Solved Downloading problem with Malwarebytes Anti-Malware 1.46

Status
Not open for further replies.
A

ashley11493

Posts: 23   +0
I just tried to download Malwarebytes Anti-Malware 1.46. An error appeared saying "Run-time error 339 vbalsgrid6.ocx is not correctly registered: a file is missing or invalid". How can I fix this problem so I can down the program?
 
Welcome aboard
yahooo.gif


Leave MBAM alone for now.
Please, complete all other steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Step 1 and 2

step 1: I have Avast, and the full system scan came up clean.


step 2:

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: gemma
->Temp folder emptied: 947412 bytes
->Temporary Internet Files folder emptied: 49288 bytes
->Java cache emptied: 80480 bytes
->FireFox cache emptied: 65527019 bytes
->Flash cache emptied: 4889 bytes

User: Public

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 882 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68488 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 64.00 mb




I also believe after reading the forum that I have a google redirect virus.
 
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-14 13:03:23
Windows 6.1.7600
Running: rt67byto.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg@s2 285507792
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@HideFileExt 0

---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\r33 0 bytes
File C:\## aswSnx private storage\snx_rhive 5505024 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{87616e6f-f00a-11df-a5d6-001b249f5f61}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{87616e6f-f00a-11df-a5d6-001b249f5f61}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{87616e6f-f00a-11df-a5d6-001b249f5f61}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\webStorage 0 bytes
File C:\## aswSnx private storage\webStorage\attrib 0 bytes
File C:\## aswSnx private storage\webStorage\image 0 bytes
File C:\## aswSnx private storage\webStorage\image\$RECYCLE.BIN 0 bytes
File C:\## aswSnx private storage\webStorage\image\$RECYCLE.BIN\S-1-5-21-3689666590-410104271-3580811442-1005 0 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files 0 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware 0 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\changes.rtf 1113 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages 0 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\german.lng 9880 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\belarusian.lng 8878 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\bosnian.lng 8744 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\bulgarian.lng 8948 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\catalan.lng 9353 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\chineseSI.lng 5468 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\chineseTR.lng 6054 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\croatian.lng 8726 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\czech.lng 8401 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\danish.lng 8832 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\dutch.lng 9325 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\english.lng 8089 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\estonian.lng 8323 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\finnish.lng 8287 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\french.lng 9901 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\greek.lng 9663 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\hebrew.lng 6252 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\hungarian.lng 9404 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\italian.lng 9309 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\korean.lng 7082 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\latvian.lng 8878 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\macedonian.lng 9662 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\norwegian.lng 8147 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\polish.lng 8624 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng 9284 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\portuguesePT.lng 9392 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\romanian.lng 9331 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\russian.lng 8742 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\serbian.lng 8771 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\slovak.lng 8355 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\slovenian.lng 8078 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\spanish.lng 9911 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\swedish.lng 8658 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\turkish.lng 8414 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\license.txt 4124 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\mbam.chm 35157 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\mbam.dll 350544 bytes executable
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\mbam.exe 1090952 bytes executable
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 96592 bytes executable
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe 437584 bytes executable
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 304464 bytes executable
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll 46416 bytes executable
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\unins000.dat 10200 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\unins000.exe 716624 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\unins000.msg 10562 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx 496976 bytes executable
File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\zlib.dll 79696 bytes executable
File C:\## aswSnx private storage\webStorage\image\Program Files (x86) 0 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware 0 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\changes.rtf 1113 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages 0 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\german.lng 9880 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\belarusian.lng 8878 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\bosnian.lng 8744 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\bulgarian.lng 8948 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\catalan.lng 9353 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\chineseSI.lng 5468 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\chineseTR.lng 6054 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\croatian.lng 8726 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\czech.lng 8401 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\danish.lng 8832 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\dutch.lng 9325 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\english.lng 8089 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\estonian.lng 8323 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\finnish.lng 8287 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\french.lng 9901 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\greek.lng 9663 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\hebrew.lng 6252 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\hungarian.lng 9404 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\italian.lng 9309 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\korean.lng 7082 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\latvian.lng 8878 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\macedonian.lng 9662 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\norwegian.lng 8147 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\polish.lng 8624 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng 9284 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\portuguesePT.lng 9392 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\romanian.lng 9331 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\russian.lng 8742 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\serbian.lng 8771 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\slovak.lng 8355 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\slovenian.lng 8078 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\spanish.lng 9911 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\swedish.lng 8658 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\turkish.lng 8414 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\license.txt 4124 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm 35157 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll 350544 bytes executable
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe 1090952 bytes executable
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll 96592 bytes executable
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe 437584 bytes executable
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 304464 bytes executable
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll 46416 bytes executable
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.dat 10467 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe 716624 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.msg 10562 bytes
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx 496976 bytes executable
File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\zlib.dll 79696 bytes executable
File C:\## aswSnx private storage\webStorage\image\ProgramData 0 bytes
File C:\## aswSnx private storage\webStorage\image\ProgramData\Malwarebytes 0 bytes
File C:\## aswSnx private storage\webStorage\image\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware 0 bytes
File C:\## aswSnx private storage\webStorage\image\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\config.dat 740 bytes
File C:\## aswSnx private storage\webStorage\image\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\local.dat 87 bytes
File C:\## aswSnx private storage\webStorage\image\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref 4783102 bytes
File C:\## aswSnx private storage\webStorage\image\ProgramData\Microsoft 0 bytes
File C:\## aswSnx private storage\webStorage\image\ProgramData\Microsoft\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\ProgramData\Microsoft\Windows\Start Menu 0 bytes
File C:\## aswSnx private storage\webStorage\image\ProgramData\Microsoft\Windows\Start Menu\Programs 0 bytes
File C:\## aswSnx private storage\webStorage\image\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware 0 bytes
File C:\## aswSnx private storage\webStorage\image\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk 987 bytes
File C:\## aswSnx private storage\webStorage\image\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk 987 bytes
File C:\## aswSnx private storage\webStorage\image\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk 1011 bytes
File C:\## aswSnx private storage\webStorage\image\Users 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Default 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Default\AppData 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Default\AppData\Local 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Default\AppData\Local\Microsoft 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Default\AppData\Local\Microsoft\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\History 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\History\History.IE5 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 16384 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKDTYA1D 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKDTYA1D\desktop.ini 67 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 32768 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MGTGICXN 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MGTGICXN\desktop.ini 67 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUPPU3FB 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUPPU3FB\desktop.ini 67 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEOO2684 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEOO2684\desktop.ini 67 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini 67 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\03DD2DD3d01 17831 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\13DC100Bd01 16754 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\465E4AE3d01 37136 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\60338443d01 26769 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\6D70BCACd01 55054 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\7CE25DA4d01 20687 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\99DFD6F9d01 127103 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\AF3F69EFd01 35027 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\BB86F350d01 18155 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\BC5CA455d01 296448 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\BE23704Cd01 19797 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\D2CA0B36d01 27636 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\D3EA8443d01 36259 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\E4588211d01 22320 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\E8CE93ADd01 29245 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\F27F33F0d01 23338 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\FB4AB2F5d01 56501 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\_CACHE_001_ 439224 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\_CACHE_002_ 260659 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\_CACHE_003_ 428800 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\_CACHE_MAP_ 16660 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\XPC.mfl 1832890 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\XUL.mfl 1143213 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Temp 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Temp\uglcqpoc.sys 94848 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Microsoft 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Microsoft\CryptnetUrlCache 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_EB65230B7A1EE7FF17EA7D24B7D6C011 1716 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_EB65230B7A1EE7FF17EA7D24B7D6C011 408 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 342 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC 404 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Sun 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Sun\Java 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Sun\Java\Deployment 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Roaming 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Roaming\Macromedia 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Roaming\Macromedia\Flash Player 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Roaming\Microsoft 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Roaming\Microsoft\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Roaming\Microsoft\Windows\Cookies 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 16384 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Roaming\Microsoft\Windows\IETldCache 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat 16384 bytes
 
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\29605f30-479b5c67 3703 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\29605f30-479b5c67.idx 536 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\f1e833-2b991589 24140 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\f1e833-2b991589.idx 508 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\44d72c77-1c6c48a8 3738 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\44d72c77-1c6c48a8.idx 540 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\lastAccessed 1 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin 0 bytes
File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp 0 bytes
File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\#SharedObjects 0 bytes
File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3KVZPHJC 0 bytes
File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3KVZPHJC\s.ytimg.com 0 bytes
File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3KVZPHJC\s.ytimg.com\soundData.sol 49 bytes
File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3KVZPHJC\s.ytimg.com\videostats.sol 85 bytes
File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\macromedia.com 0 bytes
File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support 0 bytes
File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer 0 bytes
File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys 0 bytes
File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com 0 bytes
File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol 81 bytes
File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 4674 bytes
File C:\Windows\CSC\v2.0.6 0 bytes
File C:\Windows\CSC\v2.0.6\namespace 0 bytes
File C:\Windows\CSC\v2.0.6\pq 64 bytes
File C:\Windows\CSC\v2.0.6\sm 4 bytes
File C:\Windows\CSC\v2.0.6\temp 0 bytes
File C:\Windows\CSC\v2.0.6\temp\ea-{4f02fb9d-6a99-11df-970d-a0da9750880e} 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01GP9IB7 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01GP9IB7\desktop.ini 67 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01GP9IB7\IDR_XML_DEFAULT_TRANSFORM[1] 17163 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\desktop.ini 67 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\IDR_XML_DEFAULT_TRANSFORM[1] 17163 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AE1ZZRBM 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AE1ZZRBM\desktop.ini 67 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G67RNB0S 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G67RNB0S\Communications[1].asmx 480 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G67RNB0S\desktop.ini 67 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 32768 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQXI6F6Y 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQXI6F6Y\desktop.ini 67 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQXI6F6Y\update[1].asmx 445 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini 67 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl 72 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl 72 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl 0 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl 72 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl 0 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl 72 bytes
File C:\Windows\Temp\MpCmdRun.log 882 bytes
File C:\Windows\Temp\_avast5_ 0 bytes
File C:\Windows\Temp\_avast5_\Webshlock.txt 0 bytes

---- EOF - GMER 1.0.15 ----
 
Please, disable "word wrap" in Notepad. Some of your logs are hard to read.

========================================================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

=======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by gemma at 13:41:55.70 on Sun 11/14/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Extreme Edition R1 - x64 6.1.7600.0.1252.1.1033.18.2038.957 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\gemma\Downloads\9u7zpd3m.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\gemma\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mystart.com?pr=oovoo2_2
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
uRun: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRunOnce: [MessengerPlusLiveUninstall] "C:\Users\gemma\AppData\Local\Temp\MsgPlusUninstall.exe" /Cleanup
StartupFolder: C:\Users\gemma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
SSODL-X64: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair64.dll
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\System32\DreamScene.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\gemma\AppData\Roaming\Mozilla\Firefox\Profiles\zbdje4ge.default\
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2010-5-28 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2010-10-28 250448]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2010-10-28 125520]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2010-10-28 472656]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-5-28 121936]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-5-28 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-5-28 61008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-28 40384]
R2 avast! Firewall;avast! Firewall;C:\Program Files\Alwil Software\Avast5\afwServ.exe [2010-10-28 119200]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2010-11-14 1153368]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-28 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-28 40384]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-12-1 6816256]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-1 239616]
S0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2009-12-1 18784]
S0 xfiltx64;VIA SATA IDE Hot-plug Driver;C:\Windows\System32\drivers\xfiltx64.sys [2009-12-1 25752]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-12-1 44032]
S3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-12-1 70424]
S3 hptmv;hptmv;C:\Windows\System32\drivers\hptmv.sys [2009-12-1 93472]
S3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTVE.sys [2009-12-1 43416]
S3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTXPE.sys [2009-12-1 51096]
S3 ioatdma;Intel(R) QuickData Technology device;C:\Windows\System32\drivers\qd260x64.sys [2009-12-1 41096]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2009-12-1 40144]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2009-12-1 41680]
S3 iSSetup;iSSetup;C:\Windows\System32\drivers\iSSetup.sys [2009-12-1 175328]
S3 MegaSR1;MegaSR1;C:\Windows\System32\drivers\MegaSR1.sys [2009-12-1 461320]
S3 nvamacpi;nvamacpi;C:\Windows\System32\drivers\nvamacpi.sys [2009-12-1 28192]
S3 O2MDRDR;O2MDRDR;C:\Windows\System32\drivers\o2mdx64.sys [2009-12-1 56664]
S3 O2SDRDR;O2SDRDR;C:\Windows\System32\drivers\o2sdx64.sys [2009-12-1 56096]
S3 Pnp680;Pnp680;C:\Windows\System32\drivers\PnP680.sys [2009-12-1 80424]
S3 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2009-12-1 60416]
S3 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2009-12-1 80896]
S3 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2009-12-1 55808]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-12-1 225280]
S3 SI3112r;SI3112r;C:\Windows\System32\drivers\SI3112r.sys [2009-12-1 164656]
S3 SI3114;SI3114;C:\Windows\System32\drivers\SI3114.sys [2009-12-1 99120]
S3 SI3124;SI3124;C:\Windows\System32\drivers\SI3124.sys [2009-12-1 113456]
S3 Si3124r5;Si3124r5;C:\Windows\System32\drivers\Si3124r5.sys [2009-12-1 334640]
S3 Si3531;Si3531;C:\Windows\System32\drivers\Si3531.sys [2009-12-1 330544]
S3 viamrx64;viamrx64;C:\Windows\System32\drivers\viamrx64.sys [2009-12-1 136192]
S3 ViBusX64;ViBusX64;C:\Windows\System32\drivers\ViBusX64.sys [2009-12-1 25240]
S3 videX64;videX64;C:\Windows\System32\drivers\videX64.sys [2009-12-1 15000]
S3 ViPrtX64;ViPrtX64;C:\Windows\System32\drivers\ViPrtX64.sys [2009-12-1 67224]
S3 vm3dmp;vm3dmp;C:\Windows\System32\drivers\vm3dmp.sys [2009-11-29 86576]
S3 vmmouse;VMware Pointing Device;C:\Windows\System32\drivers\vmmouse.sys [2009-11-29 13872]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-31 1255736]
 
=============== Created Last 30 ================

2010-11-14 16:02:50 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
2010-11-14 16:02:50 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-11-14 08:01:50 -------- d-----w- C:\Program Files\CCleaner
2010-11-13 16:20:10 -------- d-----w- C:\Users\gemma\AppData\Local\Help
2010-11-12 23:47:13 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{ABD6CFA6-0E69-4DEC-8E73-987C7F434C24}\mpengine.dll
2010-10-30 04:06:59 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
2010-10-30 04:06:59 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2010-10-28 19:10:15 472656 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2010-10-28 19:10:15 125520 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2010-10-28 19:10:08 250448 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2010-10-28 19:10:06 38848 ----a-w- C:\Windows\avastSS.scr
2010-10-26 21:50:56 -------- d-----w- C:\Users\gemma\AppData\Roaming\LockHunter
2010-10-21 17:36:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-21 17:36:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-21 17:36:11 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2010-10-21 17:36:11 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2010-10-21 17:35:59 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-21 17:35:58 2085376 ----a-w- C:\Windows\System32\ole32.dll
2010-10-21 17:35:57 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-10-21 17:35:56 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-10-21 17:35:45 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-10-21 17:35:45 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-10-21 17:35:38 339456 ----a-w- C:\Windows\System32\schannel.dll
2010-10-21 17:35:32 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-10-21 17:35:31 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-10-21 17:34:46 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-10-21 17:34:46 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-10-21 17:34:10 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-10-21 17:34:10 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

==================== Find3M ====================

2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:28:24 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:47:01 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-07 14:47:33 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2010-09-01 08:10:52 144384 ----a-w- C:\Windows\SysWow64\wmpps.dll
2010-09-01 08:10:07 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx
2010-09-01 08:10:07 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll
2010-09-01 08:09:22 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll
2010-09-01 08:03:54 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 05:16:44 479232 ----a-w- C:\Windows\System32\wmpps.dll
2010-09-01 05:15:29 5120 ----a-w- C:\Windows\System32\msdxm.ocx
2010-09-01 05:15:29 5120 ----a-w- C:\Windows\System32\dxmasf.dll
2010-09-01 05:14:30 9728 ----a-w- C:\Windows\System32\spwmp.dll
2010-09-01 05:06:55 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-20 04:30:08 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

============= FINISH: 13:43:01.83 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows 7 Extreme Edition R1 - x64
Boot Device: \Device\HarddiskVolume1
Install Date: 5/28/2010 2:21:05 PM
System Uptime: 11/14/2010 2:42:39 AM (11 hours ago)

Motherboard: Quanta | | 30CC
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1500/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 225 GiB total, 192.688 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.823 GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description:
Device ID: ACPI\HPQ0006\4&1D8D756B&0
Manufacturer:
Name:
PNP Device ID: ACPI\HPQ0006\4&1D8D756B&0
Service:

==== System Restore Points ===================

RP78: 10/29/2010 11:26:43 PM - Windows Update
RP79: 11/2/2010 8:59:41 PM - Windows Update
RP80: 11/3/2010 9:36:26 PM - Windows Update
RP81: 11/5/2010 11:23:19 PM - Windows Update
RP82: 11/10/2010 1:55:08 AM - Windows Update
RP83: 11/10/2010 6:35:30 PM - Windows Update
RP84: 11/12/2010 6:45:58 PM - Windows Update

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Advertising Center
avast! Internet Security
DolbyFiles
ImagXpress
Java(TM) 6 Update 17
K-Lite Mega Codec Pack 5.5.0
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Service Pack 1 Redistributable
Mozilla Firefox (3.6.12)
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero Rescue Agent
NeroBurningROM
NeroExpress
Notepad++
ooVoo
Opera 10.10
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 4.2
Spybot - Search & Destroy
UltraISO Premium V9.35
Universal Extractor 1.6
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Windows Live Communications Platform
Windows Live Messenger

==== Event Viewer Messages From Past Week ========

11/8/2010 6:06:57 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/8/2010 6:06:57 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
11/8/2010 6:06:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
11/14/2010 2:43:38 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: johci xfiltx64
11/14/2010 10:31:12 AM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
11/14/2010 10:31:12 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
11/13/2010 9:49:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom johci xfiltx64
11/13/2010 11:15:31 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2010 11:12:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/13/2010 11:09:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/13/2010 11:07:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
11/13/2010 11:07:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/13/2010 11:05:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/13/2010 11:05:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/13/2010 11:05:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/13/2010 11:05:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/13/2010 11:05:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/13/2010 11:05:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/13/2010 11:05:26 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswFW aswRdr aswSnx aswSP aswTdi CSC DfsC discache johci NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vpcnfltr vpcvmm Wanarpv6 WfpLwf xfiltx64
11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 11:04:42 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
11/11/2010 9:11:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002a897b6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111110-47159-01.
11/11/2010 4:53:42 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/11/2010 4:50:37 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/11/2010 4:50:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache johci spldr sptd vpcvmm Wanarpv6 xfiltx64
11/10/2010 6:35:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
11/10/2010 6:35:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
11/10/2010 6:35:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
11/10/2010 6:34:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================
 
2010/11/14 14:01:44.0758 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/14 14:01:44.0758 ================================================================================
2010/11/14 14:01:44.0758 SystemInfo:
2010/11/14 14:01:44.0758
2010/11/14 14:01:44.0758 OS Version: 6.1.7600 ServicePack: 0.0
2010/11/14 14:01:44.0758 Product type: Workstation
2010/11/14 14:01:44.0758 ComputerName: GEMMA-PC
2010/11/14 14:01:44.0758 UserName: gemma
2010/11/14 14:01:44.0758 Windows directory: C:\Windows
2010/11/14 14:01:44.0758 System windows directory: C:\Windows
2010/11/14 14:01:44.0758 Running under WOW64
2010/11/14 14:01:44.0758 Processor architecture: Intel x64
2010/11/14 14:01:44.0758 Number of processors: 2
2010/11/14 14:01:44.0758 Page size: 0x1000
2010/11/14 14:01:44.0758 Boot type: Normal boot
2010/11/14 14:01:44.0758 ================================================================================
2010/11/14 14:01:44.0758 Utility is running under WOW64
2010/11/14 14:01:45.0288 Initialize success
2010/11/14 14:01:48.0845 ================================================================================
2010/11/14 14:01:48.0845 Scan started
2010/11/14 14:01:48.0845 Mode: Manual;
2010/11/14 14:01:48.0845 ================================================================================
2010/11/14 14:01:49.0375 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/11/14 14:01:49.0422 ACPI (b17fc92e0cbce7c0c3f657b866ec7704) C:\Windows\system32\drivers\ACPI.sys
2010/11/14 14:01:49.0469 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
2010/11/14 14:01:49.0516 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
2010/11/14 14:01:49.0625 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
2010/11/14 14:01:49.0703 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
2010/11/14 14:01:49.0797 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/11/14 14:01:49.0859 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2010/11/14 14:01:49.0906 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2010/11/14 14:01:49.0937 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2010/11/14 14:01:49.0984 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
2010/11/14 14:01:50.0031 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
2010/11/14 14:01:50.0093 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\drivers\amdsata.sys
2010/11/14 14:01:50.0140 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
2010/11/14 14:01:50.0171 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\drivers\amdxata.sys
2010/11/14 14:01:50.0233 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
2010/11/14 14:01:50.0280 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/11/14 14:01:50.0327 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
2010/11/14 14:01:50.0358 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
2010/11/14 14:01:50.0452 aswFsBlk (b76182f203e0bd5eb6a5f6538f0faee4) C:\Windows\system32\drivers\aswFsBlk.sys
2010/11/14 14:01:50.0514 aswFW (dd281cfc996d71553a4185ce424b5c45) C:\Windows\system32\drivers\aswFW.sys
2010/11/14 14:01:50.0577 aswMonFlt (a88e9544edda1ce83825dd22d6a8b5f9) C:\Windows\system32\drivers\aswMonFlt.sys
2010/11/14 14:01:50.0670 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
2010/11/14 14:01:50.0733 aswNdis2 (b14a130c09ab3db6697f9e9df44ad7de) C:\Windows\system32\drivers\aswNdis2.sys
2010/11/14 14:01:50.0795 aswRdr (cfad2fb33b22e7039c9dc233baacbf8b) C:\Windows\system32\drivers\aswRdr.sys
2010/11/14 14:01:50.0842 aswSnx (9638a3064b642410011b43a210276f55) C:\Windows\system32\drivers\aswSnx.sys
2010/11/14 14:01:50.0873 aswSP (594365e887f4a5ad3970870b352eb887) C:\Windows\system32\drivers\aswSP.sys
2010/11/14 14:01:50.0920 aswTdi (4ba0a0e1d36f88f536180ffe5efd8b7c) C:\Windows\system32\drivers\aswTdi.sys
2010/11/14 14:01:50.0967 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/14 14:01:51.0013 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/11/14 14:01:51.0138 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
2010/11/14 14:01:51.0201 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/11/14 14:01:51.0247 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/11/14 14:01:51.0341 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/11/14 14:01:51.0372 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/14 14:01:51.0403 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
2010/11/14 14:01:51.0419 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
2010/11/14 14:01:51.0466 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/11/14 14:01:51.0513 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/11/14 14:01:51.0528 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/11/14 14:01:51.0559 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/11/14 14:01:51.0606 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
2010/11/14 14:01:51.0669 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/14 14:01:51.0715 cdrom (ec5ae6d60673dd4874c6da1d4ba4cbcb) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/14 14:01:51.0778 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
2010/11/14 14:01:51.0840 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/11/14 14:01:51.0903 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/14 14:01:51.0934 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2010/11/14 14:01:51.0965 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/11/14 14:01:52.0027 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
2010/11/14 14:01:52.0074 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/11/14 14:01:52.0137 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
2010/11/14 14:01:52.0183 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2010/11/14 14:01:52.0277 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/11/14 14:01:52.0324 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/11/14 14:01:52.0355 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/11/14 14:01:52.0433 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/11/14 14:01:52.0495 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/14 14:01:52.0589 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
2010/11/14 14:01:52.0729 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
2010/11/14 14:01:52.0901 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
2010/11/14 14:01:52.0948 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2010/11/14 14:01:53.0010 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/11/14 14:01:53.0041 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/11/14 14:01:53.0104 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
2010/11/14 14:01:53.0182 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/11/14 14:01:53.0213 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/11/14 14:01:53.0244 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
2010/11/14 14:01:53.0291 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/11/14 14:01:53.0353 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/11/14 14:01:53.0385 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/14 14:01:53.0447 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/11/14 14:01:53.0478 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/14 14:01:53.0509 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/11/14 14:01:53.0556 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/14 14:01:53.0619 HECIx64 (3ce9668e4ad154424b39efac30c49deb) C:\Windows\system32\DRIVERS\HECIx64.sys
2010/11/14 14:01:53.0634 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
2010/11/14 14:01:53.0665 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
2010/11/14 14:01:53.0697 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
2010/11/14 14:01:53.0759 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys
2010/11/14 14:01:53.0821 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
2010/11/14 14:01:53.0884 hptmv (93850720522b3015ce0ab56c78c2b219) C:\Windows\system32\DRIVERS\hptmv.sys
2010/11/14 14:01:53.0946 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/11/14 14:01:53.0993 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/11/14 14:01:54.0040 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/14 14:01:54.0118 IAMTVE (87a72502c8ac5e89b5a46ff6e874f5c5) C:\Windows\system32\DRIVERS\IAMTVE.sys
2010/11/14 14:01:54.0149 IAMTXPE (5516f8e518a2f6a8755498f3e73957cf) C:\Windows\system32\DRIVERS\IAMTXPE.sys
2010/11/14 14:01:54.0196 iaStor (1adaa4f16073fd0c7270f451fd024e97) C:\Windows\system32\DRIVERS\iaStor.sys
2010/11/14 14:01:54.0258 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\drivers\iaStorV.sys
2010/11/14 14:01:54.0508 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
2010/11/14 14:01:54.0711 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
2010/11/14 14:01:54.0835 IntcAzAudAddService (52d9171838bb92319f23656f502916e9) C:\Windows\system32\drivers\RTKVHD64.sys
2010/11/14 14:01:54.0960 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/11/14 14:01:55.0007 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/14 14:01:55.0054 ioatdma (3db35c88389e3a21adeb4a6cfc4075f9) C:\Windows\System32\Drivers\qd260x64.sys
2010/11/14 14:01:55.0085 ioatdma1 (127f0a7586acec7b83131bff2b4394c1) C:\Windows\System32\Drivers\qd162x64.sys
2010/11/14 14:01:55.0132 ioatdma2 (70cc19b5c076f8497cab4a77d6500e8a) C:\Windows\System32\Drivers\qd262x64.sys
2010/11/14 14:01:55.0210 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/14 14:01:55.0241 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
2010/11/14 14:01:55.0288 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/11/14 14:01:55.0319 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/11/14 14:01:55.0350 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2010/11/14 14:01:55.0397 iScsiPrt (fd05c69275922c516d814bb2a0f264ff) C:\Windows\system32\drivers\msiscsi.sys
2010/11/14 14:01:55.0444 iSSetup (072cd31673f08dbf2992cccc5e78cd66) C:\Windows\system32\DRIVERS\iSSetup.sys
2010/11/14 14:01:55.0475 iteraid (149965167ed18c14f6e080a781684e13) C:\Windows\system32\DRIVERS\iteraid.sys
2010/11/14 14:01:55.0522 johci (148a8e14340e640aca1d316133960d64) C:\Windows\system32\DRIVERS\johci.sys
2010/11/14 14:01:55.0553 JRAID (6ebe4832b1a7c063fdf87035afc1e3dc) C:\Windows\system32\DRIVERS\jraid.sys
2010/11/14 14:01:55.0600 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/14 14:01:55.0647 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
2010/11/14 14:01:55.0678 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/14 14:01:55.0740 KSecPkg (a8d4f3b3f038a45bce78ce6aeeb7402c) C:\Windows\system32\Drivers\ksecpkg.sys
2010/11/14 14:01:55.0771 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/11/14 14:01:55.0865 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/14 14:01:55.0943 LSI_FC (d7b77b486804af25838aa51734f65e2c) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/11/14 14:01:55.0990 LSI_SAS (7e87030a627fc09f1ae54a491ad58c39) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/11/14 14:01:56.0021 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
2010/11/14 14:01:56.0068 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/14 14:01:56.0115 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/11/14 14:01:56.0146 megasas (e2e92687f505bf15d07b4315866b4a44) C:\Windows\system32\DRIVERS\megasas.sys
2010/11/14 14:01:56.0208 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
2010/11/14 14:01:56.0255 MegaSR1 (6d884467fdd4ea15040ca0d5d34c067c) C:\Windows\system32\DRIVERS\MegaSR1.sys
2010/11/14 14:01:56.0349 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/11/14 14:01:56.0380 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/14 14:01:56.0442 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/14 14:01:56.0473 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
2010/11/14 14:01:56.0520 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/11/14 14:01:56.0551 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
2010/11/14 14:01:56.0583 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/14 14:01:56.0629 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/11/14 14:01:56.0676 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/14 14:01:56.0707 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/14 14:01:56.0770 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/14 14:01:56.0817 msahci (aece1f4818539ed2e567f8796ad971ef) C:\Windows\system32\DRIVERS\msahci.sys
2010/11/14 14:01:56.0848 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
2010/11/14 14:01:56.0895 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/11/14 14:01:56.0941 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/11/14 14:01:56.0973 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/11/14 14:01:57.0035 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/14 14:01:57.0066 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/14 14:01:57.0113 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/11/14 14:01:57.0160 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/11/14 14:01:57.0285 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/14 14:01:57.0331 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/11/14 14:01:57.0378 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
2010/11/14 14:01:57.0441 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
2010/11/14 14:01:57.0487 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/11/14 14:01:57.0550 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/14 14:01:57.0628 NDIS (467d2c33b82990603e9e90fe96b034c3) C:\Windows\system32\drivers\ndis.sys
2010/11/14 14:01:57.0706 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/11/14 14:01:57.0768 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/14 14:01:57.0784 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/14 14:01:57.0831 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/14 14:01:57.0862 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/11/14 14:01:57.0893 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/14 14:01:57.0940 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/14 14:01:58.0189 NETw5v64 (50d4c98bc85e87e5f38bd3960457c18b) C:\Windows\system32\DRIVERS\NETw5v64.sys
2010/11/14 14:01:58.0408 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
2010/11/14 14:01:58.0470 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/11/14 14:01:58.0501 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/14 14:01:58.0595 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/11/14 14:01:58.0720 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/11/14 14:01:58.0798 nvamacpi (7fd5c060cb907489a5702f628226f54a) C:\Windows\system32\DRIVERS\NVAMACPI.sys
2010/11/14 14:01:58.0845 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\drivers\nvraid.sys
2010/11/14 14:01:58.0891 nvrd64 (694f5e9d9d624d47f432f5b2e66a0528) C:\Windows\system32\DRIVERS\nvrd64.sys
2010/11/14 14:01:58.0938 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
2010/11/14 14:01:58.0985 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\drivers\nvstor.sys
2010/11/14 14:01:59.0016 nvstor64 (05de5dc43afe6cab78f9c7ca044cbcbe) C:\Windows\system32\DRIVERS\nvstor64.sys
2010/11/14 14:01:59.0047 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2010/11/14 14:01:59.0079 O2MDRDR (a22332e058215eb4835ea3ae6d14bdc3) C:\Windows\system32\DRIVERS\o2mdx64.sys
2010/11/14 14:01:59.0110 O2SDRDR (df014c48015b637790be3eddd1384728) C:\Windows\system32\DRIVERS\o2sdx64.sys
2010/11/14 14:01:59.0172 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2010/11/14 14:01:59.0313 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
2010/11/14 14:01:59.0344 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/11/14 14:01:59.0406 pci (5aab2b170536885de70a6cba8d7ce52b) C:\Windows\system32\DRIVERS\pci.sys
2010/11/14 14:01:59.0422 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/11/14 14:01:59.0469 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
2010/11/14 14:01:59.0500 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/11/14 14:01:59.0547 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/11/14 14:01:59.0671 Pnp680 (608a144310828c21ddf745124b10f833) C:\Windows\system32\DRIVERS\pnp680.sys
2010/11/14 14:01:59.0765 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/14 14:01:59.0796 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
2010/11/14 14:01:59.0874 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/14 14:01:59.0952 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
2010/11/14 14:02:00.0061 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
2010/11/14 14:02:00.0108 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/14 14:02:00.0139 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/14 14:02:00.0186 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/11/14 14:02:00.0233 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/14 14:02:00.0280 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/14 14:02:00.0311 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/14 14:02:00.0358 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/14 14:02:00.0389 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/11/14 14:02:00.0420 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/14 14:02:00.0467 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2010/11/14 14:02:00.0514 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/14 14:02:00.0545 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/11/14 14:02:00.0592 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/11/14 14:02:00.0639 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/11/14 14:02:00.0717 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
2010/11/14 14:02:00.0748 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys
2010/11/14 14:02:00.0779 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
2010/11/14 14:02:00.0810 risdpcie (a6da2b0c8f5bb3f9f5423cff8d6a02d9) C:\Windows\system32\DRIVERS\risdpe64.sys
2010/11/14 14:02:00.0841 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
2010/11/14 14:02:00.0888 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys
2010/11/14 14:02:00.0966 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/14 14:02:01.0013 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\System32\Drivers\RtsUStor.sys
2010/11/14 14:02:01.0060 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
2010/11/14 14:02:01.0107 RTSTOR (af4df7eebbd9093721daef27cc8c1cbc) C:\Windows\system32\drivers\RTSTOR64.SYS
2010/11/14 14:02:01.0153 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\drivers\vms3cap.sys
2010/11/14 14:02:01.0200 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
2010/11/14 14:02:01.0278 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/11/14 14:02:01.0372 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
2010/11/14 14:02:01.0419 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/11/14 14:02:01.0481 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/14 14:02:01.0528 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/11/14 14:02:01.0559 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
2010/11/14 14:02:01.0606 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2010/11/14 14:02:01.0637 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/14 14:02:01.0668 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/14 14:02:01.0699 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
2010/11/14 14:02:01.0762 SI3112r (e2512862265d97db53df788bfa9053a0) C:\Windows\system32\DRIVERS\SI3112r.sys
2010/11/14 14:02:01.0793 SI3114 (ca263222eb177e2e48b86d5eaa3ff75a) C:\Windows\system32\DRIVERS\SI3114.sys
2010/11/14 14:02:01.0824 SI3114r (4891290048ec8f693fc6df66b9cbddde) C:\Windows\system32\DRIVERS\SI3114R.sys
2010/11/14 14:02:01.0871 SI3124 (7fd4f1bb790d21eaeb2101c97178a501) C:\Windows\system32\DRIVERS\SI3124.sys
2010/11/14 14:02:01.0887 Si3124r5 (993e75b5952a642d8407ed252efd8d82) C:\Windows\system32\DRIVERS\Si3124r5.sys
2010/11/14 14:02:01.0933 SI3132 (0f498dee92fd73dd999bae4d506367f5) C:\Windows\system32\DRIVERS\SI3132.sys
2010/11/14 14:02:01.0980 Si3531 (904828d8fb78c353f8ef4e74c75e4534) C:\Windows\system32\DRIVERS\Si3531.sys
2010/11/14 14:02:02.0011 SiFilter (127ce10e01f53f2edaca7fe42e5631ea) C:\Windows\system32\DRIVERS\SiWinAcc.sys
2010/11/14 14:02:02.0043 SiRemFil (b742c37002b8ebef6e230df9b4b28546) C:\Windows\system32\DRIVERS\SiRemFil.sys
2010/11/14 14:02:02.0074 SISAGP (dcd65268f0a44e2062ed3fc86c39ca7e) C:\Windows\system32\DRIVERS\SISAGPX.sys
2010/11/14 14:02:02.0121 SiSRaid2 (c18b076615486eeeebc14aa1bd2162f8) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/11/14 14:02:02.0167 SiSRaid4 (a836528fa53422956c0dcedb8f58b9ee) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/11/14 14:02:02.0214 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/11/14 14:02:02.0308 smserial (7ae8bca90539ecbde87ac45ba1436be3) C:\Windows\system32\DRIVERS\SmSerl64.sys
2010/11/14 14:02:02.0433 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/11/14 14:02:02.0542 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2010/11/14 14:02:02.0542 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2010/11/14 14:02:02.0557 sptd - detected Locked file (1)
2010/11/14 14:02:02.0620 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2010/11/14 14:02:02.0667 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/14 14:02:02.0729 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/14 14:02:02.0838 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
2010/11/14 14:02:02.0901 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\drivers\vmstorfl.sys
2010/11/14 14:02:02.0932 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\drivers\storvsc.sys
2010/11/14 14:02:02.0979 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/14 14:02:03.0135 Tcpip (542c6767c68c9d6aaaca59436b0d15c2) C:\Windows\system32\drivers\tcpip.sys
2010/11/14 14:02:03.0259 TCPIP6 (542c6767c68c9d6aaaca59436b0d15c2) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/14 14:02:03.0322 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/14 14:02:03.0384 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/11/14 14:02:03.0415 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/11/14 14:02:03.0462 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/14 14:02:03.0493 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/14 14:02:03.0571 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/14 14:02:03.0634 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/14 14:02:03.0681 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
2010/11/14 14:02:03.0727 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/14 14:02:03.0774 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/14 14:02:03.0805 umbus (66d3a0c00a2b5e173d3ee8707b9983eb) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/14 14:02:03.0852 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
2010/11/14 14:02:03.0915 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/14 14:02:03.0946 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2010/11/14 14:02:03.0993 usbehci (540fff4a65d1ca38c4be480c5a5d0a14) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/14 14:02:04.0055 usbhub (14d462dcf487fe70e804e47d39105f21) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/14 14:02:04.0086 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
2010/11/14 14:02:04.0117 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
2010/11/14 14:02:04.0149 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\drivers\USBSTOR.SYS
2010/11/14 14:02:04.0195 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/14 14:02:04.0242 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
2010/11/14 14:02:04.0289 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2010/11/14 14:02:04.0351 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/14 14:02:04.0398 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/11/14 14:02:04.0414 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
2010/11/14 14:02:04.0476 viaagp1 (8b1ea4185548812d8a4bbb7bf54bf2d5) C:\Windows\system32\DRIVERS\viaagp1.sys
2010/11/14 14:02:04.0507 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2010/11/14 14:02:04.0554 viamrx64 (d0f2587aca932d5c1bc0f949cb76ebb1) C:\Windows\system32\DRIVERS\viamrx64.sys
2010/11/14 14:02:04.0601 ViBusX64 (fbaef6f9da7eec642be397bdac37f265) C:\Windows\system32\DRIVERS\ViBusX64.sys
2010/11/14 14:02:04.0632 videX64 (5c0ae0fc169a23b0c98ee023c09d30a5) C:\Windows\system32\DRIVERS\videX64.sys
2010/11/14 14:02:04.0663 ViPrtX64 (9bc4396aad0f426662db535889d073a1) C:\Windows\system32\DRIVERS\ViPrtX64.sys
2010/11/14 14:02:04.0726 vm3dmp (8d960f38c444d21e49497c8471e3ed80) C:\Windows\system32\DRIVERS\vm3dmp.sys
2010/11/14 14:02:04.0804 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\drivers\vmbus.sys
2010/11/14 14:02:04.0835 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\drivers\VMBusHID.sys
2010/11/14 14:02:04.0897 vmci (f4da273db364b14877f28938dcd6c2c3) C:\Windows\system32\DRIVERS\vmci.sys
2010/11/14 14:02:04.0929 vmmouse (181c7ced01ff74cbe3590b033a60d02c) C:\Windows\system32\DRIVERS\vmmouse.sys
2010/11/14 14:02:04.0975 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
2010/11/14 14:02:05.0022 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/11/14 14:02:05.0069 volsnap (0933f269b1725062a4f7ce4346300888) C:\Windows\system32\drivers\volsnap.sys
2010/11/14 14:02:05.0131 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
2010/11/14 14:02:05.0178 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2010/11/14 14:02:05.0225 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
2010/11/14 14:02:05.0256 vpcvmm (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys
2010/11/14 14:02:05.0319 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
2010/11/14 14:02:05.0365 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2010/11/14 14:02:05.0428 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
2010/11/14 14:02:05.0490 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/14 14:02:05.0521 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/14 14:02:05.0599 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
2010/11/14 14:02:05.0646 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/14 14:02:05.0771 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/11/14 14:02:05.0818 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/11/14 14:02:05.0927 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/11/14 14:02:05.0989 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/14 14:02:06.0083 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/14 14:02:06.0161 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/11/14 14:02:06.0208 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/14 14:02:06.0270 xfiltx64 (5c2213ee5c1fad7636ff5def24cf21dc) C:\Windows\system32\DRIVERS\xfiltx64.sys
2010/11/14 14:02:06.0333 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/14 14:02:06.0333 ================================================================================
2010/11/14 14:02:06.0333 Scan finished
2010/11/14 14:02:06.0333 ================================================================================
2010/11/14 14:02:06.0348 Detected object count: 2
2010/11/14 14:02:09.0890 Locked file(sptd) - User select action: Skip
2010/11/14 14:02:09.0952 \HardDisk0 - will be cured after reboot
2010/11/14 14:02:09.0952 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/11/14 14:02:12.0916 Deinitialize success
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6500 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 171):
0x02A60000 \SystemRoot\system32\ntoskrnl.exe
0x02A17000 \SystemRoot\system32\hal.dll
0x00B9F000 \SystemRoot\system32\kdcom.dll
0x00CCF000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D13000 \SystemRoot\system32\PSHED.dll
0x00D27000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E1C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EC0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00ECF000 \SystemRoot\System32\Drivers\spwy.sys
0x00FF5000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00D85000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01062000 \SystemRoot\system32\drivers\ACPI.sys
0x010B9000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x010C3000 \SystemRoot\system32\drivers\vdrvroot.sys
0x010D0000 \SystemRoot\system32\DRIVERS\pci.sys
0x01103000 \SystemRoot\System32\drivers\partmgr.sys
0x01118000 \SystemRoot\system32\drivers\compbatt.sys
0x01121000 \SystemRoot\system32\drivers\BATTC.SYS
0x0112D000 \SystemRoot\system32\drivers\volmgr.sys
0x01142000 \SystemRoot\System32\drivers\volmgrx.sys
0x0119E000 \SystemRoot\system32\DRIVERS\intelide.sys
0x011A6000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x011B6000 \SystemRoot\System32\drivers\mountmgr.sys
0x011D0000 \SystemRoot\system32\drivers\nvraid.sys
0x01000000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01030000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01261000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0137E000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01387000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x013B1000 \SystemRoot\system32\drivers\amdxata.sys
0x013BC000 \SystemRoot\system32\drivers\vsmraid.sys
0x01421000 \SystemRoot\system32\drivers\storport.sys
0x01483000 \SystemRoot\system32\drivers\fltmgr.sys
0x014CF000 \SystemRoot\system32\drivers\fileinfo.sys
0x014E3000 \SystemRoot\system32\DRIVERS\SiWinAcc.sys
0x01627000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014F6000 \SystemRoot\System32\Drivers\msrpc.sys
0x017CA000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01554000 \SystemRoot\System32\Drivers\cng.sys
0x017E4000 \SystemRoot\System32\drivers\pcw.sys
0x017F5000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01865000 \SystemRoot\system32\drivers\ndis.sys
0x01957000 \SystemRoot\system32\drivers\NETIO.SYS
0x019B7000 \SystemRoot\System32\Drivers\aswNdis2.sys
0x01800000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A05000 \SystemRoot\System32\drivers\tcpip.sys
0x01200000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0182B000 \SystemRoot\system32\DRIVERS\aswNdis.sys
0x01832000 \SystemRoot\system32\drivers\vmstorfl.sys
0x00DB4000 \SystemRoot\system32\drivers\volsnap.sys
0x01842000 \SystemRoot\System32\Drivers\spldr.sys
0x01CB1000 \SystemRoot\System32\drivers\rdyboost.sys
0x01CEB000 \SystemRoot\system32\DRIVERS\SiRemFil.sys
0x01CF3000 \SystemRoot\System32\Drivers\mup.sys
0x01D0E000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01D17000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01D51000 \SystemRoot\system32\DRIVERS\disk.sys
0x03157000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03181000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x03000000 \SystemRoot\System32\Drivers\Null.SYS
0x03009000 \SystemRoot\System32\Drivers\Beep.SYS
0x03010000 \SystemRoot\System32\drivers\vga.sys
0x01D75000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01D9A000 \SystemRoot\System32\drivers\watchdog.sys
0x0301E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01DAA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01DB3000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01DBC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01DC7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01DD8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01C00000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01C0D000 \SystemRoot\System32\Drivers\aswFW.SYS
0x01C2F000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x03EDD000 \SystemRoot\system32\drivers\afd.sys
0x03F67000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x03F71000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03FB6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03FBF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03FE5000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x03E00000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03E0F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03E2A000 \SystemRoot\system32\drivers\vpcvmm.sys
0x03E81000 \SystemRoot\system32\DRIVERS\termdd.sys
0x01C3F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03E95000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03EA1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03EAC000 \SystemRoot\System32\drivers\discache.sys
0x0448A000 \SystemRoot\system32\drivers\csc.sys
0x0450D000 \SystemRoot\System32\Drivers\dfsc.sys
0x0452B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0453C000 \SystemRoot\System32\Drivers\aswSP.SYS
0x0455F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04585000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0458A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04593000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04C05000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x040D7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04000000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04046000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04053000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x040A9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x041CB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x05A1C000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
0x060A8000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x060E7000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x06125000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x06145000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x0615B000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x0617C000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x061DD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05A00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x041EF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x040BA000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x051EA000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x045A9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05A0F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x045CD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04400000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0441B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0443C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x040CA000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x06172000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0483C000 \SystemRoot\system32\DRIVERS\ks.sys
0x0487F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04891000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x048AE000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x048BD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x048BF000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x048FB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04955000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0540A000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0496A000 \SystemRoot\system32\drivers\portcls.sys
0x049A7000 \SystemRoot\system32\drivers\drmk.sys
0x055FA000 \SystemRoot\system32\drivers\ksthunk.sys
0x052AF000 \SystemRoot\system32\DRIVERS\SmSerl64.sys
0x053E9000 \SystemRoot\system32\drivers\modem.sys
0x05200000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0521D000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0524B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03027000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05259000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00040000 \SystemRoot\System32\win32k.sys
0x0526C000 \SystemRoot\System32\drivers\Dxapi.sys
0x05278000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00400000 \SystemRoot\System32\TSDDD.dll
0x007B0000 \SystemRoot\System32\cdd.dll
0x05286000 \SystemRoot\system32\drivers\luafv.sys
0x04800000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x05400000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x049C9000 \SystemRoot\system32\drivers\WudfPf.sys
0x049EA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0284D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x028A0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x028B3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x028CB000 \SystemRoot\system32\drivers\HTTP.sys
0x02993000 \SystemRoot\system32\DRIVERS\bowser.sys
0x029B1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x029C9000 \SystemRoot\system32\drivers\mrxdav.sys
0x02800000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06C8C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06CDA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06CFD000 \SystemRoot\system32\drivers\peauth.sys
0x06DA3000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06DAE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06DDB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06C00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x070B0000 \SystemRoot\System32\DRIVERS\srv.sys
0x77380000 \Windows\System32\ntdll.dll
0x47E60000 \Windows\System32\smss.exe
0xFF6A0000 \Windows\System32\apisetschema.dll

Processes (total 49):
0 System Idle Process
4 System
400 C:\Windows\System32\smss.exe
508 csrss.exe
560 C:\Windows\System32\wininit.exe
580 csrss.exe
620 C:\Windows\System32\services.exe
636 C:\Windows\System32\lsass.exe
644 C:\Windows\System32\lsm.exe
768 C:\Windows\System32\winlogon.exe
800 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
108 C:\Windows\System32\svchost.exe
448 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\audiodg.exe
1068 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\svchost.exe
1264 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1304 C:\Program Files\Alwil Software\Avast5\afwServ.exe
1444 C:\Windows\System32\dwm.exe
1468 C:\Windows\explorer.exe
1716 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1724 C:\Windows\System32\igfxtray.exe
1732 C:\Windows\System32\hkcmd.exe
1744 C:\Windows\System32\igfxpers.exe
1800 C:\Program Files (x86)\ooVoo\ooVoo.exe
1808 C:\Windows\System32\igfxsrvc.exe
1840 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
1896 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
584 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1660 C:\Windows\System32\spoolsv.exe
2060 C:\Windows\System32\svchost.exe
2096 C:\Windows\System32\taskhost.exe
2264 C:\Windows\System32\svchost.exe
2348 C:\Windows\System32\svchost.exe
2600 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2864 C:\Windows\System32\SearchIndexer.exe
2756 C:\Windows\System32\svchost.exe
3232 C:\Windows\System32\svchost.exe
3624 C:\Program Files\Windows Media Player\wmpnetwk.exe
1880 C:\Windows\System32\svchost.exe
3272 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4504 WmiPrvSE.exe
4824 C:\Windows\System32\notepad.exe
1780 C:\Windows\System32\SearchProtocolHost.exe
2472 C:\Windows\System32\SearchFilterHost.exe
3792 C:\Users\gemma\Downloads\MBRCheck.exe
1108 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`26911000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-60UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
 
It worked! Thank you so much! Should this also solve my problems with google links redirecting me?

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5115

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/14/2010 3:15:17 PM
mbam-log-2010-11-14 (15-15-17).txt

Scan type: Quick scan
Objects scanned: 143671
Time elapsed: 8 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
We're far from being done, but keep me updated on redirection issue.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Both links don't let me download. One says I have downloaded a corrupt file and the other says it is not compatable with the version of windows I have
 
I also just downloaded rkill.com and the combofix still will not open. I am confused about what other steps I have to take
 
I apologize. My fault.
Combofix won't run on Win 7 64-bit.
Sorry for that.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
No problem! This worked. 1. otl.txt

OTL logfile created on: 11/14/2010 4:22:58 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\gemma\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224.60 Gb Total Space | 192.62 Gb Free Space | 85.76% Space Free | Partition Type: NTFS
Drive D: | 8.28 Gb Total Space | 1.82 Gb Free Space | 22.02% Space Free | Partition Type: NTFS

Computer Name: GEMMA-PC | User Name: gemma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/14 16:22:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\gemma\Downloads\OTL.exe
PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/10 10:31:38 | 018,702,520 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe


========== Modules (SafeList) ==========

MOD - [2010/11/14 16:22:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\gemma\Downloads\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/07 10:11:44 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmaudio.sys -- (VMAUDIO) VMware VMaudio (VMAUDIO) (WDM)
DRV:64bit: - [2010/09/07 09:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/05/28 13:20:48 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/03/19 15:10:13 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2009/11/25 01:25:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/11/25 01:17:50 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/11/25 01:17:50 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/11/25 01:17:50 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/11/25 01:17:50 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/10/21 15:50:24 | 000,013,872 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmmouse.sys -- (vmmouse)
DRV:64bit: - [2009/10/21 15:47:08 | 000,086,576 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vm3dmp.sys -- (vm3dmp)
DRV:64bit: - [2009/10/07 13:26:24 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/09/24 01:47:06 | 000,175,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iSSetup.sys -- (iSSetup)
DRV:64bit: - [2009/09/23 18:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/22 10:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/14 17:00:00 | 006,816,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2009/08/21 07:48:18 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/08/20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/26 17:00:00 | 000,056,664 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2009/07/26 17:00:00 | 000,056,096 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2009/07/16 18:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/04 12:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 01:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 11:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/06/25 10:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 09:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 09:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/12 19:19:36 | 000,041,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2) Intel(R)
DRV:64bit: - [2009/06/12 19:19:32 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2009/06/10 16:01:14 | 001,227,776 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SmSerl64.sys -- (smserial)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/12 07:40:42 | 000,072,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR)
DRV:64bit: - [2009/05/04 23:31:00 | 000,025,752 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\xfiltx64.sys -- (xfiltx64)
DRV:64bit: - [2009/05/04 23:29:34 | 000,015,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\videX64.sys -- (videX64)
DRV:64bit: - [2009/04/16 05:45:46 | 000,461,320 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR1.sys -- (MegaSR1)
DRV:64bit: - [2009/02/11 10:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/10/09 08:45:26 | 000,018,784 | ---- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2008/07/09 09:51:54 | 000,136,192 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viamrx64.sys -- (viamrx64)
DRV:64bit: - [2008/05/15 16:23:21 | 000,028,208 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2008/04/15 09:09:20 | 000,067,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViPrtX64.sys -- (ViPrtX64)
DRV:64bit: - [2008/04/15 09:05:48 | 000,025,240 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViBusX64.sys -- (ViBusX64)
DRV:64bit: - [2008/01/17 23:14:06 | 000,041,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma) Intel(R)
DRV:64bit: - [2007/11/13 09:47:18 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PnP680.sys -- (Pnp680)
DRV:64bit: - [2007/10/03 09:51:00 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2007/10/03 09:50:52 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2007/10/03 09:50:26 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:64bit: - [2007/06/01 04:29:06 | 000,330,544 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3531.sys -- (Si3531)
DRV:64bit: - [2007/05/11 12:01:10 | 000,070,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2007/04/11 16:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE) Driver for Intel(R)
DRV:64bit: - [2007/04/11 16:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE) Driver for Intel(R)
DRV:64bit: - [2007/04/11 09:02:42 | 000,163,632 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114r.sys -- (SI3114r)
DRV:64bit: - [2007/02/01 10:53:08 | 000,164,656 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3112r.sys -- (SI3112r)
DRV:64bit: - [2007/01/24 11:07:08 | 000,064,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SISAGPX.SYS -- (SISAGP)
DRV:64bit: - [2006/11/10 05:48:48 | 000,099,120 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114.sys -- (SI3114)
DRV:64bit: - [2006/11/02 10:25:04 | 000,113,456 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3124.sys -- (SI3124)
DRV:64bit: - [2006/11/01 01:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2006/09/20 05:38:28 | 000,334,640 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5)
DRV:64bit: - [2006/09/18 08:26:04 | 000,093,472 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hptmv.sys -- (hptmv)
DRV:64bit: - [2005/09/22 18:20:00 | 000,059,392 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIAAGP1.SYS -- (viaagp1)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com?pr=oovoo2_2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/29 23:07:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/29 23:07:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2010/05/28 13:27:58 | 000,000,000 | ---D | M] -- C:\Users\gemma\AppData\Roaming\Mozilla\Extensions
[2010/10/30 18:40:53 | 000,000,000 | ---D | M] -- C:\Users\gemma\AppData\Roaming\Mozilla\Firefox\Profiles\zbdje4ge.default\extensions
[2010/11/13 22:07:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/02 17:17:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

O1 HOSTS File: ([2010/11/14 11:14:08 | 000,425,491 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14657 more lines...
O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 16:14:09 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/14 15:01:48 | 000,000,000 | ---D | C] -- C:\Users\gemma\AppData\Roaming\Malwarebytes
[2010/11/14 15:01:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/14 15:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/14 15:01:38 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/14 15:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/14 14:00:43 | 001,330,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\gemma\Desktop\TDSSKiller.exe
[2010/11/14 11:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/11/14 11:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/14 03:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/13 11:20:10 | 000,000,000 | ---D | C] -- C:\Users\gemma\AppData\Local\Help
[2010/10/28 14:10:15 | 000,472,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2010/10/28 14:10:15 | 000,125,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2010/10/28 14:10:08 | 000,250,448 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2010/10/28 14:10:06 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/10/26 16:50:56 | 000,000,000 | ---D | C] -- C:\Users\gemma\AppData\Roaming\LockHunter

========== Files - Modified Within 30 Days ==========

[2010/11/14 16:22:38 | 000,001,095 | ---- | M] () -- C:\Users\gemma\Desktop\OTL.exe - Shortcut.lnk
[2010/11/14 15:53:21 | 000,016,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 15:53:21 | 000,016,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 15:50:50 | 000,732,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/14 15:50:50 | 000,628,624 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/14 15:50:50 | 000,109,154 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/14 15:45:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/14 15:01:44 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/14 11:14:08 | 000,425,491 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/11/11 16:58:38 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2010/11/11 16:06:06 | 000,010,848 | ---- | M] () -- C:\Users\gemma\Documents\college essay.docx
[2010/11/08 10:55:10 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\gemma\Desktop\TDSSKiller.exe
[2010/11/07 23:24:07 | 000,048,128 | ---- | M] () -- C:\Users\gemma\Documents\Works-Cited-and-Description-Form-2010-2.doc
[2010/11/07 21:45:33 | 000,041,984 | ---- | M] () -- C:\Users\gemma\Documents\EXHIBITION-PROPOSAL-2010_ashleygemma.doc
[2010/11/07 21:32:53 | 000,048,640 | ---- | M] () -- C:\Users\gemma\Documents\Works-Cited-and-Description-Form-2010-1.doc
[2010/10/29 23:07:03 | 000,001,963 | ---- | M] () -- C:\Users\gemma\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/29 23:07:03 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/28 20:38:08 | 000,501,930 | ---- | M] () -- C:\Users\gemma\Documents\crest syndrome.docx
[2010/10/28 14:10:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/10/25 09:52:55 | 000,031,744 | ---- | M] () -- C:\Users\gemma\Documents\Oral-Presentation-1-Graphic-Organizerashley_gemma.doc
[2010/10/22 18:03:39 | 000,412,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/19 23:47:13 | 000,015,524 | ---- | M] () -- C:\Users\gemma\Documents\Ashley Gemma.docx

========== Files Created - No Company Name ==========

[2010/11/14 16:22:38 | 000,001,095 | ---- | C] () -- C:\Users\gemma\Desktop\OTL.exe - Shortcut.lnk
[2010/11/14 15:01:44 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/11 12:12:57 | 000,010,848 | ---- | C] () -- C:\Users\gemma\Documents\college essay.docx
[2010/11/07 23:13:19 | 000,048,128 | ---- | C] () -- C:\Users\gemma\Documents\Works-Cited-and-Description-Form-2010-2.doc
[2010/11/07 21:45:33 | 000,041,984 | ---- | C] () -- C:\Users\gemma\Documents\EXHIBITION-PROPOSAL-2010_ashleygemma.doc
[2010/11/07 20:55:15 | 000,048,640 | ---- | C] () -- C:\Users\gemma\Documents\Works-Cited-and-Description-Form-2010-1.doc
[2010/10/29 23:07:03 | 000,001,963 | ---- | C] () -- C:\Users\gemma\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/28 18:20:20 | 000,501,930 | ---- | C] () -- C:\Users\gemma\Documents\crest syndrome.docx
[2010/10/28 14:08:59 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2010/10/25 09:52:55 | 000,031,744 | ---- | C] () -- C:\Users\gemma\Documents\Oral-Presentation-1-Graphic-Organizerashley_gemma.doc
[2010/10/18 18:12:13 | 000,015,524 | ---- | C] () -- C:\Users\gemma\Documents\Ashley Gemma.docx
[2009/12/11 07:25:19 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/12/11 07:25:18 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/12/11 07:25:18 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/12/11 07:25:18 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/12/11 07:25:16 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/11/29 15:30:01 | 000,746,922 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/29 13:38:10 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/11/06 00:28:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/05/28 13:26:36 | 000,000,000 | ---D | M] -- C:\Users\gemma\AppData\Roaming\ESET
[2010/10/26 16:50:56 | 000,000,000 | ---D | M] -- C:\Users\gemma\AppData\Roaming\LockHunter
[2010/05/28 13:21:26 | 000,000,000 | ---D | M] -- C:\Users\gemma\AppData\Roaming\Notepad++
[2010/06/12 21:51:11 | 000,000,000 | ---D | M] -- C:\Users\gemma\AppData\Roaming\ooVoo Details
[2010/06/12 21:50:14 | 000,000,000 | ---D | M] -- C:\Users\gemma\AppData\Roaming\oovooinstaller
[2010/05/28 13:54:23 | 000,000,000 | ---D | M] -- C:\Users\gemma\AppData\Roaming\uTorrent
[2010/11/10 18:33:08 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2009/11/25 01:15:57 | 000,383,582 | RHS- | M] () -- C:\bootmgr
[2010/05/28 16:39:37 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/05/28 13:20:08 | 000,171,136 | RHS- | M] () -- C:\grldr
[2005/09/22 14:09:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/11/14 15:45:11 | 2137,448,448 | -HS- | M] () -- C:\pagefile.sys
[2010/11/14 16:01:11 | 000,000,377 | ---- | M] () -- C:\rkill.log
[2010/11/14 14:02:12 | 000,074,954 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_14.11.2010_14.01.44_log.txt
[2010/11/14 14:17:59 | 000,002,172 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_14.11.2010_14.17.49_log.txt
[2010/05/28 13:20:08 | 000,000,012 | RHS- | M] () -- C:\win7.ld

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 10:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/07/11 15:35:15 | 000,000,221 | -HS- | M] () -- C:\Users\gemma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/11/08 10:55:10 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\gemma\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/31 09:50:26 | 000,000,402 | -HS- | M] () -- C:\Users\gemma\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
OTL Extras logfile created on: 11/14/2010 4:22:58 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\gemma\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224.60 Gb Total Space | 192.62 Gb Free Space | 85.76% Space Free | Partition Type: NTFS
Drive D: | 8.28 Gb Total Space | 1.82 Gb Free Space | 22.02% Space Free | Partition Type: NTFS

Computer Name: GEMMA-PC | User Name: gemma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D86B6C32-49BD-4A02-9C43-14E497018498}" = Windows 7 Manager
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"CCleaner" = CCleaner
"CPU-Z" = CPU-Z
"Gpuz" = GPU-Z
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HDTune" = HDTune
"HWMonitor" = HWMonitor
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v3.0.0
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"NVIDIA Drivers" = NVIDIA Drivers
"PC Wizard" = PC Wizard
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}" = Opera 10.10
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95e9acd7-622b-48f6-9ef8-3fa6777df9ce}" = Nero 9 Trial
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Service Pack 1 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Internet Security
"ENTERPRISE" = Microsoft Office Enterprise 2007
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Notepad++" = Notepad++
"UltraISO_is1" = UltraISO Premium V9.35
"Universal Extractor_is1" = Universal Extractor 1.6

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/10/2010 2:43:29 PM | Computer Name = gemma-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/10/2010 2:46:34 PM | Computer Name = gemma-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/10/2010 2:46:36 PM | Computer Name = gemma-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/10/2010 2:46:37 PM | Computer Name = gemma-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/10/2010 2:47:28 PM | Computer Name = gemma-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/14/2010 3:10:56 PM | Computer Name = gemma-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/14/2010 3:10:56 PM | Computer Name = gemma-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/14/2010 3:21:56 PM | Computer Name = gemma-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0000000000bcb00a Faulting process id: 0x1e4 Faulting
application start time: 0x01cb6bd1a917ea2d Faulting application path: C:\Windows\system32\svchost.exe
Faulting
module path: unknown Report Id: 4e618f87-d7c8-11df-bdd5-001b249f5f61

Error - 10/15/2010 10:25:50 AM | Computer Name = gemma-PC | Source = Windows Activation Technologies | ID = 3
Description = Health check failure: hr = 0x8004FE22, HealthStatus: 0x0000000000002000

Error - 10/21/2010 1:33:07 PM | Computer Name = gemma-PC | Source = Windows Activation Technologies | ID = 3
Description = Health check failure: hr = 0x8004FE22, HealthStatus: 0x0000000000002000

[ System Events ]
Error - 11/8/2010 5:52:12 PM | Computer Name = gemma-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 11/8/2010 5:52:13 PM | Computer Name = gemma-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 11/8/2010 5:52:14 PM | Computer Name = gemma-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 11/8/2010 5:52:15 PM | Computer Name = gemma-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 11/8/2010 5:52:16 PM | Computer Name = gemma-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11/8/2010 5:52:16 PM | Computer Name = gemma-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 11/8/2010 7:06:57 PM | Computer Name = gemma-PC | Source = DCOM | ID = 10005
Description =

Error - 11/8/2010 7:06:57 PM | Computer Name = gemma-PC | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%50 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 11/8/2010 7:06:57 PM | Computer Name = gemma-PC | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069

Error - 11/8/2010 7:08:47 PM | Computer Name = gemma-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
johci xfiltx64


< End of report >
 
Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

===================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: gemma
->Temp folder emptied: 3419808 bytes
->Temporary Internet Files folder emptied: 308666 bytes
->Java cache emptied: 82506 bytes
->FireFox cache emptied: 93695892 bytes
->Flash cache emptied: 5752 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 882 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68488 bytes
RecycleBin emptied: 28399719 bytes

Total Files Cleaned = 120.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: gemma
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11142010_165516

Files\Folders moved on Reboot...
C:\Users\gemma\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Status
Not open for further replies.

Similar threads

D
Malwarebytes faces lawsuit for classifying rival's anti-spyware program as a threat
Replies
8
Views
521
Hotlynx16
H
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
midian182
OneDrive users must justify why they are closing the app before exiting (Updated)
Replies
17
Views
534
Nobina
Nobina

Latest posts

Back