Solved Firefox redirecting, BSOD on Win7

Status
Not open for further replies.

sache16

Posts: 10   +0
Firefox has been redirecting links since yesterday and i know it is a virus or malware of some sort because avast detected it but before i could get it off, the blue screen popped up and dumped files then restarted.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5202

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/28/2010 3:24:06 PM
mbam-log-2010-11-28 (15-24-06).txt

Scan type: Quick scan
Objects scanned: 146146
Time elapsed: 5 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x01 0x3E 0x15 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6C 0x9F 0xB9 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB5 0x88 0xED 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x7F 0xD3 0xCC 0xFB ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x01 0x3E 0x15 0x9A ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6C 0x9F 0xB9 0x43 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB5 0x88 0xED 0x24 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x7F 0xD3 0xCC 0xFB ...

---- EOF - GMER 1.0.15 ----


DDS (Ver_10-11-27.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/22/2009 4:08:28 PM
System Uptime: 11/28/2010 3:24:58 PM (1 hours ago)

Motherboard: PEGATRON CORPORATION | | VIOLET
Processor: AMD Phenom(tm) 9650 Quad-Core Processor | CPU 1 | 1196/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 582 GiB total, 165.052 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.59 GiB free.
E: is FIXED (NTFS) - 228 GiB total, 26.945 GiB free.
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (FAT32) - 5 GiB total, 2.117 GiB free.
K: is Removable
L: is CDROM ()
M: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP190: 11/27/2010 10:45:47 PM - Installed TSR Launcher
RP191: 11/28/2010 3:00:11 AM - Windows Update

==== Installed Programs ======================

µTorrent
ABC Amber LIT Converter
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
avast! Free Antivirus
AviSynth 2.5
Before You Know It 3.6 Deluxe
Byki
Byki Express
Combined Community Codec Pack 2009-09-09
CyberLink DVD Suite Deluxe
Default Manager
DirectX for Managed Code Update (Summer 2004)
DVDFab 8.0.5.0 (18/11/2010)
EA Download Manager
Enhanced Multimedia Keyboard Solution
eReader
ffdshow [rev 2583] [2009-01-05]
Gravity
Haali Media Splitter
HijackThis 2.0.2
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Remote Solution
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
Human Japanese 2.0
Java Auto Updater
Java(TM) 6 Update 22
LabelPrint
LightScribe System Software
LimeWire 5.3.6
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft WSE 3.0 Runtime
Mobipocket Reader 6.2
Mozilla Firefox (3.5.6)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PictureMover
Power2Go
PowerDirector
Python 2.6 pywin32-212
Python 2.6.1
QuickTime
ReadWrite Kanji Version 1.5
RealMedia (remove only)
Realtek High Definition Audio Driver
Rosetta Stone V3
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Sothink Movie DVD Maker
TeLL me More CJ
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Late Night
The Sims™ 3 World Adventures
TSR Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office InfoPath 2007 (KB976416)
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver

==== End Of File ===========================



DDS (Ver_10-11-27.01) - NTFS_AMD64
Run by Sache' at 16:27:24.06 on Sun 11/28/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7935.6214 [GMT -6:00]

SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Sache'\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
uStart Page = hxxp://www.ask.com?o=15772&l=dis
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: juno.com
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
mRun-x64: [NVRaidService] C:\Windows\system32\nvraidservice.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
mRunOnce-x64: [PCDrProfiler] "C:\Program Files\PC-Doctor for Windows\RunProfiler.exe" -r

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: C:\Program Files (x86)\Mozilla Firefox\components\FFComm.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: LOOP for Firefox: fireloop@drawloop.com - C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\extensions\fireloop@drawloop.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-4-7 121936]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-4-7 22096]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-4-7 63568]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-5-8 40384]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\System32\drivers\wg111v2.sys [2007-12-26 340992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-5-8 40384]
S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-5-8 40384]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-31 1255736]

=============== Created Last 30 ================

2010-11-28 21:16:22 -------- dc----w- C:\Users\Sache'\Shaggy - The Boombastic Collection - Best Of + c0vers
2010-11-28 21:07:22 -------- dc----w- C:\Users\Sache'\AppData\Roaming\WhiteSmokeTranslator
2010-11-28 11:33:37 -------- dc----w- C:\Program Files (x86)\whitesmoketoolbar
2010-11-28 04:46:12 -------- dc----w- C:\Program Files (x86)\The Sims Resource
2010-11-27 22:19:54 -------- dc----w- C:\Program Files (x86)\Trend Micro
2010-11-27 22:11:19 -------- dc----w- C:\Users\Sache'\AppData\Roaming\Malwarebytes
2010-11-27 22:11:13 38224 -c--a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-27 22:11:12 24664 -c--a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-27 22:11:12 -------- dc----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-27 22:11:12 -------- dc----w- C:\PROGRA~3\Malwarebytes
2010-11-27 21:53:36 -------- dc----w- C:\Users\Sache'\AppData\Roaming\Registry Mechanic
2010-11-27 21:33:26 16384 -c--a-w- C:\Windows\cftm.exe
2010-11-27 21:33:08 939543 -c--a-w- C:\Windows\plugincontainers.exe
2010-11-25 05:51:49 -------- dc----w- C:\PROGRA~3\Trymedia
2010-11-25 05:51:07 -------- dc----w- C:\Windows\Mystic Emporium
2010-11-25 04:19:15 -------- dc----w- C:\Program Files (x86)\Common Files\SWF Studio
2010-11-25 04:19:14 -------- dcsh--w- C:\Users\Sache'\AppData\Local\.#
2010-11-25 02:11:08 -------- dc----w- C:\Program Files (x86)\Gravity
2010-11-25 01:36:04 43680 -c--a-w- C:\Windows\System32\drivers\lirsgt.sys
2010-11-25 01:36:04 314016 -c--a-w- C:\Windows\System32\drivers\atksgt.sys
2010-11-24 21:02:31 99384 -c--a-w- C:\Users\Sache'\AppData\Roaming\inst.exe
2010-11-24 21:02:31 82816 -c--a-w- C:\Windows\System32\drivers\pcouffin.sys
2010-11-24 21:02:31 82816 -c--a-w- C:\Users\Sache'\AppData\Roaming\pcouffin.sys
2010-11-24 21:02:21 -------- dc----w- C:\Program Files (x86)\DVDFab 8
2010-11-21 20:22:41 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-11-21 20:22:05 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-11-21 20:22:04 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-11-21 20:22:04 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-11-21 20:22:03 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-11-21 20:22:03 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-11-21 20:22:03 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-11-21 20:22:03 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-11-21 20:21:58 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2010-11-21 20:21:58 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2010-11-21 20:21:57 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-11-21 09:05:19 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-11-21 09:05:19 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-11-21 09:05:19 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-11-21 09:05:19 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-11-21 09:05:19 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-11-21 09:05:19 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-11-21 09:05:19 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-11-21 09:05:19 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-11-21 09:05:19 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-11-21 09:05:19 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-11-21 07:19:29 -------- dc----w- C:\Users\Sache'\[Kira-Fansub] My-HiME Complete (BD H264 1280x960 24fps AAC 2.0J)
2010-11-21 05:44:52 -------- dc----w- C:\Users\Sache'\Heroic age [Complete Eps 1- 26][Eng Subs]
2010-11-20 22:46:35 -------- dc----w- C:\games
2010-11-20 13:00:35 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-11-20 13:00:35 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2010-11-20 13:00:34 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-11-20 13:00:34 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-11-20 12:24:51 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-11-20 12:24:50 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-11-20 12:24:50 2085376 ----a-w- C:\Windows\System32\ole32.dll
2010-11-20 12:24:50 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-11-20 12:24:26 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2010-11-20 12:24:24 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-11-20 12:24:24 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-11-20 12:22:54 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-11-20 12:22:54 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-11-20 12:21:42 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-11-20 12:21:42 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-11-20 12:21:00 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-11-20 12:21:00 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-11-20 12:20:58 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-11-20 12:20:58 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-11-20 12:15:14 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-11-20 12:15:14 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-11-20 12:15:14 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-11-20 12:15:14 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-11-20 12:15:14 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-11-20 12:15:13 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-11-20 12:15:12 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2010-11-20 12:15:12 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2010-11-20 11:13:54 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-11-20 11:08:13 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-11-20 11:08:13 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-11-20 10:54:47 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-11-20 09:28:44 -------- dc----w- C:\Windows\SysWow64\Adobe
2010-11-19 02:19:28 -------- dc----w- C:\Program Files (x86)\Belkin
2010-11-06 17:37:34 103864 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 17:37:34 103864 -c--a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

==================== Find3M ====================

2010-11-21 20:23:06 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-11-21 20:23:06 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-11-21 09:01:17 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-21 09:01:17 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-21 09:01:17 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-21 09:01:17 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-21 09:01:17 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-21 09:01:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-21 09:01:17 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-21 09:01:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-15 10:50:37 472808 -c--a-w- C:\Windows\SysWow64\deployJava1.dll

============= FINISH: 16:28:15.02 ===============
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/


  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
  • Close SUPERAntiSpyware.
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

  • Open SUPERAntiSpyware.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Post SUPERAntiSpyware log.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: NP218AA-ABA p6142p
Logical Drives Mask: 0x00001ffc

Kernel Drivers (total 194):
0x03217000 \SystemRoot\system32\ntoskrnl.exe
0x037F3000 \SystemRoot\system32\hal.dll
0x00BA4000 \SystemRoot\system32\kdcom.dll
0x00C44000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C51000 \SystemRoot\system32\PSHED.dll
0x00C65000 \SystemRoot\system32\CLFS.SYS
0x00CC3000 \SystemRoot\system32\CI.dll
0x00EA8000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F4C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01078000 \SystemRoot\System32\Drivers\spse.sys
0x0119E000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x011A7000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01057000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01061000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F5B000 \SystemRoot\system32\DRIVERS\pci.sys
0x011D6000 \SystemRoot\System32\drivers\partmgr.sys
0x011EB000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F8E000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E00000 \SystemRoot\system32\DRIVERS\nvrd64.sys
0x00E78000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x00D83000 \SystemRoot\System32\drivers\mountmgr.sys
0x00D9D000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x00C00000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x012A9000 \SystemRoot\system32\DRIVERS\storport.sys
0x0130B000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01316000 \SystemRoot\system32\drivers\fltmgr.sys
0x01362000 \SystemRoot\system32\drivers\fileinfo.sys
0x01413000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01376000 \SystemRoot\System32\Drivers\msrpc.sys
0x015B6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01200000 \SystemRoot\System32\Drivers\cng.sys
0x015D0000 \SystemRoot\System32\drivers\pcw.sys
0x015E1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0168A000 \SystemRoot\system32\drivers\ndis.sys
0x0177C000 \SystemRoot\system32\drivers\NETIO.SYS
0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x0162B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AD0000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01B1C000 \SystemRoot\System32\Drivers\spldr.sys
0x01B24000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B5E000 \SystemRoot\System32\Drivers\mup.sys
0x01B70000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B79000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01BB3000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A51000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01A7B000 \SystemRoot\System32\Drivers\Null.SYS
0x01A84000 \SystemRoot\System32\Drivers\Beep.SYS
0x01A8B000 \SystemRoot\System32\drivers\vga.sys
0x01A99000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01ABE000 \SystemRoot\System32\drivers\watchdog.sys
0x01BE1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01BEA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01BF3000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01675000 \SystemRoot\System32\Drivers\Msfs.SYS
0x017DC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01273000 \SystemRoot\system32\DRIVERS\tdx.sys
0x017ED000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x015EB000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x02EEE000 \SystemRoot\system32\drivers\afd.sys
0x02F78000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x02F82000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02FC7000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02FD0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02E00000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02E0F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02E2A000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02E3E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02E8F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02E9B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02EA6000 \SystemRoot\System32\drivers\discache.sys
0x02EB5000 \SystemRoot\System32\Drivers\dfsc.sys
0x02ED3000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x013D4000 \SystemRoot\System32\Drivers\aswSP.SYS
0x01291000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x01400000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x00FEA000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x040E4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0413A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0414B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0416F000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x041AD000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x041BA000 \SystemRoot\System32\Drivers\fastfat.SYS
0x04000000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x04A7B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0557B000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04444000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04538000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0457E000 \SystemRoot\System32\Drivers\a5taueq1.SYS
0x045C3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x045CC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x045DC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04400000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04424000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0557D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x055AC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x055C7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04A00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04430000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04A1A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0443F000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04A29000 \SystemRoot\system32\DRIVERS\ks.sys
0x055E8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04052000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x040AC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05C0C000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05E9F000 \SystemRoot\system32\drivers\portcls.sys
0x05EDC000 \SystemRoot\system32\drivers\drmk.sys
0x05EFE000 \SystemRoot\system32\drivers\ksthunk.sys
0x05F04000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x05F21000 \SystemRoot\System32\drivers\Dxapi.sys
0x05F2D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05F3B000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x05F45000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x05F83000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05F96000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05FA4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05FBD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05FC6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05FC8000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05FD5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05FF2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05E5D000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05E78000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00430000 \SystemRoot\System32\TSDDD.dll
0x008A0000 \SystemRoot\System32\ATMFD.DLL
0x007A0000 \SystemRoot\System32\cdd.dll
0x040C1000 \SystemRoot\system32\drivers\luafv.sys
0x01A00000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x05E86000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x01A1B000 \SystemRoot\system32\drivers\WudfPf.sys
0x01A3C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0621D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06270000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x06283000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0629B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x062B9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x062D1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x062FE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0634C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0636F000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x07407000 \SystemRoot\system32\drivers\HTTP.sys
0x074CF000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x074DC000 \SystemRoot\system32\drivers\peauth.sys
0x07582000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0758D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x075BA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x078A2000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07909000 \SystemRoot\System32\DRIVERS\srv.sys
0x079AA000 \SystemRoot\system32\DRIVERS\udfs.sys
0x07871000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x07800000 \SystemRoot\system32\DRIVERS\wg111v2.sys
0x76D10000 \Windows\System32\ntdll.dll
0x47960000 \Windows\System32\smss.exe
0xFF030000 \Windows\System32\apisetschema.dll
0xFF740000 \Windows\System32\autochk.exe
0xFEF80000 \Windows\System32\comdlg32.dll
0xFEF60000 \Windows\System32\sechost.dll
0xFEF30000 \Windows\System32\imm32.dll
0xFEDB0000 \Windows\System32\urlmon.dll
0xFEDA0000 \Windows\System32\lpk.dll
0xFED00000 \Windows\System32\clbcatq.dll
0xFEC20000 \Windows\System32\advapi32.dll
0xFEBD0000 \Windows\System32\ws2_32.dll
0xFEBB0000 \Windows\System32\imagehlp.dll
0xFEB60000 \Windows\System32\Wldap32.dll
0xFEA30000 \Windows\System32\wininet.dll
0xFE9B0000 \Windows\System32\difxapi.dll
0xFE930000 \Windows\System32\shlwapi.dll
0x76EE0000 \Windows\System32\normaliz.dll
0xFE920000 \Windows\System32\nsi.dll
0xFE6C0000 \Windows\System32\iertutil.dll
0xFE590000 \Windows\System32\rpcrt4.dll
0xFE380000 \Windows\System32\ole32.dll
0xFD5F0000 \Windows\System32\shell32.dll
0x76ED0000 \Windows\System32\psapi.dll
0xFD510000 \Windows\System32\oleaut32.dll
0xFD470000 \Windows\System32\msvcrt.dll
0xFD3A0000 \Windows\System32\usp10.dll
0x76C10000 \Windows\System32\user32.dll
0xFD1C0000 \Windows\System32\setupapi.dll
0x76AF0000 \Windows\System32\kernel32.dll
0xFD0B0000 \Windows\System32\msctf.dll
0xFD040000 \Windows\System32\gdi32.dll
0xFCFD0000 \Windows\System32\KernelBase.dll
0xFCF30000 \Windows\System32\comctl32.dll
0xFCEF0000 \Windows\System32\wintrust.dll
0xFCD80000 \Windows\System32\crypt32.dll
0xFCD60000 \Windows\System32\devobj.dll
0xFCD20000 \Windows\System32\cfgmgr32.dll
0xFCD10000 \Windows\System32\msasn1.dll
0x750A0000 \Windows\SysWOW64\normaliz.dll

Processes (total 58):
0 System Idle Process
4 System
312 C:\Windows\System32\smss.exe
448 csrss.exe
496 C:\Windows\System32\wininit.exe
528 csrss.exe
552 C:\Windows\System32\services.exe
572 C:\Windows\System32\lsass.exe
580 C:\Windows\System32\lsm.exe
688 C:\Windows\System32\svchost.exe
772 C:\Windows\System32\nvvsvc.exe
812 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\winlogon.exe
628 C:\Windows\System32\audiodg.exe
508 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\nvvsvc.exe
1188 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1464 C:\Windows\System32\dwm.exe
1488 C:\Windows\explorer.exe
1580 C:\Windows\System32\spoolsv.exe
1624 C:\Windows\System32\taskhost.exe
1632 C:\Windows\System32\svchost.exe
1780 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1808 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1964 C:\Windows\System32\svchost.exe
2004 C:\Windows\System32\svchost.exe
2512 C:\Windows\System32\nvraidservice.exe
2552 C:\Program Files (x86)\uTorrent\uTorrent.exe
2584 C:\Windows\System32\StikyNot.exe
2604 C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
2628 WmiPrvSE.exe
2936 C:\Windows\System32\wbem\unsecapp.exe
3000 C:\Windows\System32\SearchIndexer.exe
2108 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
2160 C:\Program Files\Windows Sidebar\sidebar.exe
2900 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
168 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
380 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
2100 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
2616 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
2500 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3156 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3604 C:\Program Files\Windows Media Player\wmpnetwk.exe
3624 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
780 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3164 C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
2484 C:\Windows\System32\wuauclt.exe
2396 C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe
4544 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4712 C:\Windows\System32\SearchProtocolHost.exe
932 C:\Windows\System32\SearchFilterHost.exe
2388 C:\Users\Sache'\Desktop\MBRCheck.exe
152 C:\Windows\System32\conhost.exe
4160 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000091`93f9e000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000001`56b1f600 (NTFS)
\\.\J: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: WDC WD6400AAKS-65A7B, Rev: 01.0
PhysicalDrive1 Model Number: ST3250824AS, Rev: 3.AA

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 RE: Unknown MBR code
SHA1: CEFD837A02A1F4445A136688B10013AE4399C2CF
232 GB \\.\PhysicalDrive1 RE: Gateway MBR code detected
SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/29/2010 at 02:28 AM

Application Version : 4.46.1000

Core Rules Database Version : 5923
Trace Rules Database Version: 3735

Scan type : Complete Scan
Total Scan Time : 03:25:44

Memory items scanned : 346
Memory threats detected : 0
Registry items scanned : 14331
Registry threats detected : 147
File items scanned : 485811
File threats detected : 1

Adware.Gamevance
(x86) HKU\S-1-5-21-3733315040-2452636875-3314474338-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}
(x86) HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}

Malware.Trace
(x86) HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL
(x86) HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Adware.MyWebSearch/FunWebProducts
(x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
(x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
(x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib
(x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
(x64) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
(x64) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
(x64) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
(x64) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
(x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
(x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32
(x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib
(x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib#Version
(x64) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
(x64) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
(x64) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
(x64) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
(x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
(x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32
(x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib
(x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib#Version
(x64) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
(x64) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
(x64) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
(x64) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
(x64) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
(x64) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
(x64) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
(x64) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
(x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
(x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
(x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
(x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
(x64) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
(x64) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
(x64) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
(x64) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
(x64) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
(x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
(x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32
(x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib
(x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version
(x64) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
(x64) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
(x64) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
(x64) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
(x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
(x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
(x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib
(x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version
(x64) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
(x64) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
(x64) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
(x64) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
(x64) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
(x64) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
(x64) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
(x64) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
(x64) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
(x64) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
(x64) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
(x64) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
(x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
(x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32
(x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib
(x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib#Version
(x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
(x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32
(x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib
(x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version
(x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
(x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
(x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
(x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
(x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
(x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
(x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x64) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
(x64) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x64) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x64) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x64) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
(x64) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x64) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x64) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x64) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
(x64) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x64) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x64) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x64) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
(x64) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
(x64) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
(x64) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
(x64) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
(x64) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
(x64) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
(x64) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
(x64) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
(x64) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
(x64) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
(x64) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
(x64) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
(x64) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
(x64) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
(x64) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
(x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
(x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid
(x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
(x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
(x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version
(x64) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
(x64) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
(x64) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
(x64) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
(x64) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
(x64) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
(x64) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
(x64) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid32
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib#Version
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
(x64) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
(x64) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
(x64) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
(x64) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
(x64) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
(x64) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
(x64) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
(x64) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
(x64) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
(x64) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
(x64) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
(x64) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
(x64) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
(x64) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
(x64) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
(x64) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version

Trojan.Vundo-Variant/F
E:\WINDOWS\SYSTEM32\JESTERSS.DLL
 
We need to fix your MBR...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: NP218AA-ABA p6142p
Logical Drives Mask: 0x00005ffc

Kernel Drivers (total 193):
0x0320D000 \SystemRoot\system32\ntoskrnl.exe
0x037E9000 \SystemRoot\system32\hal.dll
0x00BAC000 \SystemRoot\system32\kdcom.dll
0x00CAE000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CBB000 \SystemRoot\system32\PSHED.dll
0x00CCF000 \SystemRoot\system32\CLFS.SYS
0x00D2D000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DED000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E78000 \SystemRoot\System32\Drivers\spko.sys
0x00F9E000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00FA7000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E57000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E61000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x01062000 \SystemRoot\system32\DRIVERS\pci.sys
0x01095000 \SystemRoot\System32\drivers\partmgr.sys
0x010AA000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x010BF000 \SystemRoot\System32\drivers\volmgrx.sys
0x0111B000 \SystemRoot\system32\DRIVERS\nvrd64.sys
0x01193000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x011C3000 \SystemRoot\System32\drivers\mountmgr.sys
0x01000000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x01293000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x012D1000 \SystemRoot\system32\DRIVERS\storport.sys
0x01333000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0133E000 \SystemRoot\system32\drivers\fltmgr.sys
0x0138A000 \SystemRoot\system32\drivers\fileinfo.sys
0x0143F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0139E000 \SystemRoot\System32\Drivers\msrpc.sys
0x015E2000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01200000 \SystemRoot\System32\Drivers\cng.sys
0x01400000 \SystemRoot\System32\drivers\pcw.sys
0x01411000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0161D000 \SystemRoot\system32\drivers\ndis.sys
0x0170F000 \SystemRoot\system32\drivers\NETIO.SYS
0x0176F000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x0179A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A3B000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01A87000 \SystemRoot\System32\Drivers\spldr.sys
0x01A8F000 \SystemRoot\System32\drivers\rdyboost.sys
0x01AC9000 \SystemRoot\System32\Drivers\mup.sys
0x01ADB000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01AE4000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B1E000 \SystemRoot\system32\DRIVERS\disk.sys
0x01B9D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01BC7000 \SystemRoot\System32\Drivers\Null.SYS
0x01BD0000 \SystemRoot\System32\Drivers\Beep.SYS
0x01BD7000 \SystemRoot\System32\drivers\vga.sys
0x01A00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01A25000 \SystemRoot\System32\drivers\watchdog.sys
0x01BE5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01BEE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01BF7000 \SystemRoot\system32\drivers\rdprefmp.sys
0x017E4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x017EF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0141B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01600000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0160D000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x02E86000 \SystemRoot\system32\drivers\afd.sys
0x02F10000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x02F1A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02F5F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02F68000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02F8E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02F9D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02FB8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02FCC000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x02FD6000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x02E00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02E51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02E5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02E68000 \SystemRoot\System32\drivers\discache.sys
0x02FE0000 \SystemRoot\System32\Drivers\dfsc.sys
0x01273000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x01029000 \SystemRoot\System32\Drivers\aswSP.SYS
0x0104C000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x02E77000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x01284000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03CD9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03D2F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03D40000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03D64000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x03DA2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03DAF000 \SystemRoot\System32\Drivers\fastfat.SYS
0x03C00000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x04AF9000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x055F9000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04A00000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03C52000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04425000 \SystemRoot\System32\Drivers\a89j5gva.SYS
0x0446A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04473000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04483000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04499000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x044BD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x044C9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x044F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04513000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04534000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0454E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0455D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0456C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0456E000 \SystemRoot\system32\DRIVERS\ks.sys
0x045B1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05AE2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05B3C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05E04000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05B51000 \SystemRoot\system32\drivers\portcls.sys
0x05B8E000 \SystemRoot\system32\drivers\drmk.sys
0x05FE5000 \SystemRoot\system32\drivers\ksthunk.sys
0x00010000 \SystemRoot\System32\win32k.sys
0x05FEB000 \SystemRoot\System32\drivers\Dxapi.sys
0x05BB0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05BBE000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x05A00000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x05A3E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05A51000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05A5F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05FF7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05E00000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05A78000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05A85000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05AA2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05AB0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x01B34000 \SystemRoot\system32\DRIVERS\wg111v2.sys
0x05ACB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005D0000 \SystemRoot\System32\TSDDD.dll
0x008E0000 \SystemRoot\System32\ATMFD.DLL
0x00700000 \SystemRoot\System32\cdd.dll
0x05BC8000 \SystemRoot\system32\drivers\luafv.sys
0x045C3000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x05BEB000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x045DE000 \SystemRoot\system32\drivers\WudfPf.sys
0x04400000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06293000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x062E6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x062F9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06311000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0632F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06347000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06374000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x063C2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06200000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x06C12000 \SystemRoot\system32\drivers\HTTP.sys
0x06CDA000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x06CE7000 \SystemRoot\system32\drivers\peauth.sys
0x06D8D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06D98000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06DC5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x070C2000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07129000 \SystemRoot\System32\DRIVERS\srv.sys
0x77340000 \Windows\System32\ntdll.dll
0x47B20000 \Windows\System32\smss.exe
0xFF660000 \Windows\System32\apisetschema.dll
0xFFAC0000 \Windows\System32\autochk.exe
0xFF5D0000 \Windows\System32\difxapi.dll
0xFF530000 \Windows\System32\comdlg32.dll
0xFE7A0000 \Windows\System32\shell32.dll
0xFE5C0000 \Windows\System32\setupapi.dll
0xFE5B0000 \Windows\System32\nsi.dll
0xFE4D0000 \Windows\System32\advapi32.dll
0xFE4B0000 \Windows\System32\sechost.dll
0x77240000 \Windows\System32\user32.dll
0x77120000 \Windows\System32\kernel32.dll
0xFE460000 \Windows\System32\ws2_32.dll
0xFE430000 \Windows\System32\imm32.dll
0xFE390000 \Windows\System32\clbcatq.dll
0xFE2F0000 \Windows\System32\msvcrt.dll
0xFE210000 \Windows\System32\oleaut32.dll
0xFE1A0000 \Windows\System32\gdi32.dll
0xFE090000 \Windows\System32\msctf.dll
0x77510000 \Windows\System32\psapi.dll
0xFE070000 \Windows\System32\imagehlp.dll
0x77500000 \Windows\System32\normaliz.dll
0xFDE60000 \Windows\System32\ole32.dll
0xFDE50000 \Windows\System32\lpk.dll
0xFDD80000 \Windows\System32\usp10.dll
0xFDC00000 \Windows\System32\urlmon.dll
0xFDBB0000 \Windows\System32\Wldap32.dll
0xFDA80000 \Windows\System32\rpcrt4.dll
0xFD950000 \Windows\System32\wininet.dll
0xFD6F0000 \Windows\System32\iertutil.dll
0xFD670000 \Windows\System32\shlwapi.dll
0xFD630000 \Windows\System32\cfgmgr32.dll
0xFD5C0000 \Windows\System32\KernelBase.dll
0xFD580000 \Windows\System32\wintrust.dll
0xFD560000 \Windows\System32\devobj.dll
0xFD3F0000 \Windows\System32\crypt32.dll
0xFD350000 \Windows\System32\comctl32.dll
0xFD340000 \Windows\System32\msasn1.dll
0x769B0000 \Windows\SysWOW64\normaliz.dll

Processes (total 58):
0 System Idle Process
4 System
312 C:\Windows\System32\smss.exe
448 csrss.exe
496 C:\Windows\System32\wininit.exe
528 csrss.exe
552 C:\Windows\System32\services.exe
572 C:\Windows\System32\lsass.exe
580 C:\Windows\System32\lsm.exe
692 C:\Windows\System32\svchost.exe
784 C:\Windows\System32\nvvsvc.exe
824 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\winlogon.exe
924 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
624 C:\Windows\System32\audiodg.exe
532 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\nvvsvc.exe
1116 C:\Windows\System32\svchost.exe
1192 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1348 C:\Windows\System32\dwm.exe
1372 C:\Windows\explorer.exe
1600 C:\Windows\System32\spoolsv.exe
1636 C:\Windows\System32\taskhost.exe
1648 C:\Windows\System32\svchost.exe
1792 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1812 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1840 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1984 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
2416 C:\Windows\System32\taskeng.exe
2544 C:\Windows\System32\nvraidservice.exe
2572 C:\Program Files (x86)\uTorrent\uTorrent.exe
2588 C:\Windows\System32\StikyNot.exe
2628 C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
2656 WmiPrvSE.exe
2844 C:\Windows\System32\wbem\unsecapp.exe
2952 C:\Windows\System32\SearchIndexer.exe
1020 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
2224 C:\Program Files\Windows Sidebar\sidebar.exe
2244 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3016 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
3048 C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe
2644 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
2536 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
1536 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
2564 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
3036 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
2560 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3080 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
3164 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3608 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3884 C:\Program Files\Windows Media Player\wmpnetwk.exe
3056 C:\Users\Sache'\Desktop\MBRCheck.exe
3532 C:\Windows\System32\conhost.exe
2908 C:\Windows\System32\dllhost.exe
3476 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000091`93f9e000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000001`56b1f600 (NTFS)
\\.\J: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: WDC WD6400AAKS-65A7B, Rev: 01.0
PhysicalDrive1 Model Number: ST3250824AS, Rev: 3.AA

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 RE: Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
232 GB \\.\PhysicalDrive1 RE: Gateway MBR code detected
SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD


Done!
 
Good job :)

Can you check, if IE is getting redirected too?

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
 
GooredFix by jpshortstuff (03.07.10.1)
Log created at 20:45 on 29/11/2010 (Sache')
Firefox version 3.5.6 (en-US)

========== GooredScan ==========

Removing Orphan:
"FFToolbar@bitdefender.com"="C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:42 15/11/2009]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [02:15 22/10/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [05:35 10/11/2009]
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [04:24 02/04/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [19:20 02/05/2010]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [17:52 20/11/2010]

C:\Users\Sache'\Application Data\Mozilla\Firefox\Profiles\idvgwzno.Default User\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [05:28 18/11/2009]

C:\Users\Sache'\Application Data\Mozilla\Firefox\Profiles\ks50in09.default\extensions\
fireloop@drawloop.com [03:58 04/08/2010]
{20a82645-c095-46ed-80e3-08825760534b} [16:26 21/11/2010]
{53A03D43-5363-4669-8190-99061B2DEBA5} [16:26 21/11/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [04:30 22/10/2009]

-=E.O.F=-
 
Very good :)
We still need to run couple more checks.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL Extras logfile created on: 11/29/2010 9:33:07 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Sache'\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 82.00% Memory free
15.00 Gb Paging File | 14.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.31 Gb Total Space | 161.29 Gb Free Space | 27.70% Space Free | Partition Type: NTFS
Drive D: | 13.86 Gb Total Space | 1.59 Gb Free Space | 11.47% Space Free | Partition Type: NTFS
Drive E: | 227.53 Gb Total Space | 26.94 Gb Free Space | 11.84% Space Free | Partition Type: NTFS
Drive J: | 5.34 Gb Total Space | 2.12 Gb Free Space | 39.62% Space Free | Partition Type: FAT32
Drive O: | 1.96 Gb Total Space | 1.29 Gb Free Space | 66.01% Space Free | Partition Type: FAT

Computer Name: SACHE-PC | User Name: Sache' | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 22
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{290CA856-3737-4874-864B-BA142F4823C8}_is1" = HP MediaSmart Demo
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{37904E11-A053-48C4-90D4-6DFDA2886381}" = Before You Know It 3.6 Deluxe
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{453C9E55-80DF-4BD2-9885-52A1FB0D9382}" = eReader
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{61174B54-26FC-48F3-AF5C-7C9B9A9E9A8C}" = Human Japanese 2.0
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9082C257-9729-4009-8299-6916CD556EAC}" = TSR Launcher
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AE469025-08BA-4B2A-915D-CC7765132419}" = Default Manager
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C79BF5BB-5671-41C0-A028-E9A2097D1AAD}" = Microsoft Live Search Toolbar
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABC Amber LIT Converter" = ABC Amber LIT Converter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Byki Express" = Byki Express
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DVDFab 8_is1" = DVDFab 8.0.5.0 (18/11/2010)
"EADM" = EA Download Manager
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"Gravity_is1" = Gravity
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"pywin32-py2.6" = Python 2.6 pywin32-212
"ReadWrite Kanji_is1" = ReadWrite Kanji Version 1.5
"RealMedia" = RealMedia (remove only)
"TellmeMoreV50" = TeLL me More CJ
"uTorrent" = µTorrent
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
OTL logfile created on: 11/29/2010 9:33:07 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Sache'\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 82.00% Memory free
15.00 Gb Paging File | 14.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.31 Gb Total Space | 161.29 Gb Free Space | 27.70% Space Free | Partition Type: NTFS
Drive D: | 13.86 Gb Total Space | 1.59 Gb Free Space | 11.47% Space Free | Partition Type: NTFS
Drive E: | 227.53 Gb Total Space | 26.94 Gb Free Space | 11.84% Space Free | Partition Type: NTFS
Drive J: | 5.34 Gb Total Space | 2.12 Gb Free Space | 39.62% Space Free | Partition Type: FAT32
Drive O: | 1.96 Gb Total Space | 1.29 Gb Free Space | 66.01% Space Free | Partition Type: FAT

Computer Name: SACHE-PC | User Name: Sache' | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/29 21:31:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sache'\Desktop\OTL.exe
PRC - [2010/11/20 21:51:48 | 000,328,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/05/06 14:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/03/19 09:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/10/30 05:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/04/10 00:26:02 | 001,328,424 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2009/04/10 00:22:06 | 000,185,640 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/03/19 11:54:52 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2010/11/29 21:31:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sache'\Desktop\OTL.exe
MOD - [2010/11/21 03:06:05 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV:64bit: - [2010/06/29 11:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/07/26 17:00:57 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/19 09:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 12:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sxuptp.sys -- (sxuptp)
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\MERCURE\VMLaunch\BuddyVM.sys -- ({09BB444F-B2E2-4009-BAF2-7B727681223E})
DRV:64bit: - [2010/11/24 20:15:31 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/11/24 20:15:31 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/11/24 15:02:31 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/05/06 14:34:14 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/03/30 16:34:39 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2010/02/17 12:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 12:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/30 00:23:04 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/12/26 00:46:26 | 000,340,992 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wg111v2.sys -- (RTL8187)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15772&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: fireloop@drawloop.com:2.1
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/08 23:31:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/28 15:05:36 | 000,000,000 | ---D | M]

[2009/12/22 15:48:03 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Mozilla\Extensions
[2009/10/21 20:16:14 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/31 02:49:42 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\idvgwzno.Default User\extensions
[2009/12/22 15:48:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\idvgwzno.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/27 15:55:33 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\extensions
[2010/11/21 10:26:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/21 10:26:49 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2010/08/03 21:58:01 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\extensions\fireloop@drawloop.com
[2010/01/30 13:22:51 | 000,002,055 | ---- | M] () -- C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\searchplugins\daemon-search.xml
[2009/11/04 00:19:34 | 000,005,413 | ---- | M] () -- C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\searchplugins\fast-browser-search.xml
[2010/11/27 15:55:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/02 13:20:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/20 11:52:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/11/05 11:41:02 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files (x86)\Mozilla Firefox\components\FFComm.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/28 05:33:13 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4:64bit: - HKLM..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor for Windows\RunProfiler.exe (PC-Doctor, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: juno.com ([]* in Trusted sites)
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab (HP Product Detection Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinner.com/games/v54/wwspades/wwspades.cab (WWSpades Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Sache'\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sache'\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 03:41:16 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - J:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{ffafabb9-8013-11df-bc5a-0026187a7a71}\Shell - "" = AutoRun
O33 - MountPoints2\{ffafabb9-8013-11df-bc5a-0026187a7a71}\Shell\AutoRun\command - "" = M:\AutoRun.exe -- File not found
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found
O33 - MountPoints2\L\Shell\phone\command - "" = L:\autorun.exe -- File not found
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\autorun.exe -- File not found
O33 - MountPoints2\M\Shell\phone\command - "" = M:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: FastUserSwitchingCompatibility - C:\Windows\SysNative\FastUv32.dll File not found

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\SysWow64\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\SysWow64\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\SysWow64\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\Windows\SysWow64\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.mp42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/29 21:31:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Sache'\Desktop\OTL.exe
[2010/11/29 20:45:07 | 000,000,000 | ---D | C] -- C:\Users\Sache'\Desktop\GooredFix Backups
[2010/11/29 20:44:01 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Sache'\Desktop\GooredFix.exe
[2010/11/29 19:34:09 | 000,000,000 | ---D | C] -- C:\Users\Sache'\Desktop\NTBR_CD
[2010/11/28 22:50:38 | 000,000,000 | ---D | C] -- C:\Users\Sache'\AppData\Roaming\SUPERAntiSpyware.com
[2010/11/28 22:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/11/28 22:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/11/28 22:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/28 22:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReflexiveArcade
[2010/11/28 21:59:51 | 000,000,000 | ---D | C] -- C:\Users\Sache'\Desktop\virus
[2010/11/28 21:58:43 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2010/11/28 15:07:22 | 000,000,000 | ---D | C] -- C:\Users\Sache'\AppData\Roaming\WhiteSmokeTranslator
[2010/11/28 05:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\whitesmoketoolbar
[2010/11/27 22:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Sims Resource
[2010/11/27 16:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/11/27 16:11:19 | 000,000,000 | ---D | C] -- C:\Users\Sache'\AppData\Roaming\Malwarebytes
[2010/11/27 16:11:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/27 16:11:12 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/27 16:11:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/27 16:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/27 15:53:36 | 000,000,000 | ---D | C] -- C:\Users\Sache'\AppData\Roaming\Registry Mechanic
[2010/11/24 23:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2010/11/24 23:51:07 | 000,000,000 | ---D | C] -- C:\Windows\Mystic Emporium
[2010/11/24 22:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2010/11/24 22:19:14 | 000,000,000 | -HSD | C] -- C:\Users\Sache'\AppData\Local\.#
[2010/11/24 21:56:46 | 000,000,000 | ---D | C] -- C:\Users\Sache'\AppData\Roaming\vlc
[2010/11/24 20:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gravity
[2010/11/24 15:35:05 | 000,000,000 | ---D | C] -- C:\Users\Sache'\Documents\DVDFab
[2010/11/24 15:02:31 | 000,082,816 | ---- | C] (VSO Software) -- C:\Windows\SysNative\drivers\pcouffin.sys
[2010/11/24 15:02:31 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Sache'\AppData\Roaming\pcouffin.sys
[2010/11/24 15:02:31 | 000,000,000 | ---D | C] -- C:\Users\Sache'\AppData\Roaming\Vso
[2010/11/24 15:02:31 | 000,000,000 | ---D | C] -- C:\Users\Sache'\Documents\PcSetup
[2010/11/24 15:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 8
[2010/11/22 00:45:36 | 000,000,000 | ---D | C] -- C:\Users\Sache'\Documents\Harry Potter
[2010/11/21 01:19:29 | 000,000,000 | ---D | C] -- C:\Users\Sache'\[Kira-Fansub] My-HiME Complete (BD H264 1280x960 24fps AAC 2.0J)
[2010/11/20 23:44:52 | 000,000,000 | ---D | C] -- C:\Users\Sache'\Heroic age [Complete Eps 1- 26][Eng Subs]
[2010/11/20 16:46:35 | 000,000,000 | ---D | C] -- C:\games
[2010/11/20 11:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/11/20 03:28:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/11/18 20:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/29 21:31:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sache'\Desktop\OTL.exe
[2010/11/29 20:44:02 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Sache'\Desktop\GooredFix.exe
[2010/11/29 20:03:18 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/29 20:03:18 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/29 19:56:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/29 19:55:59 | 1945,542,655 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/29 19:10:17 | 002,565,432 | ---- | M] () -- C:\Users\Sache'\Desktop\NTBR_CD.exe
[2010/11/29 04:20:01 | 366,915,584 | ---- | M] () -- C:\Users\Sache'\The.Price.Is.Right.2010.11.23.HDTV.Xvid-GRamos.avi
[2010/11/28 22:59:12 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/28 22:42:57 | 000,080,384 | ---- | M] () -- C:\Users\Sache'\Desktop\MBRCheck.exe
[2010/11/27 22:43:08 | 000,739,918 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/27 22:43:08 | 000,632,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/27 22:43:08 | 000,110,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/27 18:13:46 | 000,001,937 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/27 18:12:09 | 456,557,850 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/27 15:50:33 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2010/11/27 15:33:26 | 000,016,384 | ---- | M] () -- C:\Windows\cftm.exe
[2010/11/27 15:33:14 | 000,939,543 | ---- | M] () -- C:\Windows\plugincontainers.exe
[2010/11/27 13:08:32 | 000,388,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/24 20:15:31 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010/11/24 20:15:31 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010/11/24 15:21:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\lmhosts
[2010/11/24 15:02:31 | 000,099,384 | ---- | M] () -- C:\Users\Sache'\AppData\Roaming\inst.exe
[2010/11/24 15:02:31 | 000,082,816 | ---- | M] (VSO Software) -- C:\Windows\SysNative\drivers\pcouffin.sys
[2010/11/24 15:02:31 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Sache'\AppData\Roaming\pcouffin.sys
[2010/11/24 15:02:31 | 000,007,859 | ---- | M] () -- C:\Users\Sache'\AppData\Roaming\pcouffin.cat
[2010/11/24 15:02:31 | 000,001,167 | ---- | M] () -- C:\Users\Sache'\AppData\Roaming\pcouffin.inf
[2010/11/24 15:02:29 | 000,001,025 | ---- | M] () -- C:\Users\Sache'\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
[2010/11/19 22:06:07 | 000,005,938 | ---- | M] () -- C:\Users\Sache'\AppData\Roaming\wklnhst.dat
[2010/11/15 17:56:03 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSache'.job
[2010/11/14 16:34:40 | 002,497,912 | ---- | M] () -- C:\Windows\SysWow64\HGRGMSJ0.TAL
[2010/11/14 16:34:39 | 000,184,328 | ---- | M] () -- C:\Windows\SysWow64\T7M6S0.TAL
[2010/11/14 16:34:37 | 000,138,332 | ---- | M] () -- C:\Windows\SysWow64\0R75L0.TAL
[2010/11/03 20:24:29 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Late Night.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/29 19:10:16 | 002,565,432 | ---- | C] () -- C:\Users\Sache'\Desktop\NTBR_CD.exe
[2010/11/28 22:50:20 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/28 22:42:57 | 000,080,384 | ---- | C] () -- C:\Users\Sache'\Desktop\MBRCheck.exe
[2010/11/28 22:37:33 | 366,915,584 | ---- | C] () -- C:\Users\Sache'\The.Price.Is.Right.2010.11.23.HDTV.Xvid-GRamos.avi
[2010/11/27 15:50:33 | 000,000,268 | ---- | C] () -- C:\Windows\tasks\RMSchedule.job
[2010/11/27 15:33:26 | 000,016,384 | ---- | C] () -- C:\Windows\cftm.exe
[2010/11/27 15:33:08 | 000,939,543 | ---- | C] () -- C:\Windows\plugincontainers.exe
[2010/11/24 19:36:04 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010/11/24 19:36:04 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010/11/24 15:02:59 | 000,000,034 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\pcouffin.log
[2010/11/24 15:02:31 | 000,099,384 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\inst.exe
[2010/11/24 15:02:31 | 000,007,859 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\pcouffin.cat
[2010/11/24 15:02:31 | 000,001,167 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\pcouffin.inf
[2010/11/24 15:02:29 | 000,001,025 | ---- | C] () -- C:\Users\Sache'\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
[2010/11/03 20:24:29 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Late Night.lnk
[2010/09/28 16:06:25 | 000,003,584 | ---- | C] () -- C:\Users\Sache'\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/26 10:44:04 | 006,581,215 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\Rihanna - Only Girl (In The World) 2010.zip
[2010/06/24 22:54:35 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2010/05/29 20:59:46 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2010/05/19 05:18:04 | 000,016,384 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\Windowz.exe
[2010/04/20 01:13:02 | 000,005,080 | ---- | C] () -- C:\ProgramData\kbkwknay.ayh
[2010/04/18 19:27:11 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/04/18 18:10:28 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/03/25 13:37:27 | 000,000,569 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\AutoGK.ini
[2010/03/21 18:48:03 | 000,000,051 | ---- | C] () -- C:\Windows\wininit.ini
[2010/02/18 23:13:15 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2010/01/07 02:25:26 | 000,000,017 | ---- | C] () -- C:\Users\Sache'\AppData\Local\resmon.resmoncfg
[2009/12/22 15:21:38 | 003,240,818 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/12 20:19:54 | 000,000,025 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\bdfvconp.ini
[2009/11/01 12:01:46 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/03 17:55:29 | 000,005,938 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\wklnhst.dat
[2009/10/01 13:41:40 | 000,029,216 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\UserTile.png
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/06 04:25:03 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
[2009/05/06 04:25:03 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll

========== LOP Check ==========

[2010/10/05 23:27:11 | 000,000,000 | -HSD | M] -- C:\Users\Sache'\AppData\Roaming\.#
[2010/09/28 20:04:43 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Academagia
[2010/03/22 23:57:46 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\AnvSoft
[2010/01/08 06:09:34 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Auslogics
[2010/10/25 23:19:29 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Avanquest
[2010/01/08 05:54:58 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\CleanMyPC Software
[2010/03/25 13:46:21 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\CocoonSoftware
[2009/12/22 15:47:43 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/30 13:27:34 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\DAEMON Tools Lite
[2010/01/30 13:12:00 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\DAEMON Tools Pro
[2009/12/22 15:47:44 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Farm Mania
[2009/12/22 15:47:44 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\funkitron
[2010/10/03 11:36:19 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\GameInvest
[2010/03/24 18:12:45 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\GetRightToGo
[2010/11/19 22:21:16 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\LimeWire
[2009/12/22 15:47:47 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Ludia
[2010/10/17 15:32:03 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Merscom
[2010/06/15 09:37:10 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\mjusbsp
[2009/12/22 15:48:03 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Mobipocket
[2010/04/20 01:13:04 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\MOVAVI
[2010/09/28 20:35:48 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Namco
[2009/12/22 15:48:06 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\PDM
[2009/10/01 13:41:40 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\PeerNetworking
[2009/12/22 15:48:06 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\PictureMover
[2010/11/24 23:51:50 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\PlayFirst
[2010/11/27 15:53:36 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Registry Mechanic
[2009/12/27 01:35:20 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Softland
[2010/08/04 03:53:21 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\StarDict
[2009/12/22 15:48:06 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Template
[2010/03/17 22:47:57 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Uniblue
[2010/05/14 23:38:43 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Unity
[2010/11/29 21:36:26 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\uTorrent
[2010/05/04 01:08:26 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2010/01/30 02:56:20 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Virtual City
[2010/11/24 15:02:59 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Vso
[2010/11/28 15:08:00 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\WhiteSmokeTranslator
[2009/12/22 15:48:06 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\WildTangent
[2010/03/25 13:31:09 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\WinAVI
[2009/12/22 15:48:06 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\WinBatch
[2010/11/27 15:50:33 | 000,000,268 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2010/09/18 19:58:57 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 19:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/12/22 17:14:50 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/03/21 22:13:13 | 000,000,238 | ---- | M] () -- C:\debug.txt
[2010/11/29 19:55:59 | 1945,542,655 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/19 15:49:10 | 000,368,640 | R--- | M] () -- C:\lua5.1.dll
[2010/11/29 19:56:01 | 4025,716,735 | -HS- | M] () -- C:\pagefile.sys
[2009/05/06 05:07:15 | 000,000,361 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 11:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/07/13 23:01:14 | 000,000,442 | -HS- | M] () -- C:\ProgramData\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/01 13:27:02 | 000,000,286 | -HS- | M] () -- C:\Users\Sache'\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2009/12/22 16:10:29 | 000,000,221 | -HS- | M] () -- C:\Users\Sache'\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2008/02/12 13:45:00 | 006,541,312 | ---- | M] (Palm Digital Media) -- C:\Users\Sache'\Desktop\eReader.exe
[2010/11/29 20:44:02 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Sache'\Desktop\GooredFix.exe
[2010/11/28 22:42:57 | 000,080,384 | ---- | M] () -- C:\Users\Sache'\Desktop\MBRCheck.exe
[2010/10/07 10:59:54 | 000,359,656 | ---- | M] (Microsoft Corporation) -- C:\Users\Sache'\Desktop\msicuu2.exe
[2010/11/29 19:10:17 | 002,565,432 | ---- | M] () -- C:\Users\Sache'\Desktop\NTBR_CD.exe
[2010/11/29 21:31:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sache'\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 23:22:16 | 000,000,402 | -HS- | M] () -- C:\Users\Sache'\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/04/20 01:13:02 | 000,005,080 | ---- | M] () -- C:\ProgramData\kbkwknay.ayh

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/29 21:31:21 | 000,360,448 | -HS- | M] () -- C:\Users\Sache'\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[1998/09/02 02:46:12 | 000,075,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Files - Unicode (All) ==========
[2010/01/16 18:34:58 | 000,000,000 | ---D | M](C:\Users\Sache'\Favorites\??sorted Bookmarks) -- C:\Users\Sache'\Favorites\ﰠǣsorted Bookmarks

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:ECF54A0E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:FE720CE3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A1063995
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
    FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
    FF - prefs.js..browser.search.order.1: "Fast Browser Search"
    [2009/11/04 00:19:34 | 000,005,413 | ---- | M] () -- C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\s earchplugins\fast-browser-search.xml
    [2010/11/28 05:33:13 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL File not found
    O15 - HKCU\..Trusted Domains: juno.com ([]* in Trusted sites)
    O33 - MountPoints2\{ffafabb9-8013-11df-bc5a-0026187a7a71}\Shell - "" = AutoRun
    O33 - MountPoints2\{ffafabb9-8013-11df-bc5a-0026187a7a71}\Shell\AutoRun\command - "" = M:\AutoRun.exe -- File not found
    O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found
    O33 - MountPoints2\L\Shell\phone\command - "" = L:\autorun.exe -- File not found
    O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\autorun.exe -- File not found
    O33 - MountPoints2\M\Shell\phone\command - "" = M:\autorun.exe -- File not found
    [2010/11/27 15:53:36 | 000,000,000 | ---D | C] -- C:\Users\Sache'\AppData\Roaming\Registry Mechanic
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
    [2010/05/19 05:18:04 | 000,016,384 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\Windowz.exe
    [2010/04/20 01:13:02 | 000,005,080 | ---- | C] () -- C:\ProgramData\kbkwknay.ayh
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:ECF54A0E
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:FE720CE3
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A1063995
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp1B5B4F1:D
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Prefs.js: "Fast Browser Search" removed from browser.search.defaultenginename
Prefs.js: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=" removed from browser.search.defaulturl
Prefs.js: "Fast Browser Search" removed from browser.search.order.1
File C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\s earchplugins\fast-browser-search.xml not found.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml moved successfully.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\juno.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ffafabb9-8013-11df-bc5a-0026187a7a71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ffafabb9-8013-11df-bc5a-0026187a7a71}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ffafabb9-8013-11df-bc5a-0026187a7a71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ffafabb9-8013-11df-bc5a-0026187a7a71}\ not found.
File M:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully.
File L:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found.
File L:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ deleted successfully.
File M:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ not found.
File M:\autorun.exe not found.
C:\Users\Sache'\AppData\Roaming\Registry Mechanic folder moved successfully.
C:\Windows\SysNative\drivers\~GLH0020.TMP deleted successfully.
C:\Users\Sache'\AppData\Roaming\Windowz.exe moved successfully.
C:\ProgramData\kbkwknay.ayh moved successfully.
ADS C:\ProgramData\Temp:ECF54A0E deleted successfully.
ADS C:\ProgramData\Temp:FE720CE3 deleted successfully.
ADS C:\ProgramData\Temp:A1063995 deleted successfully.
Unable to delete ADS C:\ProgramData\Temp1B5B4F1:D .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sache'
->Temp folder emptied: 9477406 bytes
->Temporary Internet Files folder emptied: 11022235 bytes
->Java cache emptied: 20074 bytes
->FireFox cache emptied: 97634969 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 4497 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 61112 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 113.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Sache'
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11302010_011932

Files\Folders moved on Reboot...
C:\Users\Sache'\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...



Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.3.2
Adobe Reader 9.4.1
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

``````````End of Log````````````


C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe a variant of Win32/Kryptik.SH trojan
C:\Windows\plugincontainers.exe Win32/Packed.Autoit.B.Gen application
E:\My Backup -- 09-01-13 1009PM\WINDOWS\system32\BcLTCJlm.ini Win32/Adware.Virtumonde.NEO application
E:\My Backup -- 09-01-13 1009PM\WINDOWS\system32\BcLTCJlm.ini2 Win32/Adware.Virtumonde.NEO application
E:\My Backup -- 09-01-13 1009PM\WINDOWS\system32\uryoeukq.ini Win32/Adware.Virtumonde.NEO application
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    
    :Services
    
    :Reg
    
    :Files
    C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe 
    C:\Windows\plugincontainers.exe 
    E:\My Backup -- 09-01-13 1009PM\WINDOWS\system32\BcLTCJlm.ini 
    E:\My Backup -- 09-01-13 1009PM\WINDOWS\system32\BcLTCJlm.ini2 
    E:\My Backup -- 09-01-13 1009PM\WINDOWS\system32\uryoeukq.ini
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
the internet is working fine now. i havent had any more problems.
thanks a whole bunch!

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe moved successfully.
C:\Windows\plugincontainers.exe moved successfully.
E:\My Backup -- 09-01-13 1009PM\WINDOWS\system32\BcLTCJlm.ini moved successfully.
E:\My Backup -- 09-01-13 1009PM\WINDOWS\system32\BcLTCJlm.ini2 moved successfully.
E:\My Backup -- 09-01-13 1009PM\WINDOWS\system32\uryoeukq.ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sache'
->Temp folder emptied: 454680 bytes
->Temporary Internet Files folder emptied: 302762 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 77937180 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 776 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11956 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 75.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Sache'
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11302010_202809

Files\Folders moved on Reboot...
C:\Users\Sache'\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sache'
->Temp folder emptied: 412179 bytes
->Temporary Internet Files folder emptied: 187051 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3592992 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Sache'
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.17.3 log created on 11302010_205227

Files\Folders moved on Reboot...
C:\Users\Sache'\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Status
Not open for further replies.
Back