\Windows\system32\DRIVERS\agrsm64.sys
00:20:49.0183 0496 AgereSoftModem - ok
00:20:49.0214 0496 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
00:20:49.0214 0496 agp440 - ok
00:20:49.0261 0496 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
00:20:49.0261 0496 aic78xx - ok
00:20:49.0308 0496 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
00:20:49.0308 0496 aliide - ok
00:20:49.0308 0496 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
00:20:49.0308 0496 amdide - ok
00:20:49.0324 0496 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
00:20:49.0339 0496 AmdK8 - ok
00:20:49.0370 0496 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
00:20:49.0386 0496 arc - ok
00:20:49.0417 0496 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
00:20:49.0417 0496 arcsas - ok
00:20:49.0495 0496 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
00:20:49.0495 0496 AsyncMac - ok
00:20:49.0526 0496 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
00:20:49.0526 0496 atapi - ok
00:20:49.0558 0496 Beep - ok
00:20:49.0589 0496 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
00:20:49.0589 0496 blbdrive - ok
00:20:49.0651 0496 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
00:20:49.0651 0496 bowser - ok
00:20:49.0682 0496 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
00:20:49.0682 0496 BrFiltLo - ok
00:20:49.0698 0496 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
00:20:49.0698 0496 BrFiltUp - ok
00:20:49.0714 0496 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
00:20:49.0729 0496 Brserid - ok
00:20:49.0745 0496 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
00:20:49.0745 0496 BrSerWdm - ok
00:20:49.0760 0496 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
00:20:49.0760 0496 BrUsbMdm - ok
00:20:49.0760 0496 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
00:20:49.0760 0496 BrUsbSer - ok
00:20:49.0792 0496 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
00:20:49.0792 0496 BTHMODEM - ok
00:20:49.0979 0496 catchme - ok
00:20:50.0041 0496 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
00:20:50.0041 0496 cdfs - ok
00:20:50.0119 0496 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
00:20:50.0119 0496 cdrom - ok
00:20:50.0197 0496 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
00:20:50.0197 0496 circlass - ok
00:20:50.0275 0496 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
00:20:50.0275 0496 CLFS - ok
00:20:50.0369 0496 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
00:20:50.0369 0496 cmdide - ok
00:20:50.0447 0496 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
00:20:50.0447 0496 Compbatt - ok
00:20:50.0525 0496 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
00:20:50.0525 0496 crcdisk - ok
00:20:50.0618 0496 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
00:20:50.0618 0496 DfsC - ok
00:20:50.0728 0496 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
00:20:50.0728 0496 disk - ok
00:20:50.0806 0496 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
00:20:50.0806 0496 drmkaud - ok
00:20:50.0915 0496 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
00:20:50.0915 0496 DXGKrnl - ok
00:20:50.0977 0496 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
00:20:50.0977 0496 E1G60 - ok
00:20:51.0055 0496 e1yexpress (bddc6f6c49633aa85a30a989418e30f4) C:\Windows\system32\DRIVERS\e1y60x64.sys
00:20:51.0055 0496 e1yexpress - ok
00:20:51.0149 0496 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
00:20:51.0149 0496 Ecache - ok
00:20:51.0227 0496 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
00:20:51.0242 0496 elxstor - ok
00:20:51.0320 0496 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
00:20:51.0320 0496 ErrDev - ok
00:20:51.0414 0496 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
00:20:51.0414 0496 exfat - ok
00:20:51.0508 0496 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
00:20:51.0508 0496 fastfat - ok
00:20:51.0586 0496 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
00:20:51.0586 0496 fdc - ok
00:20:51.0648 0496 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
00:20:51.0664 0496 FileInfo - ok
00:20:51.0726 0496 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
00:20:51.0726 0496 Filetrace - ok
00:20:51.0804 0496 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:20:51.0804 0496 flpydisk - ok
00:20:51.0882 0496 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
00:20:51.0882 0496 FltMgr - ok
00:20:51.0960 0496 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
00:20:51.0960 0496 Fs_Rec - ok
00:20:52.0022 0496 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
00:20:52.0022 0496 gagp30kx - ok
00:20:52.0116 0496 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:20:52.0116 0496 GEARAspiWDM - ok
00:20:52.0241 0496 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
00:20:52.0241 0496 HdAudAddService - ok
00:20:52.0350 0496 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:20:52.0366 0496 HDAudBus - ok
00:20:52.0459 0496 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
00:20:52.0459 0496 HidBth - ok
00:20:52.0506 0496 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
00:20:52.0506 0496 HidIr - ok
00:20:52.0600 0496 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
00:20:52.0600 0496 HidUsb - ok
00:20:52.0678 0496 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
00:20:52.0678 0496 HpCISSs - ok
00:20:52.0771 0496 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
00:20:52.0787 0496 HTTP - ok
00:20:52.0865 0496 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
00:20:52.0865 0496 i2omp - ok
00:20:52.0943 0496 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
00:20:52.0943 0496 i8042prt - ok
00:20:53.0036 0496 iaStor (756879fa65978df948437ce3fd1eaccd) C:\Windows\system32\DRIVERS\iaStor.sys
00:20:53.0052 0496 iaStor - ok
00:20:53.0114 0496 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
00:20:53.0130 0496 iaStorV - ok
00:20:53.0411 0496 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:20:53.0473 0496 igfx - ok
00:20:53.0536 0496 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
00:20:53.0536 0496 iirsp - ok
00:20:53.0614 0496 IntcAzAudAddService (fdfc40441fac0f3114a974168125279f) C:\Windows\system32\drivers\RTKVHD64.sys
00:20:53.0614 0496 IntcAzAudAddService - ok
00:20:53.0660 0496 IntcHdmiAddService (be1cb000c655396c9def09aee3ea2d67) C:\Windows\system32\drivers\IntcHdmi.sys
00:20:53.0660 0496 IntcHdmiAddService - ok
00:20:53.0692 0496 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
00:20:53.0692 0496 intelide - ok
00:20:53.0723 0496 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
00:20:53.0723 0496 intelppm - ok
00:20:53.0770 0496 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:20:53.0770 0496 IpFilterDriver - ok
00:20:53.0785 0496 IpInIp - ok
00:20:53.0816 0496 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
00:20:53.0816 0496 IPMIDRV - ok
00:20:53.0848 0496 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
00:20:53.0848 0496 IPNAT - ok
00:20:53.0863 0496 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
00:20:53.0863 0496 IRENUM - ok
00:20:53.0894 0496 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
00:20:53.0894 0496 isapnp - ok
00:20:53.0926 0496 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
00:20:53.0926 0496 iScsiPrt - ok
00:20:53.0957 0496 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
00:20:53.0957 0496 iteatapi - ok
00:20:53.0972 0496 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
00:20:53.0972 0496 iteraid - ok
00:20:54.0004 0496 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
00:20:54.0004 0496 kbdclass - ok
00:20:54.0035 0496 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
00:20:54.0035 0496 kbdhid - ok
00:20:54.0082 0496 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
00:20:54.0082 0496 KSecDD - ok
00:20:54.0113 0496 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
00:20:54.0113 0496 ksthunk - ok
00:20:54.0160 0496 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
00:20:54.0160 0496 lltdio - ok
00:20:54.0191 0496 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
00:20:54.0191 0496 LSI_FC - ok
00:20:54.0206 0496 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
00:20:54.0206 0496 LSI_SAS - ok
00:20:54.0238 0496 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
00:20:54.0238 0496 LSI_SCSI - ok
00:20:54.0253 0496 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
00:20:54.0253 0496 luafv - ok
00:20:54.0300 0496 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
00:20:54.0300 0496 megasas - ok
00:20:54.0347 0496 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
00:20:54.0362 0496 MegaSR - ok
00:20:54.0394 0496 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
00:20:54.0394 0496 Modem - ok
00:20:54.0409 0496 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
00:20:54.0409 0496 monitor - ok
00:20:54.0409 0496 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
00:20:54.0409 0496 mouclass - ok
00:20:54.0425 0496 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
00:20:54.0425 0496 mouhid - ok
00:20:54.0440 0496 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
00:20:54.0440 0496 MountMgr - ok
00:20:54.0456 0496 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
00:20:54.0456 0496 mpio - ok
00:20:54.0472 0496 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
00:20:54.0487 0496 mpsdrv - ok
00:20:54.0534 0496 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
00:20:54.0534 0496 Mraid35x - ok
00:20:54.0581 0496 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
00:20:54.0581 0496 MRxDAV - ok
00:20:54.0596 0496 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:20:54.0596 0496 mrxsmb - ok
00:20:54.0643 0496 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:20:54.0643 0496 mrxsmb10 - ok
00:20:54.0690 0496 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:20:54.0690 0496 mrxsmb20 - ok
00:20:54.0721 0496 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
00:20:54.0721 0496 msahci - ok
00:20:54.0737 0496 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
00:20:54.0737 0496 msdsm - ok
00:20:54.0784 0496 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
00:20:54.0784 0496 Msfs - ok
00:20:54.0815 0496 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
00:20:54.0815 0496 msisadrv - ok
00:20:54.0846 0496 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
00:20:54.0846 0496 MSKSSRV - ok
00:20:54.0877 0496 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
00:20:54.0877 0496 MSPCLOCK - ok
00:20:54.0893 0496 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
00:20:54.0893 0496 MSPQM - ok
00:20:54.0924 0496 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
00:20:54.0924 0496 MsRPC - ok
00:20:54.0940 0496 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
00:20:54.0940 0496 mssmbios - ok
00:20:54.0971 0496 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
00:20:54.0971 0496 MSTEE - ok
00:20:54.0986 0496 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
00:20:54.0986 0496 Mup - ok
00:20:55.0033 0496 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
00:20:55.0033 0496 NativeWifiP - ok
00:20:55.0064 0496 NAVENG - ok
00:20:55.0064 0496 NAVEX15 - ok
00:20:55.0127 0496 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
00:20:55.0142 0496 NDIS - ok
00:20:55.0174 0496 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
00:20:55.0174 0496 NdisTapi - ok
00:20:55.0205 0496 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
00:20:55.0205 0496 Ndisuio - ok
00:20:55.0236 0496 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
00:20:55.0236 0496 NdisWan - ok
00:20:55.0252 0496 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
00:20:55.0252 0496 NDProxy - ok
00:20:55.0267 0496 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
00:20:55.0267 0496 NetBIOS - ok
00:20:55.0298 0496 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
00:20:55.0314 0496 netbt - ok
00:20:55.0361 0496 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
00:20:55.0361 0496 nfrd960 - ok
00:20:55.0376 0496 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
00:20:55.0376 0496 Npfs - ok
00:20:55.0392 0496 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
00:20:55.0392 0496 nsiproxy - ok
00:20:55.0470 0496 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
00:20:55.0486 0496 Ntfs - ok
00:20:55.0532 0496 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
00:20:55.0532 0496 Null - ok
00:20:55.0548 0496 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
00:20:55.0548 0496 nvraid - ok
00:20:55.0595 0496 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
00:20:55.0595 0496 nvstor - ok
00:20:55.0626 0496 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
00:20:55.0626 0496 nv_agp - ok
00:20:55.0626 0496 NwlnkFlt - ok
00:20:55.0642 0496 NwlnkFwd - ok
00:20:55.0688 0496 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
00:20:55.0688 0496 ohci1394 - ok
00:20:55.0735 0496 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
00:20:55.0735 0496 Parport - ok
00:20:55.0766 0496 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
00:20:55.0766 0496 partmgr - ok
00:20:55.0813 0496 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
00:20:55.0813 0496 pci - ok
00:20:55.0844 0496 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
00:20:55.0844 0496 pciide - ok
00:20:55.0860 0496 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
00:20:55.0860 0496 pcmcia - ok
00:20:55.0907 0496 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
00:20:55.0922 0496 PEAUTH - ok
00:20:56.0032 0496 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
00:20:56.0032 0496 PptpMiniport - ok
00:20:56.0063 0496 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
00:20:56.0063 0496 Processor - ok
00:20:56.0094 0496 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
00:20:56.0094 0496 PSched - ok
00:20:56.0141 0496 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
00:20:56.0172 0496 ql2300 - ok
00:20:56.0188 0496 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
00:20:56.0188 0496 ql40xx - ok
00:20:56.0203 0496 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
00:20:56.0203 0496 QWAVEdrv - ok
00:20:56.0234 0496 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
00:20:56.0234 0496 RasAcd - ok
00:20:56.0234 0496 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:20:56.0250 0496 Rasl2tp - ok
00:20:56.0281 0496 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
00:20:56.0281 0496 RasPppoe - ok
00:20:56.0312 0496 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
00:20:56.0312 0496 RasSstp - ok
00:20:56.0359 0496 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
00:20:56.0375 0496 rdbss - ok
00:20:56.0375 0496 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:20:56.0375 0496 RDPCDD - ok
00:20:56.0406 0496 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
00:20:56.0422 0496 rdpdr - ok
00:20:56.0422 0496 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
00:20:56.0422 0496 RDPENCDD - ok
00:20:56.0453 0496 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
00:20:56.0453 0496 RDPWD - ok
00:20:56.0484 0496 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
00:20:56.0484 0496 rspndr - ok
00:20:56.0515 0496 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
00:20:56.0515 0496 sbp2port - ok
00:20:56.0546 0496 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:20:56.0546 0496 secdrv - ok
00:20:56.0578 0496 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
00:20:56.0578 0496 Serenum - ok
00:20:56.0593 0496 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
00:20:56.0593 0496 Serial - ok
00:20:56.0609 0496 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
00:20:56.0609 0496 sermouse - ok
00:20:56.0687 0496 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
00:20:56.0687 0496 sffdisk - ok
00:20:56.0702 0496 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
00:20:56.0702 0496 sffp_mmc - ok
00:20:56.0718 0496 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
00:20:56.0718 0496 sffp_sd - ok
00:20:56.0718 0496 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
00:20:56.0734 0496 sfloppy - ok
00:20:56.0780 0496 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
00:20:56.0780 0496 SiSRaid2 - ok
00:20:56.0796 0496 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
00:20:56.0796 0496 SiSRaid4 - ok
00:20:56.0874 0496 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
00:20:56.0874 0496 Smb - ok
00:20:56.0921 0496 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
00:20:56.0921 0496 spldr - ok
00:20:56.0936 0496 SRTSP - ok
00:20:56.0936 0496 SRTSPX - ok
00:20:56.0983 0496 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
00:20:56.0999 0496 srv - ok
00:20:57.0046 0496 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
00:20:57.0046 0496 srv2 - ok
00:20:57.0092 0496 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
00:20:57.0092 0496 srvnet - ok
00:20:57.0108 0496 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
00:20:57.0108 0496 swenum - ok
00:20:57.0139 0496 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
00:20:57.0139 0496 Symc8xx - ok
00:20:57.0186 0496 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
00:20:57.0186 0496 Sym_hi - ok
00:20:57.0202 0496 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
00:20:57.0202 0496 Sym_u3 - ok
00:20:57.0264 0496 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
00:20:57.0295 0496 Tcpip - ok
00:20:57.0326 0496 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
00:20:57.0342 0496 Tcpip6 - ok
00:20:57.0373 0496 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
00:20:57.0373 0496 tcpipreg - ok
00:20:57.0389 0496 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
00:20:57.0389 0496 TDPIPE - ok
00:20:57.0404 0496 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
00:20:57.0404 0496 TDTCP - ok
00:20:57.0451 0496 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
00:20:57.0451 0496 tdx - ok
00:20:57.0482 0496 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
00:20:57.0482 0496 TermDD - ok
00:20:57.0514 0496 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:20:57.0514 0496 tssecsrv - ok
00:20:57.0529 0496 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
00:20:57.0529 0496 tunmp - ok
00:20:57.0576 0496 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
00:20:57.0576 0496 tunnel - ok
00:20:57.0592 0496 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
00:20:57.0592 0496 uagp35 - ok
00:20:57.0638 0496 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
00:20:57.0638 0496 udfs - ok
00:20:57.0670 0496 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
00:20:57.0685 0496 uliagpkx - ok
00:20:57.0701 0496 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
00:20:57.0701 0496 uliahci - ok
00:20:57.0716 0496 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
00:20:57.0716 0496 UlSata - ok
00:20:57.0748 0496 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
00:20:57.0748 0496 ulsata2 - ok
00:20:57.0779 0496 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
00:20:57.0779 0496 umbus - ok
00:20:57.0826 0496 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
00:20:57.0826 0496 USBAAPL64 - ok
00:20:57.0841 0496 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
00:20:57.0841 0496 usbccgp - ok
00:20:57.0872 0496 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
00:20:57.0872 0496 usbcir - ok
00:20:57.0904 0496 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
00:20:57.0904 0496 usbehci - ok
00:20:57.0935 0496 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
00:20:57.0950 0496 usbhub - ok
00:20:57.0982 0496 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
00:20:57.0982 0496 usbohci - ok
00:20:58.0013 0496 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
00:20:58.0013 0496 usbprint - ok
00:20:58.0060 0496 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
00:20:58.0060 0496 usbscan - ok
00:20:58.0075 0496 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:20:58.0075 0496 USBSTOR - ok
00:20:58.0075 0496 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
00:20:58.0091 0496 usbuhci - ok
00:20:58.0122 0496 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
00:20:58.0122 0496 vga - ok
00:20:58.0138 0496 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
00:20:58.0138 0496 VgaSave - ok
00:20:58.0169 0496 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
00:20:58.0169 0496 viaide - ok
00:20:58.0200 0496 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
00:20:58.0200 0496 volmgr - ok
00:20:58.0247 0496 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
00:20:58.0247 0496 volmgrx - ok
00:20:58.0294 0496 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
00:20:58.0294 0496 volsnap - ok
00:20:58.0309 0496 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
00:20:58.0309 0496 vsmraid - ok
00:20:58.0372 0496 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
00:20:58.0372 0496 WacomPen - ok
00:20:58.0418 0496 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
00:20:58.0418 0496 Wanarp - ok
00:20:58.0418 0496 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
00:20:58.0418 0496 Wanarpv6 - ok
00:20:58.0450 0496 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
00:20:58.0450 0496 Wd - ok
00:20:58.0481 0496 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
00:20:58.0512 0496 Wdf01000 - ok
00:20:58.0559 0496 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:20:58.0559 0496 WmiAcpi - ok
00:20:58.0621 0496 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
00:20:58.0621 0496 WpdUsb - ok
00:20:58.0652 0496 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
00:20:58.0652 0496 ws2ifsl - ok
00:20:58.0684 0496 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:20:58.0684 0496 WUDFRd - ok
00:20:58.0699 0496 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
00:20:58.0746 0496 \Device\Harddisk0\DR0 - ok
00:20:58.0746 0496 Boot (0x1200) (60c30e084cab312994002afd190dbfc8) \Device\Harddisk0\DR0\Partition0
00:20:58.0746 0496 \Device\Harddisk0\DR0\Partition0 - ok
00:20:58.0746 0496 ============================================================
00:20:58.0746 0496 Scan finished
00:20:58.0746 0496 ============================================================
00:20:58.0762 1008 Detected object count: 0
00:20:58.0762 1008 Actual detected object count: 0

 

[Broni]

Delete your Combofix file, download fresh one and run it from safe mode.

 

[Andrew1234]

Combo fix closed out and didn't produce log. I agreed to terms and went to the screen where it loads but closed out there.

 

[Broni]

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Andrew1234]

OTL.txt

OTL logfile created on: 2/3/2012 4:45:43 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mary\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.78 Gb Available Physical Memory | 70.11% Memory free
8.14 Gb Paging File | 6.83 Gb Available in Paging File | 83.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.17 Gb Total Space | 409.74 Gb Free Space | 70.26% Space Free | Partition Type: NTFS

Computer Name: MARY-PC | User Name: Mary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/28 16:18:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
PRC - [2012/01/26 03:23:45 | 000,909,152 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
PRC - [2011/12/23 05:57:30 | 003,334,432 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Mary\AppData\Local\Akamai\netsession_win.exe
PRC - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2009/02/26 15:11:34 | 000,045,056 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
PRC - [2008/09/12 16:01:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/09/12 16:01:24 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/07/18 21:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
PRC - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
PRC - [2008/04/23 19:05:16 | 000,339,968 | ---- | M] (Creative) -- C:\Windows\CNYHKey.exe
PRC - [2008/02/01 13:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
PRC - [2007/01/08 16:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 05:42:50 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/12 05:36:51 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/12 05:36:39 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/12 05:36:32 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/12 05:35:46 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/12 05:35:37 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/02/26 15:11:32 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll
MOD - [2009/02/26 15:11:32 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll
MOD - [2008/08/27 18:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMediaLibrary.dll
MOD - [2008/06/09 11:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvcPS.dll
MOD - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/08/26 01:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/26 03:23:45 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/12 16:01:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/20 20:53:32 | 000,306,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2008/10/29 02:55:52 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/09/21 16:49:58 | 000,126,464 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2008/09/12 15:48:26 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2407127360-2681154229-4036151088-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2407127360-2681154229-4036151088-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2407127360-2681154229-4036151088-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2407127360-2681154229-4036151088-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2407127360-2681154229-4036151088-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2407127360-2681154229-4036151088-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2786678&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1416
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.18.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: avg@igeared:5.008.027.003
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/01/26 03:24:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/27 20:00:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/27 20:00:47 | 000,000,000 | ---D | M]

[2009/11/27 00:38:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\Mozilla\Extensions
[2012/02/01 19:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions
[2009/11/27 00:41:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/19 09:10:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/30 06:11:46 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/03/30 06:11:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions\engine@conduit.com
[2011/03/30 06:11:46 | 000,000,863 | ---- | M] () -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\searchplugins\conduit.xml
[2012/01/31 00:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/19 09:07:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/07/03 19:18:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/31 00:02:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2012/01/26 03:24:40 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.0.0.7
[2010/05/30 14:20:11 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol308.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/26 03:23:30 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

O1 HOSTS File: ([2012/01/27 22:40:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-2407127360-2681154229-4036151088-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2407127360-2681154229-4036151088-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()
O4 - HKLM..\Run: [LedKey] C:\Windows\CNYHKey.exe (Creative)
O4 - HKU\S-1-5-21-2407127360-2681154229-4036151088-1000..\Run: [Akamai NetSession Interface] C:\Users\Mary\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-2407127360-2681154229-4036151088-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2407127360-2681154229-4036151088-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2407127360-2681154229-4036151088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69C8657C-8380-49AC-9968-AEACC2850F5D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/03 00:38:08 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/03 00:37:51 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/02/03 00:32:26 | 004,395,020 | R--- | C] (Swearware) -- C:\Users\Mary\Desktop\ComboFix.exe
[2012/02/03 00:20:12 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mary\Desktop\tdsskiller.exe
[2012/02/02 00:07:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/02/01 22:20:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/01/31 23:36:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/31 00:23:00 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\TFC.exe
[2012/01/31 00:05:34 | 000,000,000 | ---D | C] -- C:\Users\Mary\Desktop\JavaRa
[2012/01/29 16:13:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/28 16:18:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
[2012/01/28 16:17:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe.lr6tyx5.partial
[2012/01/28 15:39:59 | 175,746,544 | ---- | C] (AVG Technologies) -- C:\Users\Mary\Desktop\avg_ipw_x64_all_2011_1120a3152.exe
[2012/01/28 15:31:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/27 22:46:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/27 19:07:37 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Mary\Desktop\AppRemover.exe
[2012/01/27 17:06:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/27 17:06:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/27 17:06:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/27 17:06:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/27 17:03:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/27 15:45:12 | 000,000,000 | ---D | C] -- C:\Users\Mary\Desktop\bootkit_remover
[2012/01/27 15:11:28 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Mary\Desktop\aswMBR.exe
[2012/01/26 15:57:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mary\Desktop\dds.scr
[2012/01/25 20:07:14 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Malwarebytes
[2012/01/25 20:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/25 20:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/25 20:06:50 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/25 20:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/25 19:39:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
[1 C:\Users\Mary\AppData\Local\*.tmp files -> C:\Users\Mary\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/03 16:44:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/03 16:31:45 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/03 16:31:45 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/03 16:31:45 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/03 16:25:41 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/03 16:25:32 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/03 16:25:32 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/03 16:25:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/03 00:32:26 | 004,395,020 | R--- | M] (Swearware) -- C:\Users\Mary\Desktop\ComboFix.exe
[2012/02/03 00:20:12 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mary\Desktop\tdsskiller.exe
[2012/02/02 00:23:53 | 000,800,211 | ---- | M] () -- C:\Users\Mary\Desktop\ListParts64.exe
[2012/02/02 00:23:27 | 000,303,059 | ---- | M] () -- C:\Users\Mary\Desktop\ListParts.exe
[2012/02/02 00:07:36 | 431,684,341 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/01 23:12:07 | 000,000,680 | ---- | M] () -- C:\Users\Mary\AppData\Local\d3d9caps.dat
[2012/01/31 00:23:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\TFC.exe
[2012/01/31 00:18:15 | 000,334,429 | ---- | M] () -- C:\Users\Mary\Desktop\FSS.exe
[2012/01/31 00:12:51 | 000,869,194 | ---- | M] () -- C:\Users\Mary\Desktop\SecurityCheck.exe
[2012/01/31 00:04:50 | 000,160,350 | ---- | M] () -- C:\Users\Mary\Desktop\JavaRa.zip
[2012/01/29 21:21:15 | 000,000,000 | ---- | M] () -- C:\Users\Mary\AppData\Local\prvlcl.dat
[2012/01/28 19:33:05 | 000,684,297 | ---- | M] () -- C:\Users\Mary\Desktop\unhide.exe
[2012/01/28 19:32:51 | 000,684,297 | ---- | M] () -- C:\Users\Mary\Desktop\unhide.exe.eaajcmq.partial
[2012/01/28 16:18:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
[2012/01/28 16:17:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe.lr6tyx5.partial
[2012/01/27 22:40:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/27 19:07:37 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Mary\Desktop\AppRemover.exe
[2012/01/27 15:44:06 | 000,044,607 | ---- | M] () -- C:\Users\Mary\Desktop\bootkit_remover.zip
[2012/01/27 15:41:46 | 000,000,512 | ---- | M] () -- C:\Users\Mary\Desktop\MBR.dat
[2012/01/27 15:11:34 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Mary\Desktop\aswMBR.exe
[2012/01/26 15:57:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mary\Desktop\dds.scr
[2012/01/25 20:09:01 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/22 20:44:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/01/18 13:00:18 | 000,024,064 | ---- | M] () -- C:\Users\Mary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/17 16:53:22 | 000,000,104 | ---- | M] () -- C:\Users\Mary\Desktop\Internet - Shortcut.lnk
[1 C:\Users\Mary\AppData\Local\*.tmp files -> C:\Users\Mary\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/02 00:23:53 | 000,800,211 | ---- | C] () -- C:\Users\Mary\Desktop\ListParts64.exe
[2012/02/02 00:23:27 | 000,303,059 | ---- | C] () -- C:\Users\Mary\Desktop\ListParts.exe
[2012/02/02 00:07:36 | 431,684,341 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/01 23:11:49 | 000,000,680 | ---- | C] () -- C:\Users\Mary\AppData\Local\d3d9caps.dat
[2012/01/31 00:18:15 | 000,334,429 | ---- | C] () -- C:\Users\Mary\Desktop\FSS.exe
[2012/01/31 00:12:51 | 000,869,194 | ---- | C] () -- C:\Users\Mary\Desktop\SecurityCheck.exe
[2012/01/31 00:04:49 | 000,160,350 | ---- | C] () -- C:\Users\Mary\Desktop\JavaRa.zip
[2012/01/28 19:33:05 | 000,684,297 | ---- | C] () -- C:\Users\Mary\Desktop\unhide.exe
[2012/01/28 19:32:51 | 000,684,297 | ---- | C] () -- C:\Users\Mary\Desktop\unhide.exe.eaajcmq.partial
[2012/01/27 17:06:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/27 17:06:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/27 17:06:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/27 17:06:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/27 17:06:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/27 15:44:06 | 000,044,607 | ---- | C] () -- C:\Users\Mary\Desktop\bootkit_remover.zip
[2012/01/27 15:41:46 | 000,000,512 | ---- | C] () -- C:\Users\Mary\Desktop\MBR.dat
[2012/01/25 20:09:01 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/22 20:44:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/01/17 16:53:22 | 000,000,104 | ---- | C] () -- C:\Users\Mary\Desktop\Internet - Shortcut.lnk
[2011/05/07 09:17:44 | 000,000,000 | ---- | C] () -- C:\Users\Mary\AppData\Local\prvlcl.dat
[2011/03/27 20:22:25 | 000,000,556 | ---- | C] () -- C:\Users\Mary\AppData\Roaming\wklnhst.dat
[2010/12/26 14:21:30 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/12/26 14:21:30 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/03/06 10:09:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/03 10:33:16 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 10:32:57 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 10:32:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/27 00:38:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/10/05 08:01:35 | 000,024,064 | ---- | C] () -- C:\Users\Mary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/05 22:16:08 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/04/02 03:22:25 | 000,581,120 | ---- | C] () -- C:\Windows\mHotkey.exe
[2009/04/02 03:22:25 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2009/04/02 03:22:25 | 000,036,864 | ---- | C] () -- C:\Windows\LchDrvKey.exe
[2009/04/02 03:22:25 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2009/04/02 02:26:19 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/04/02 02:02:11 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2010/04/27 22:03:38 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Amazon
[2010/12/23 09:59:52 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\AVG
[2009/11/20 11:24:10 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\AVG9
[2010/03/06 10:18:39 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Canon
[2010/03/12 17:43:05 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/23 13:44:39 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Flip Video
[2011/03/27 20:22:26 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Template
[2012/01/07 16:54:23 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\uTorrent
[2009/09/05 21:48:36 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\WildTangent
[2012/02/03 16:25:30 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/04/02 02:28:02 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/01/27 22:46:28 | 000,015,976 | ---- | M] () -- C:\ComboFix.txt
[2012/01/31 00:07:26 | 000,044,806 | ---- | M] () -- C:\JavaRa.log
[2012/02/03 16:25:21 | 277,094,399 | -HS- | M] () -- C:\pagefile.sys
[2006/10/10 20:42:08 | 000,001,946 | ---- | M] () -- C:\RHDSetup.log
[2012/01/25 20:00:00 | 000,000,370 | ---- | M] () -- C:\rkill.log
[2012/02/03 00:30:17 | 000,065,682 | ---- | M] () -- C:\TDSSKiller.2.7.9.0_03.02.2012_00.20.40_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/03/06 08:58:22 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008/12/05 00:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/04/04 18:07:56 | 000,001,666 | ---- | M] () -- C:\Users\Mary\AppData\Roaming\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/01/27 19:07:37 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Mary\Desktop\AppRemover.exe
[2012/01/27 15:11:34 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Mary\Desktop\aswMBR.exe
[2012/01/31 23:06:21 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Mary\Desktop\ATF-Cleaner.exe
[2010/09/22 05:05:28 | 175,746,544 | ---- | M] (AVG Technologies) -- C:\Users\Mary\Desktop\avg_ipw_x64_all_2011_1120a3152.exe
[2012/02/03 00:32:26 | 004,395,020 | R--- | M] (Swearware) -- C:\Users\Mary\Desktop\ComboFix.exe
[2009/11/27 00:35:04 | 008,084,968 | ---- | M] (Mozilla) -- C:\Users\Mary\Desktop\Firefox Setup 3.5.5.exe
[2012/01/31 00:18:15 | 000,334,429 | ---- | M] () -- C:\Users\Mary\Desktop\FSS.exe
[2012/02/01 22:19:58 | 008,197,280 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Mary\Desktop\install_flash_player_11_active_x_64bit.exe
[2012/01/30 23:40:14 | 000,910,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Mary\Desktop\jre-6u30-windows-i586-iftw.exe
[2012/02/02 00:23:27 | 000,303,059 | ---- | M] () -- C:\Users\Mary\Desktop\ListParts.exe
[2012/02/02 00:23:53 | 000,800,211 | ---- | M] () -- C:\Users\Mary\Desktop\ListParts64.exe
[2012/01/28 16:18:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
[2012/01/31 00:12:51 | 000,869,194 | ---- | M] () -- C:\Users\Mary\Desktop\SecurityCheck.exe
[2012/02/03 00:20:12 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mary\Desktop\tdsskiller.exe
[2012/01/31 00:23:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\TFC.exe
[2012/01/28 19:33:05 | 000,684,297 | ---- | M] () -- C:\Users\Mary\Desktop\unhide.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/09/05 18:58:27 | 000,000,402 | -HS- | M] () -- C:\Users\Mary\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >

 

[Andrew1234]

It did not produce an Extras.txt

 

[Broni]

Nothing suspicious there.

Go Start>Run (Start Search in Vista), type in:
msconfig
Click OK (hit Enter in Vista).

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Same problem?

 

[Andrew1234]

Yes they're still there.

 

[Broni]

Go back to "msconfig" and reverse all changes you just made.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  PRC - [2012/01/26 03:23:45 | 000,909,152 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
  SRV - [2012/01/26 03:23:45 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
  IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
  IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
  IE - HKU\S-1-5-21-2407127360-2681154229-4036151088-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421
  FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.18.1
  FF - prefs.js..extensions.enabledItems: avg@igeared:5.008.027.003
  FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/01/26 03:24:40 | 000,000,000 | ---D | M]
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
  File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
  File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
  [2012/01/26 03:24:40 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.0.0.7
  [2012/01/26 03:23:30 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
  O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
  O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
  O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
  O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
  [2012/01/28 15:39:59 | 175,746,544 | ---- | C] (AVG Technologies) -- C:\Users\Mary\Desktop\avg_ipw_x64_all_2011_1120a3152.exe
  [2010/12/23 09:59:52 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\AVG
  [2009/11/20 11:24:10 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\AVG9
  
  
  :Services
  
  :Reg
  
  :Files
  C:\Program Files (x86)\Common Files\AVG Secure Search
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

 

[Andrew1234]

You want to me to manually reboot when I think it's done right, instead waiting for the program to reboot the computer?

 

[Broni]

The program will reboot when done.

 

[Andrew1234]

K, I'll wait but I've always had problems with OTL. It never reboots the computer.

 

[Andrew1234]

OTL has been running for at least 2 and a half hours now and still no restart.