TechSpot

Using Firefox's built in search engine redirects to http://search.fast-find.net/

By Mor715
Oct 17, 2010
  1. Hello...

    I have been having issues with a possible malware that will redirect any Google searches that use Firefox's search engine toolbar.

    The page it will redirect to is http://search.fast-find.net/

    I will also get random pop-ups for fb-survey and other random ads

    I have tried running Hijackthis, Malwarebytes, and MSE to no avail.

    Any help would be appreciated!

    [HJT log removed - Broni]
     
  2. Mor715

    Mor715 TS Rookie Topic Starter

    DDS logs


    DDS (Ver_10-10-10.03) - NTFS_AMD64
    Run by Casey Carlson at 20:22:14.76 on Sun 10/17/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6135.4393 [GMT -6:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files\Alienware\Command Center\AlienFusionService.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
    C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Alienware\Command Center\AlienFusionController.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    C:\Program Files\Alienware\Command Center\ThermalController.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Alienware\Command Center\RemotingServiceController.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Alienware\Command Center\DoorController.exe
    C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\vds.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Casey Carlson\Downloads\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.alienware.com/
    uDefault_Page_URL = hxxp://www.alienware.com/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [AdobeBridge]
    mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
    mRun: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
    mRun: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
    mRunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    mRun-x64: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
    mRun-x64: [Thermal Controller] "C:\Program Files\Alienware\Command Center\ThermalController.exe" /auto
    mRun-x64: [(Default)]
    mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
    mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\CASEYC~1\AppData\Roaming\Mozilla\Firefox\Profiles\ctdi0y8p.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.bungie.net/Stats/Reach/Default.aspx?player=mort1s&sg=0
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    ============= SERVICES / DRIVERS ===============

    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2009/11/10 03:53:10];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-4-15 146928]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-10 92160]
    R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2009-9-25 14648]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-24 202752]
    R2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys [2009-7-9 27096]
    R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-12 86016]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-10 656624]
    R2 XTUService;Intel(R) Extreme Tuning Utility;C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2009-7-27 30944]
    R3 AWOPFilterDriver;AWOPFilterDriver;C:\Windows\System32\drivers\AWOPFilterDriver.sys [2009-11-10 19464]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-11-10 317480]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-3-24 1030600]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-23 1255736]

    =============== Created Last 30 ================

    2073-10-27 17:55:34 2404352 ----a-w- C:\Program Files (x86)\Microsoft Games\Halo Custom Edition\haloce.exe
    2073-10-27 17:55:34 1835008 ----a-w- C:\Program Files (x86)\Microsoft Games\Halo Custom Edition\haloceded.exe
    2073-10-27 17:55:34 1118208 ----a-w- C:\Program Files (x86)\Microsoft Games\Halo Custom Edition\Strings.dll
    2010-10-18 00:13:24 34560 ----a-w- C:\Windows\SysWow64\drivers\Normandy.sys
    2010-10-17 21:22:23 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
    2010-10-17 21:21:49 -------- d-----w- C:\PROGRA~3\Hitman Pro
    2010-10-17 20:25:30 -------- d-----w- C:\Users\CASEYC~1\AppData\Roaming\Malwarebytes
    2010-10-17 20:25:23 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-10-17 20:25:23 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-10-17 18:12:07 7935824 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{963212D2-9DB5-463B-9D5A-76D298A53B9D}\mpengine.dll
    2010-10-17 18:11:57 270208 ------w- C:\Windows\System32\MpSigStub.exe
    2010-10-17 18:03:56 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
    2010-10-17 18:03:54 -------- d-----w- C:\Program Files\Microsoft Security Essentials
    2010-10-17 16:34:19 -------- d-----w- C:\PROGRA~3\Update
    2010-10-17 16:34:15 -------- d-----w- C:\Users\CASEYC~1\AppData\Roaming\Pesob
    2010-10-03 01:51:40 -------- d-----w- C:\Users\CASEYC~1\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2010-10-03 01:51:40 -------- d-----w- C:\Users\CASEYC~1\AppData\Roaming\Adobe Mini Bridge CS5
    2010-10-03 01:37:18 -------- d-----w- C:\PROGRA~3\regid.1986-12.com.adobe
    2010-09-29 00:20:57 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2010-09-29 00:20:40 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-09-29 00:20:40 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-09-29 00:20:34 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
    2010-09-29 00:20:34 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
    2010-09-23 00:10:52 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

    ==================== Find3M ====================

    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
    2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
    2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
    2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
    2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
    2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
    2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
    2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
    2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
    2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

    ============= FINISH: 20:22:24.17 ===============


    Attach


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-10.03)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/16/2009 7:45:27 PM
    System Uptime: 10/17/2010 7:47:36 PM (1 hours ago)

    Motherboard: Alienware | | 0H869M
    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 457 GiB total, 387.842 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP111: 10/12/2010 4:59:04 PM - Windows Update
    RP112: 10/16/2010 4:13:14 PM - Restore Operation
    RP113: 10/17/2010 11:44:38 AM - Windows Update
    RP114: 10/17/2010 12:11:40 PM - Windows Update

    ==== Installed Programs ======================

    µTorrent
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop CS5
    Adobe Reader 9.4.0
    Advertising Center
    AGEIA PhysX v7.09.13
    AMD DnD V1.0.19
    Autodesk Backburner 2008.1
    Banctec Service Agreement
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center HydraVision Full
    Catalyst Control Center InstallProxy
    ccc-core-static
    CCC Help English
    Command Center
    Crazybump (remove only)
    CyberLink PowerDVD 8
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    DiRT2
    GIMP 2.6.7
    Halo 2 for Windows Vista
    Halo Editing Kit
    Handbrake 0.9.4
    ImagXpress
    Intel Extreme Tuning Utility
    Java Auto Updater
    Java(TM) 6 Update 21
    Microsoft Choice Guard
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Halo Custom Edition
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft WSE 3.0 Runtime
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox (3.6.10)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 9 Essentials
    Nero BurnRights
    Nero BurnRights Help
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero DiscSpeed
    Nero DiscSpeed Help
    Nero DriveSpeed
    Nero DriveSpeed Help
    Nero Express Help
    Nero InfoTool
    Nero InfoTool Help
    Nero Installer
    Nero Online Upgrade
    Nero Rescue Agent
    Nero StartSmart
    Nero StartSmart Help
    NeroExpress
    neroxml
    OpenAL
    PDF Settings CS5
    Rapture3D 2.3.22 Game
    Realtek High Definition Audio Driver
    RESIDENT EVIL 5
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    The Sims™ 3
    The Sims™ 3 World Adventures
    VLC media player 1.0.3
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Xbox ADPCM Audio Codec 32-bit (Remove Only)

    ==== Event Viewer Messages From Past Week ========

    10/17/2010 7:46:31 PM, Error: Service Control Manager [7034] - The mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit service terminated unexpectedly. It has done this 1 time(s).
    10/17/2010 6:15:11 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    10/17/2010 3:37:13 PM, Error: Service Control Manager [7024] - The Hitman Pro 3.5 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
    10/17/2010 11:56:30 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Alienware Fusion Service service to connect.
    10/17/2010 11:56:30 AM, Error: Service Control Manager [7000] - The Alienware Fusion Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/17/2010 10:43:04 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    10/17/2010 10:43:01 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    10/17/2010 10:41:21 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
    10/17/2010 10:34:10 AM, Error: Service Control Manager [7023] - The MicroSoft Production Manager service terminated with the following error: Access is denied.
    10/16/2010 4:05:19 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 4:05:19 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/16/2010 4:05:19 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/16/2010 4:05:19 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/16/2010 4:05:19 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/16/2010 4:05:19 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/16/2010 4:05:19 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/16/2010 4:05:19 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/16/2010 4:05:19 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/16/2010 4:05:19 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/16/2010 4:05:19 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/16/2010 4:05:19 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/16/2010 4:05:19 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/16/2010 4:05:19 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/16/2010 4:05:19 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/16/2010 4:05:19 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/10/2010 6:19:34 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.

    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  4. Mor715

    Mor715 TS Rookie Topic Starter

    So, I have followed every step but GMER

    here is the Malwarebytes log to go with the dds logs above

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4875

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    10/18/2010 5:24:31 PM
    mbam-log-2010-10-18 (17-24-31).txt

    Scan type: Quick scan
    Objects scanned: 138194
    Time elapsed: 3 minute(s), 27 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/


    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    • Close SUPERAntiSpyware.
    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    • Open SUPERAntiSpyware.
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Copy and paste the Scan Log results in your next reply with a new HijackThis log.
    • Click Close to exit the program.

    Post SUPERAntiSpyware log.

    ========================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  6. Mor715

    Mor715 TS Rookie Topic Starter

    SUPERAnti Spyware log

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/18/2010 at 06:27 PM

    Application Version : 4.44.1000

    Core Rules Database Version : 5707
    Trace Rules Database Version: 3519

    Scan type : Complete Scan
    Total Scan Time : 00:38:54

    Memory items scanned : 339
    Memory threats detected : 0
    Registry items scanned : 12322
    Registry threats detected : 0
    File items scanned : 141470
    File threats detected : 0

    New HijackThis

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:35:49 PM, on 10/18/2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16671)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Alienware\Command Center\AlienFusionController.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Casey Carlson\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
    O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit (mi-raysat_3dsmax2010_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Intel(R) Extreme Tuning Utility (XTUService) - Intel Corporation - C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe

    --
    End of file - 8325 bytes


    MBRCheck

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Alienware
    BIOS Manufacturer: Alienware
    System Manufacturer: Alienware
    System Product Name: Aurora
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 90):
    0x01E51000 \SystemRoot\system32\ntoskrnl.exe
    0x01E08000 \SystemRoot\system32\hal.dll
    0x00BB6000 \SystemRoot\system32\kdcom.dll
    0x00C67000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00CAB000 \SystemRoot\system32\PSHED.dll
    0x00CBF000 \SystemRoot\system32\CLFS.SYS
    0x00D1D000 \SystemRoot\system32\CI.dll
    0x00E76000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F1A000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F29000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00F80000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00F89000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00F93000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00FC6000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00FD3000 \SystemRoot\System32\drivers\partmgr.sys
    0x00FE8000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00E5C000 \SystemRoot\System32\drivers\mountmgr.sys
    0x01063000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x0117F000 \SystemRoot\system32\DRIVERS\SI3132.sys
    0x01199000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    0x011C8000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
    0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
    0x011D3000 \SystemRoot\system32\DRIVERS\SiWinAcc.sys
    0x01210000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x00C00000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013B3000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x014ED000 \SystemRoot\System32\Drivers\cng.sys
    0x01560000 \SystemRoot\System32\drivers\pcw.sys
    0x01571000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x0160D000 \SystemRoot\system32\drivers\ndis.sys
    0x016FF000 \SystemRoot\system32\drivers\NETIO.SYS
    0x0175F000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x0178A000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x0157B000 \SystemRoot\System32\drivers\rdyboost.sys
    0x017DE000 \SystemRoot\system32\DRIVERS\SiRemFil.sys
    0x017E6000 \SystemRoot\System32\Drivers\mup.sys
    0x01600000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x015B5000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01400000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01416000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x02DD9000 \SystemRoot\System32\Drivers\Null.SYS
    0x02DE2000 \SystemRoot\System32\Drivers\Beep.SYS
    0x02DE9000 \SystemRoot\System32\drivers\vga.sys
    0x02C00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02C25000 \SystemRoot\System32\drivers\watchdog.sys
    0x02C35000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02C40000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02C51000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x02C75000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x01454000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x02C82000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x014AA000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x013CD000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x02C93000 \??\C:\Windows\system32\drivers\AWOPFilterDriver.sys
    0x015EF000 \SystemRoot\system32\DRIVERS\intelsmb.sys
    0x02C9D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x011DC000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x01200000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x011ED000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x00DDD000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x00DF1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x05CED000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x05CFC000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x05CFE000 \SystemRoot\system32\DRIVERS\ks.sys
    0x05D41000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x05D53000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x05DAD000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x02CA6000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x05DBB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x00050000 \SystemRoot\System32\win32k.sys
    0x05DCE000 \SystemRoot\System32\drivers\Dxapi.sys
    0x00480000 \SystemRoot\System32\drivers\dxg.sys
    0x00750000 \SystemRoot\System32\TSDDD.dll
    0x05DDA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x05DF7000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x05C00000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x05C0E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x05C27000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x05C30000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x05C3D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x008B0000 \SystemRoot\System32\framebuf.dll
    0x00B50000 \SystemRoot\System32\ATMFD.DLL
    0x05C4B000 \SystemRoot\system32\drivers\WudfPf.sys
    0x77480000 \Windows\System32\ntdll.dll
    0x476C0000 \Windows\System32\smss.exe
    0xFF7A0000 \Windows\System32\apisetschema.dll
    0xFF400000 \Windows\System32\autochk.exe
    0xFF5B0000 \Windows\System32\setupapi.dll

    Processes (total 24):
    0 System Idle Process
    4 System
    344 C:\Windows\System32\smss.exe
    416 csrss.exe
    444 C:\Windows\System32\wininit.exe
    468 csrss.exe
    504 C:\Windows\System32\services.exe
    532 C:\Windows\System32\lsass.exe
    544 C:\Windows\System32\lsm.exe
    612 C:\Windows\System32\winlogon.exe
    692 C:\Windows\System32\svchost.exe
    768 C:\Windows\System32\svchost.exe
    832 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    936 C:\Windows\System32\svchost.exe
    968 C:\Windows\System32\svchost.exe
    1020 C:\Windows\System32\svchost.exe
    336 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    380 C:\Windows\System32\svchost.exe
    1176 C:\Windows\explorer.exe
    1268 C:\Windows\System32\ctfmon.exe
    1696 C:\Windows\System32\notepad.exe
    1724 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    1928 C:\Users\Casey Carlson\Downloads\MBRCheck.exe
    1084 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`29a00000 (NTFS)

    PhysicalDrive0 Model Number: ST3500418AS, Rev: CC44

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
    SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B


    Done!
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    We don't use HJT around here anymore.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  8. Mor715

    Mor715 TS Rookie Topic Starter

    Sorry about the HJT log.

    OTL

    OTL logfile created on: 10/18/2010 7:24:17 PM - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Casey Carlson\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 74.00% Memory free
    12.00 Gb Paging File | 10.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 457.11 Gb Total Space | 387.36 Gb Free Space | 84.74% Space Free | Partition Type: NTFS

    Computer Name: CASEYCARLSON-PC | User Name: Casey Carlson | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/18 19:22:10 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Casey Carlson\Downloads\OTL.exe
    PRC - [2009/10/30 09:40:26 | 000,341,504 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    PRC - [2009/10/22 10:56:20 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    PRC - [2009/10/05 14:36:04 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
    PRC - [2009/10/05 14:35:52 | 000,058,696 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    PRC - [2009/10/02 13:46:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    PRC - [2009/09/25 14:44:28 | 000,016,704 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
    PRC - [2009/07/27 14:19:12 | 000,030,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
    PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/05/15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2009/04/29 01:50:26 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    PRC - [2009/04/15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    PRC - [2009/03/12 17:39:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/18 19:22:10 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Casey Carlson\Downloads\OTL.exe
    MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/06/29 11:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/03/24 17:14:18 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2009/11/24 21:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/09/25 14:44:34 | 000,014,648 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/06/03 17:56:06 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2009/03/12 17:39:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe -- (mi-raysat_3dsmax2010_64)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/10/02 13:46:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
    SRV - [2009/07/27 14:19:12 | 000,030,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe -- (XTUService) Intel(R)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/05/15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\bbcvdkvt.sys -- (bbcvdkvt)
    DRV:64bit: - [2010/02/17 12:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2010/02/17 12:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2009/11/24 21:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/11/10 03:10:35 | 000,019,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys -- (AWOPFilterDriver)
    DRV:64bit: - [2009/08/23 12:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/29 20:14:10 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
    DRV:64bit: - [2009/07/29 20:14:10 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
    DRV:64bit: - [2009/07/29 20:14:10 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
    DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/06 13:08:10 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
    DRV:64bit: - [2009/06/24 17:22:48 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/13 15:31:02 | 000,063,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp) Intel(R)
    DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2010/10/17 18:15:11 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)
    DRV - [2009/07/09 10:53:00 | 000,027,096 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys -- (IOCBIOS)
    DRV - [2009/04/15 23:28:08 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/11/10 03:53:10] [Kernel | Auto | Running] -- c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://support.alienware.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.bungie.net/Stats/Reach/Default.aspx?player=mort1s&sg=0"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/19 12:59:39 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/08 17:46:21 | 000,000,000 | ---D | M]

    [2009/11/16 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\Casey Carlson\AppData\Roaming\Mozilla\Extensions
    [2010/10/18 17:27:49 | 000,000,000 | ---D | M] -- C:\Users\Casey Carlson\AppData\Roaming\Mozilla\Firefox\Profiles\ctdi0y8p.default\extensions
    [2010/10/17 10:39:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Casey Carlson\AppData\Roaming\Mozilla\Firefox\Profiles\ctdi0y8p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2010/08/18 16:18:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Casey Carlson\AppData\Roaming\Mozilla\Firefox\Profiles\ctdi0y8p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/08/08 16:34:38 | 000,002,571 | ---- | M] () -- C:\Users\Casey Carlson\AppData\Roaming\Mozilla\Firefox\Profiles\ctdi0y8p.default\searchplugins\amazon-search-suggestions.xml
    [2009/11/22 14:05:53 | 000,002,404 | ---- | M] () -- C:\Users\Casey Carlson\AppData\Roaming\Mozilla\Firefox\Profiles\ctdi0y8p.default\searchplugins\encyclopedia-dramatica-en.xml
    [2009/11/22 18:37:10 | 000,001,494 | ---- | M] () -- C:\Users\Casey Carlson\AppData\Roaming\Mozilla\Firefox\Profiles\ctdi0y8p.default\searchplugins\halopedia-en.xml
    [2009/11/22 15:40:18 | 000,008,008 | ---- | M] () -- C:\Users\Casey Carlson\AppData\Roaming\Mozilla\Firefox\Profiles\ctdi0y8p.default\searchplugins\power-rangers-universe-en.xml
    [2010/08/21 14:19:32 | 000,002,282 | ---- | M] () -- C:\Users\Casey Carlson\AppData\Roaming\Mozilla\Firefox\Profiles\ctdi0y8p.default\searchplugins\resident-evil-wiki-en.xml
    [2009/11/22 14:23:37 | 000,001,720 | ---- | M] () -- C:\Users\Casey Carlson\AppData\Roaming\Mozilla\Firefox\Profiles\ctdi0y8p.default\searchplugins\youtube-video-search.xml
    [2010/07/29 17:17:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/06/04 16:22:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/07/29 17:17:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/10/01 17:51:32 | 000,002,074 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml

    O1 HOSTS File: ([2010/10/03 12:02:54 | 000,001,262 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 practivate.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 wip3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
    O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [] File not found
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
    O4:64bit: - HKLM..\Run: [Thermal Controller] C:\Program Files\Alienware\Command Center\ThermalController.exe (Alienware Corp.)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
    O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
    O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.171.3.25 205.171.2.25
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.imc - C:\Windows\SysWow64\xbadpcm.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/10/18 17:38:40 | 000,000,000 | ---D | C] -- C:\Users\Casey Carlson\AppData\Roaming\SUPERAntiSpyware.com
    [2010/10/18 17:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/10/18 17:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2010/10/18 17:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/10/18 17:20:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/10/18 17:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/10/17 15:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
    [2010/10/17 14:25:30 | 000,000,000 | ---D | C] -- C:\Users\Casey Carlson\AppData\Roaming\Malwarebytes
    [2010/10/17 14:25:23 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/10/17 14:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/10/17 12:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
    [2010/10/17 12:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
    [2010/10/17 10:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
    [2010/10/17 10:34:15 | 000,000,000 | ---D | C] -- C:\Users\Casey Carlson\AppData\Roaming\Pesob
    [2010/10/02 19:51:40 | 000,000,000 | ---D | C] -- C:\Users\Casey Carlson\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2010/10/02 19:51:40 | 000,000,000 | ---D | C] -- C:\Users\Casey Carlson\AppData\Roaming\Adobe Mini Bridge CS5
    [2010/10/02 19:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
    [2010/10/02 19:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2010/10/02 19:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2010/10/02 19:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
    [2010/08/04 17:16:55 | 000,000,000 | ---D | C] -- C:\Users\Casey Carlson\AppData\Local\HandBrake
    [2010/08/04 17:16:52 | 000,000,000 | ---D | C] -- C:\Users\Casey Carlson\AppData\Roaming\HandBrake
    [2010/08/03 20:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Handbrake
    [2010/07/29 17:17:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2010/07/25 17:26:14 | 000,000,000 | ---D | C] -- C:\Users\Casey Carlson\AppData\Local\licensecb
    [2010/07/25 17:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\licensecb
    [2010/07/25 17:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\CrazyBump
    [2010/07/25 17:25:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
    [2010/07/25 17:25:27 | 000,000,000 | ---D | C] -- C:\Users\Casey Carlson\AppData\Local\CrazyBump
    [2010/07/25 17:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crazybump

    ========== Files - Modified Within 90 Days ==========

    [2010/10/18 18:38:15 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/10/18 18:38:15 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/10/18 18:37:08 | 000,811,744 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/10/18 18:37:08 | 000,683,212 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/10/18 18:37:08 | 000,130,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/10/18 18:30:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/10/18 18:30:36 | 529,780,735 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/18 17:38:37 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/10/18 17:20:11 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/17 18:15:11 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
    [2010/10/17 15:48:27 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
    [2010/10/17 15:35:19 | 000,002,416 | ---- | M] () -- C:\Windows\SysNative\.crusader
    [2010/10/17 12:03:55 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
    [2010/10/17 11:50:17 | 004,826,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/10/16 14:49:34 | 000,022,135 | ---- | M] () -- C:\Users\Casey Carlson\.recently-used.xbel
    [2010/10/03 12:02:54 | 000,001,262 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2010/10/02 19:52:46 | 000,001,725 | ---- | M] () -- C:\Users\Casey Carlson\Desktop\Photoshop - Shortcut.lnk
    [2010/09/03 13:55:14 | 000,000,363 | ---- | M] () -- C:\Users\Casey Carlson\.gtk-bookmarks
    [2010/08/04 17:16:45 | 000,001,021 | ---- | M] () -- C:\Users\Casey Carlson\Desktop\Handbrake.lnk
    [2010/07/25 17:25:39 | 000,001,045 | ---- | M] () -- C:\Users\Casey Carlson\Application Data\Microsoft\Internet Explorer\Quick Launch\Crazybump.lnk
    [2010/07/25 17:25:39 | 000,001,021 | ---- | M] () -- C:\Users\Casey Carlson\Desktop\Crazybump.lnk

    ========== Files Created - No Company Name ==========

    [2010/10/18 17:38:37 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/10/18 17:20:11 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/17 18:13:24 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
    [2010/10/17 15:35:19 | 000,002,416 | ---- | C] () -- C:\Windows\SysNative\.crusader
    [2010/10/17 15:22:23 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
    [2010/10/17 12:03:55 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
    [2010/10/16 14:49:34 | 000,022,135 | ---- | C] () -- C:\Users\Casey Carlson\.recently-used.xbel
    [2010/10/02 19:52:46 | 000,001,725 | ---- | C] () -- C:\Users\Casey Carlson\Desktop\Photoshop - Shortcut.lnk
    [2010/09/03 13:55:14 | 000,000,363 | ---- | C] () -- C:\Users\Casey Carlson\.gtk-bookmarks
    [2010/08/04 17:16:45 | 000,001,021 | ---- | C] () -- C:\Users\Casey Carlson\Desktop\Handbrake.lnk
    [2010/07/25 17:25:39 | 000,001,045 | ---- | C] () -- C:\Users\Casey Carlson\Application Data\Microsoft\Internet Explorer\Quick Launch\Crazybump.lnk
    [2010/07/25 17:25:39 | 000,001,021 | ---- | C] () -- C:\Users\Casey Carlson\Desktop\Crazybump.lnk
    [2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2009/12/18 17:52:36 | 000,752,016 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2009/11/10 05:06:04 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2009/11/10 05:06:04 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2009/09/25 14:50:00 | 000,097,584 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
    [2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
    [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
    [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
    [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
    [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
    [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
    [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
    [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
    [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

    ========== LOP Check ==========

    [2010/05/08 14:58:01 | 000,000,000 | ---D | M] -- C:\Users\Casey Carlson\AppData\Roaming\Audacity
    [2010/06/15 19:18:09 | 000,000,000 | ---D | M] -- C:\Users\Casey Carlson\AppData\Roaming\Autodesk
    [2010/10/17 10:39:43 | 000,000,000 | ---D | M] -- C:\Users\Casey Carlson\AppData\Roaming\gtk-2.0
    [2010/09/13 18:24:54 | 000,000,000 | ---D | M] -- C:\Users\Casey Carlson\AppData\Roaming\HandBrake
    [2010/10/17 10:34:51 | 000,000,000 | ---D | M] -- C:\Users\Casey Carlson\AppData\Roaming\Pesob
    [2010/10/02 19:51:40 | 000,000,000 | ---D | M] -- C:\Users\Casey Carlson\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2010/10/02 20:38:37 | 000,000,000 | ---D | M] -- C:\Users\Casey Carlson\AppData\Roaming\uTorrent
    [2010/03/12 18:51:16 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(27).TXT
    [2010/07/18 16:01:28 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/11/10 03:50:28 | 000,001,365 | ---- | M] () -- C:\AF_BENCHMARKS.XML
    [2010/09/03 13:08:58 | 005,692,812 | ---- | M] () -- C:\dumpDoc.txt
    [2010/10/18 18:30:36 | 529,780,735 | -HS- | M] () -- C:\hiberfil.sys
    [2009/11/10 04:59:07 | 000,024,784 | RH-- | M] () -- C:\mfg.sdr
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2010/10/18 18:30:39 | 2138,034,175 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/11/16 20:53:43 | 000,000,221 | -HS- | M] () -- C:\Users\Casey Carlson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/03 16:05:38 | 000,000,402 | -HS- | M] () -- C:\Users\Casey Carlson\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  9. Mor715

    Mor715 TS Rookie Topic Starter

    Double Post

    Sorry

    :)
     
  10. Mor715

    Mor715 TS Rookie Topic Starter

    Extras

    OTL Extras logfile created on: 10/18/2010 7:24:17 PM - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Casey Carlson\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 74.00% Memory free
    12.00 Gb Paging File | 10.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 457.11 Gb Total Space | 387.36 Gb Free Space | 84.74% Space Free | Partition Type: NTFS

    Computer Name: CASEYCARLSON-PC | User Name: Casey Carlson | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
    "{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8DA5428C-3D35-317C-2FBA-485AAC49E9C0}" = ccc-utility64
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{A9F1B5F6-0EE6-0409-BADD-F8BD360FACC3}" = Autodesk 3ds Max 2010 64-bit
    "{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B9E591DD-DAAC-0409-B1B8-5667E359170B}" = Autodesk 3ds Max 2010 64-bit Components
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Essentials" = Microsoft Security Essentials
    "SMBus" = Intel(R) SMBus

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0BDE949A-3CF5-3852-B4F7-92EAE4F25F73}" = CCC Help English
    "{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
    "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 21
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
    "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
    "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
    "{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45350494-82B7-3E53-85B7-79A1AD9AE080}" = Catalyst Control Center Graphics Light
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{525E7F71-67C1-806E-69D0-892CC3CE2F8E}" = Catalyst Control Center Graphics Full Existing
    "{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
    "{537306C2-CDAC-F606-5D46-D5727F58FAD3}" = Catalyst Control Center Graphics Previews Vista
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
    "{5FF85B8C-4BE5-99FA-895A-7876E3279C0B}" = Catalyst Control Center InstallProxy
    "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
    "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
    "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
    "{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
    "{88DDBE5E-8AC0-F463-AC50-E56FAA2E3CEB}" = Catalyst Control Center Graphics Previews Common
    "{897B3B21-8691-26F5-97E8-A9955C20BB20}" = Catalyst Control Center HydraVision Full
    "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
    "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{a06c216f-ef96-4374-a7bb-29ccd63f7c14}" = Nero 9 Essentials
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A842C34B-2083-6947-BC0E-5654BDBADCDA}" = Catalyst Control Center Graphics Full New
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
    "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
    "{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}" = Catalyst Control Center InstallProxy
    "{BD4B02C1-0271-4D7D-A850-19DE2E5CDF83}" = Banctec Service Agreement
    "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{CB166F48-6219-2DFD-8800-191BE6F5923A}" = ccc-core-static
    "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
    "{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
    "{E0B71631-6AA8-C596-A485-8480E92DD745}" = Catalyst Control Center Core Implementation
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
    "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
    "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
    "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Crazybump" = Crazybump (remove only)
    "Halo 2" = Halo 2 for Windows Vista
    "Halo CE" = Microsoft Halo Custom Edition
    "Halo HEK" = Halo Editing Kit
    "Handbrake" = Handbrake 0.9.4
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility
    "InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
    "OpenAL" = OpenAL
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.0.3
    "WinGimp-2.0_is1" = GIMP 2.6.7
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "xbadpcm" = Xbox ADPCM Audio Codec 32-bit (Remove Only)

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/4/2010 8:21:34 PM | Computer Name = CaseyCarlson-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: brresviewerv4.exe, version: 0.0.0.0, time
    stamp: 0x4ba498fc Faulting module name: brresviewerv4.exe, version: 0.0.0.0, time
    stamp: 0x4ba498fc Exception code: 0xc0000005 Fault offset: 0x00014705 Faulting process
    id: 0x7c8 Faulting application start time: 0x01cb4c8fe1601c28 Faulting application
    path: F:\Hard Backup\My Documents\Model Extraction\Resident Evil Darkside Chronicles\Tools\brresviewer\brresviewer\brresviewerv4.exe
    Faulting
    module path: F:\Hard Backup\My Documents\Model Extraction\Resident Evil Darkside
    Chronicles\Tools\brresviewer\brresviewer\brresviewerv4.exe Report Id: 89b766f2-b883-11df-8e68-0025648bed4c

    Error - 9/4/2010 8:33:03 PM | Computer Name = CaseyCarlson-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Dolphin.exe, version: 0.0.0.0, time stamp:
    0x4c7abfaa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0xdbc Faulting
    application start time: 0x01cb4c90a289dfb8 Faulting application path: F:\Hard Backup\My
    Documents\emu\Dolphin-x64-r6148\x64\Dolphin.exe Faulting module path: unknown Report
    Id: 2420be67-b885-11df-8e68-0025648bed4c

    Error - 9/4/2010 8:34:51 PM | Computer Name = CaseyCarlson-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Dolphin.exe, version: 0.0.0.0, time stamp:
    0x4c7abfaa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0x2ec Faulting
    application start time: 0x01cb4c91e7fbc104 Faulting application path: F:\Hard Backup\My
    Documents\emu\Dolphin-x64-r6148\x64\Dolphin.exe Faulting module path: unknown Report
    Id: 64a5e690-b885-11df-8e68-0025648bed4c

    Error - 9/5/2010 6:22:30 PM | Computer Name = CaseyCarlson-PC | Source = Application Hang | ID = 1002
    Description = The program Dolphin.exe version 0.0.0.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: 444 Start Time:
    01cb4d48b040e884 Termination Time: 15 Application Path: F:\Hard Backup\My Documents\emu\Dolphin-x64-r6148\x64\Dolphin.exe

    Report
    Id: 107074c3-b93c-11df-8e6f-0025648bed4c

    Error - 9/5/2010 6:23:58 PM | Computer Name = CaseyCarlson-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Dolphin.exe, version: 0.0.0.0, time stamp:
    0x4c7abfaa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0x1758 Faulting
    application start time: 0x01cb4d48d8705400 Faulting application path: F:\Hard Backup\My
    Documents\emu\Dolphin-x64-r6148\x64\Dolphin.exe Faulting module path: unknown Report
    Id: 468ed267-b93c-11df-8e6f-0025648bed4c

    Error - 9/5/2010 6:25:43 PM | Computer Name = CaseyCarlson-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Dolphin.exe, version: 0.0.0.0, time stamp:
    0x4c7abfaa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0x1158 Faulting
    application start time: 0x01cb4d490b1f2377 Faulting application path: F:\Hard Backup\My
    Documents\emu\Dolphin-x64-r6148\x64\Dolphin.exe Faulting module path: unknown Report
    Id: 851342d2-b93c-11df-8e6f-0025648bed4c

    Error - 9/5/2010 6:58:04 PM | Computer Name = CaseyCarlson-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Dolphin.exe, version: 0.0.0.0, time stamp:
    0x4c7abfaa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0x1024 Faulting
    application start time: 0x01cb4d494ecb6055 Faulting application path: F:\Hard Backup\My
    Documents\emu\Dolphin-x64-r6148\x64\Dolphin.exe Faulting module path: unknown Report
    Id: 0a07641e-b941-11df-8e6f-0025648bed4c

    Error - 9/5/2010 7:01:30 PM | Computer Name = CaseyCarlson-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Dolphin.exe, version: 0.0.0.0, time stamp:
    0x4c7abfaa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0xa6c Faulting
    application start time: 0x01cb4d4dd072d034 Faulting application path: F:\Hard Backup\My
    Documents\emu\Dolphin-x64-r6148\x64\Dolphin.exe Faulting module path: unknown Report
    Id: 84d2de0c-b941-11df-8e6f-0025648bed4c

    Error - 9/5/2010 7:09:26 PM | Computer Name = CaseyCarlson-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Dolphin.exe, version: 0.0.0.0, time stamp:
    0x4c7abfaa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0x5f0 Faulting
    application start time: 0x01cb4d4e659702f1 Faulting application path: F:\Hard Backup\My
    Documents\emu\Dolphin-x64-r6148\x64\Dolphin.exe Faulting module path: unknown Report
    Id: a08b1c09-b942-11df-8e6f-0025648bed4c

    Error - 9/5/2010 8:16:32 PM | Computer Name = CaseyCarlson-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Dolphin.exe, version: 0.0.0.0, time stamp:
    0x4c7abfaa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0x1570 Faulting
    application start time: 0x01cb4d4fa08fce0d Faulting application path: F:\Hard Backup\My
    Documents\emu\Dolphin-x64-r6148\x64\Dolphin.exe Faulting module path: unknown Report
    Id: 003aa97a-b94c-11df-8e6f-0025648bed4c

    [ System Events ]
    Error - 10/18/2010 7:44:56 PM | Computer Name = CaseyCarlson-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 10/18/2010 7:44:56 PM | Computer Name = CaseyCarlson-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 10/18/2010 7:44:56 PM | Computer Name = CaseyCarlson-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 10/18/2010 7:44:56 PM | Computer Name = CaseyCarlson-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 10/18/2010 7:44:56 PM | Computer Name = CaseyCarlson-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 10/18/2010 7:44:56 PM | Computer Name = CaseyCarlson-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 10/18/2010 7:45:21 PM | Computer Name = CaseyCarlson-PC | Source = DCOM | ID = 10005
    Description =

    Error - 10/18/2010 7:45:21 PM | Computer Name = CaseyCarlson-PC | Source = DCOM | ID = 10005
    Description =

    Error - 10/18/2010 7:45:21 PM | Computer Name = CaseyCarlson-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 10/18/2010 8:29:00 PM | Computer Name = CaseyCarlson-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068


    < End of report >
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O4:64bit: - HKLM..\Run: [] File not found
      O4 - HKCU..\Run: [AdobeBridge] File not found
      O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  12. Mor715

    Mor715 TS Rookie Topic Starter

    New OTL log

    All processes killed
    ========== OTL ==========
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
    File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
    File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Casey Carlson
    ->Temp folder emptied: 10058678 bytes
    ->Temporary Internet Files folder emptied: 6358781 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 43899840 bytes
    ->Flash cache emptied: 456 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 17044 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 205540 bytes

    Total Files Cleaned = 58.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Casey Carlson
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.15.2 log created on 10182010_201617

    Files\Folders moved on Reboot...
    C:\Users\Casey Carlson\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...

    SecurityCheck log

    Results of screen317's Security Check version 0.99.5
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.85.3
    Adobe Reader 9.4.0
    Mozilla Firefox (3.6.10) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Alienware Command Center ThermalController.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````

    Nothing Found with ESET.

    How's the prognosis?
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Well.....


    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
  14. Mor715

    Mor715 TS Rookie Topic Starter

    So, The computer appears clean... Yet I still get redirected to http://search.fast-find.net/ when I use Firefox's Search engine toolbar using google as the search engine.

    Any idea? Would reinstalling Firefox fix the issue?

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Casey Carlson
    ->Temp folder emptied: 413069 bytes
    ->Temporary Internet Files folder emptied: 187055 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 81508470 bytes
    ->Flash cache emptied: 456 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1578 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32768 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 78.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Casey Carlson
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.15.2 log created on 10182010_220334

    Files\Folders moved on Reboot...
    C:\Users\Casey Carlson\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Make sure, you complete all steps from my previous reply.

    Then, see, if IE has any kind of redirection?

    Also....
    Close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode). Same redirection?
     
  16. Mor715

    Mor715 TS Rookie Topic Starter

    All of your steps were followed to a 'T'

    Firefox (safe mode) has the same redirect when using the google search bar.
    I can use google just fine, as long as it isn't using Firefox's built in searchbar.

    Internet Explorer seems to be fine.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
     
  18. Mor715

    Mor715 TS Rookie Topic Starter

    Thanks for sticking with me!

    GooredFix.txt

    GooredFix by jpshortstuff (03.07.10.1)
    Log created at 22:32 on 18/10/2010 (Casey Carlson)
    Firefox version 3.6.10 (en-US)

    ========== GooredScan ==========


    ========== GooredLog ==========

    C:\Program Files (x86)\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [02:58 17/11/2009]
    {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [03:16 02/12/2009]
    {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [22:21 07/04/2010]
    {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [22:22 04/06/2010]
    {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [23:17 29/07/2010]
    {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [02:11 19/10/2010]

    C:\Users\Casey Carlson\Application Data\Mozilla\Firefox\Profiles\ctdi0y8p.default\extensions\
    {b9db16a4-6edc-47ec-a1f4-b86292ed211d} [23:03 26/07/2010]
    {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [22:18 18/08/2010]

    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    (Key not found)

    -=E.O.F=-
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

  20. Mor715

    Mor715 TS Rookie Topic Starter

    No dice... Google searchbar still redirects to http;//search.fast-find.net
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Let's see, if your router is not infected.

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE
     
  22. Mor715

    Mor715 TS Rookie Topic Starter

    Still persisting..

    I am also directly connected to a modem... Whether that is helpful to you or not, haha.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

  24. Mor715

    Mor715 TS Rookie Topic Starter

    So, A clean Firefox install appears to have fixed the redirection issue.

    Aside from that, My computer appears to be clean?
     
  25. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good news :)

    You're good to go :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...