Solved Windows Security Center can't start and search redirects

Status
Not open for further replies.
T

torhamx

Posts: 8   +0
Good afternoon. I'm having the issues described in the subject, and have run the "8" steps.

Here are my logs:



Avira AntiVir Personal
Report file date: Sunday, April 24, 2011 14:27

Scanning for 2596233 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : KIRK3200MHZ

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 3/4/2011 18:36:52
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 16:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 3/4/2011 18:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 18:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 18:37:08
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 18:26:26
VBASE004.VDF : 7.11.5.226 2048 Bytes 4/7/2011 18:26:26
VBASE005.VDF : 7.11.5.227 2048 Bytes 4/7/2011 18:26:26
VBASE006.VDF : 7.11.5.228 2048 Bytes 4/7/2011 18:26:27
VBASE007.VDF : 7.11.5.229 2048 Bytes 4/7/2011 18:26:27
VBASE008.VDF : 7.11.5.230 2048 Bytes 4/7/2011 18:26:27
VBASE009.VDF : 7.11.5.231 2048 Bytes 4/7/2011 18:26:27
VBASE010.VDF : 7.11.5.232 2048 Bytes 4/7/2011 18:26:27
VBASE011.VDF : 7.11.5.233 2048 Bytes 4/7/2011 18:26:27
VBASE012.VDF : 7.11.5.234 2048 Bytes 4/7/2011 18:26:27
VBASE013.VDF : 7.11.6.28 158208 Bytes 4/11/2011 18:26:28
VBASE014.VDF : 7.11.6.74 116224 Bytes 4/13/2011 18:26:29
VBASE015.VDF : 7.11.6.113 137728 Bytes 4/14/2011 18:26:30
VBASE016.VDF : 7.11.6.150 146944 Bytes 4/18/2011 18:26:31
VBASE017.VDF : 7.11.6.192 138240 Bytes 4/20/2011 18:26:32
VBASE018.VDF : 7.11.6.237 156160 Bytes 4/22/2011 18:26:33
VBASE019.VDF : 7.11.6.238 2048 Bytes 4/22/2011 18:26:34
VBASE020.VDF : 7.11.6.239 2048 Bytes 4/22/2011 18:26:34
VBASE021.VDF : 7.11.6.240 2048 Bytes 4/22/2011 18:26:34
VBASE022.VDF : 7.11.6.241 2048 Bytes 4/22/2011 18:26:34
VBASE023.VDF : 7.11.6.242 2048 Bytes 4/22/2011 18:26:34
VBASE024.VDF : 7.11.6.243 2048 Bytes 4/22/2011 18:26:34
VBASE025.VDF : 7.11.6.244 2048 Bytes 4/22/2011 18:26:35
VBASE026.VDF : 7.11.6.245 2048 Bytes 4/22/2011 18:26:35
VBASE027.VDF : 7.11.6.246 2048 Bytes 4/22/2011 18:26:35
VBASE028.VDF : 7.11.6.247 2048 Bytes 4/22/2011 18:26:35
VBASE029.VDF : 7.11.6.248 2048 Bytes 4/22/2011 18:26:35
VBASE030.VDF : 7.11.6.249 2048 Bytes 4/22/2011 18:26:35
VBASE031.VDF : 7.11.6.254 32768 Bytes 4/24/2011 18:26:36
Engineversion : 8.2.4.214
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/4/2011 18:36:49
AESCRIPT.DLL : 8.1.3.59 1261947 Bytes 4/24/2011 18:26:45
AESCN.DLL : 8.1.7.2 127349 Bytes 3/4/2011 18:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 3/4/2011 18:36:48
AERDL.DLL : 8.1.9.9 639347 Bytes 4/24/2011 18:26:44
AEPACK.DLL : 8.2.6.0 549237 Bytes 4/24/2011 18:26:43
AEOFFICE.DLL : 8.1.1.20 205177 Bytes 4/24/2011 18:26:42
AEHEUR.DLL : 8.1.2.105 3453303 Bytes 4/24/2011 18:26:42
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/4/2011 18:36:41
AEGEN.DLL : 8.1.5.4 397684 Bytes 4/24/2011 18:26:38
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/4/2011 18:36:40
AECORE.DLL : 8.1.20.2 196982 Bytes 4/24/2011 18:26:37
AEBB.DLL : 8.1.1.0 53618 Bytes 3/4/2011 18:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/4/2011 18:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 3/4/2011 18:36:52
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 18:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 3/4/2011 18:36:52
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 3/4/2011 18:36:53
AVARKT.DLL : 10.0.22.6 231784 Bytes 3/4/2011 18:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 3/4/2011 18:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 18:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/4/2011 18:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 18:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 3/4/2011 18:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/4/2011 18:37:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: E:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Sunday, April 24, 2011 14:27

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\381b4222-f694-41f0-9685-ff5bb260df2e
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'avscan.exe' - '75' Module(s) have been scanned
Scan process 'avscan.exe' - '30' Module(s) have been scanned
Scan process 'avcenter.exe' - '74' Module(s) have been scanned
Scan process 'avgnt.exe' - '69' Module(s) have been scanned
Scan process 'sched.exe' - '48' Module(s) have been scanned
Scan process 'avguard.exe' - '67' Module(s) have been scanned
Scan process 'SteamService.exe' - '42' Module(s) have been scanned
Scan process 'jusched.exe' - '25' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '76' Module(s) have been scanned
Scan process 'nusb3mon.exe' - '32' Module(s) have been scanned
Scan process 'Steam.exe' - '122' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '41' Module(s) have been scanned
Scan process 'DAODx.exe' - '19' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '63' Module(s) have been scanned
Scan process 'rundll32.exe' - '46' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '733' files ).


Starting the file scan:

Begin scan in 'C:\'
Begin scan in 'E:\' <Storage>


End of the scan: Sunday, April 24, 2011 14:49
Used time: 21:52 Minute(s)

The scan has been done completely.

31976 Scanned directories
451898 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
451898 Files not concerned
4412 Archives were scanned
0 Warnings
0 Notes
604224 Objects were scanned with rootkit scan
1 Hidden objects were found



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6434

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

4/24/2011 3:08:19 PM
mbam-log-2011-04-24 (15-08-19).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 310483
Time elapsed: 11 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Gmer.log was blank - When I ran gmer it said no modifications were found.

dds.txt
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Kirk at 15:21:13.48 on Sun 04/24/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8190.6310 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\Dwm.exe
E:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\DAODx.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k imgsvc
E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
E:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
E:\Program Files (x86)\iTunes\iTunesHelper.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
E:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
E:\Downloads\Antivir\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - E:\Program Files (x86)\Java\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Kirk\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [avgnt] "E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kirk\AppData\Roaming\Mozilla\Firefox\Profiles\ycvuyqp0.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Kirk\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Kirk\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Kirk\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: E:\Program Files (x86)\Java\bin\new_plugin\npdeployJava1.dll
FF - plugin: E:\Program Files (x86)\Java\bin\new_plugin\npjp2.dll
FF - plugin: E:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-9 203776]
R2 AMD FUEL Service;AMD FUEL Service;E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-3-9 365568]
R2 AMD Reservation Manager;AMD Reservation Manager;E:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-4-24 135336]
R2 AntiVirService;Avira AntiVir Guard;E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-4-24 269480]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-4-24 83120]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-4-14 46136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-3-9 9258496]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-3-9 300544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-26 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-26 184968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-24 333928]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-1-24 1301504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-4-24 1153368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-4-14 20992]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2009-11-18 446976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-14 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-24 1255736]
.
=============== Created Last 30 ================
.
2011-04-24 18:27:45 -------- d-----w- C:\Users\Kirk\AppData\Roaming\Avira
2011-04-24 18:19:42 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-04-24 18:19:42 -------- d-----w- C:\PROGRA~3\Avira
2011-04-24 18:11:48 -------- d-----w- C:\Windows\System32\appmgmt
2011-04-24 18:06:50 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-04-24 18:06:50 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-04-24 18:00:59 -------- d-----w- C:\Program Files\iPod
2011-04-24 18:00:58 -------- d-----w- C:\Program Files\iTunes
2011-04-24 17:59:58 -------- d-----w- C:\Program Files\Bonjour
2011-04-24 17:59:58 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-04-23 21:25:27 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-04-23 21:25:25 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-04-23 21:25:25 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-04-23 21:24:59 -------- d-----w- C:\Program Files\ATI
2011-04-23 21:02:27 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2011-04-23 02:57:44 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-04-23 02:49:21 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-04-23 02:49:21 126312 ----a-r- C:\Windows\System32\GEARAspi64.dll
2011-04-23 02:49:21 107368 ----a-r- C:\Windows\SysWow64\GEARAspi.dll
2011-04-23 02:48:51 -------- d-----w- C:\PROGRA~3\NortonInstaller
2011-04-23 02:47:51 -------- d-----w- C:\PROGRA~3\Norton
2011-04-23 02:10:57 -------- d-----w- C:\Users\Kirk\AppData\Roaming\Malwarebytes
2011-04-23 02:10:24 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-23 02:10:24 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-04-23 02:10:21 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-04-23 02:10:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-04-23 02:07:35 98304 --sha-r- C:\Windows\SysWow64\msscntrs6.dll
2011-04-22 07:48:08 8802128 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{EA59DB68-395F-4F80-8DF2-74862C9E08EE}\mpengine.dll
2011-04-17 03:44:14 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-04-17 03:44:14 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-04-16 19:55:08 -------- d-----w- C:\Users\Kirk\AppData\Local\My Games
2011-04-16 15:10:12 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-04-15 13:14:02 -------- d-----w- C:\Users\Kirk\AppData\Local\AMD
2011-04-15 13:10:17 -------- d-----w- C:\PROGRA~3\AMD
2011-04-15 03:11:14 -------- d-----w- C:\Windows\System32\SPReview
2011-04-15 03:11:12 -------- d-----w- C:\Windows\System32\EventProviders
2011-04-15 03:07:59 95232 ----a-w- C:\Windows\System32\cca.dll
2011-04-15 03:02:56 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-04-15 02:58:34 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2011-04-13 00:31:55 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-04-13 00:31:51 1912832 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-04-10 15:59:00 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-04-07 00:34:18 -------- d-----w- C:\Users\Kirk\AppData\Roaming\TS3Client
2011-04-06 20:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 20:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 20:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 20:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 20:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 20:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 20:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
.
==================== Find3M ====================
.
2011-04-15 13:11:33 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-04-15 13:11:33 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-21 23:56:26 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-03-21 23:56:22 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-03-21 23:56:10 53760 ----a-w- C:\Windows\System32\OpenCL.dll
2011-03-21 23:56:06 51712 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-03-21 23:55:58 16115712 ----a-w- C:\Windows\System32\amdocl64.dll
2011-03-21 23:55:46 12385792 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-09 09:22:42 9258496 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-03-09 05:41:52 22518272 ----a-w- C:\Windows\System32\atio6axx.dll
2011-03-09 05:19:22 17397248 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-03-09 04:57:04 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-03-09 04:56:54 679424 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-03-09 04:55:52 795136 ----a-w- C:\Windows\System32\aticfx64.dll
2011-03-09 04:53:44 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-03-09 04:53:34 480256 ----a-w- C:\Windows\System32\atieclxx.exe
2011-03-09 04:53:04 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-03-09 04:52:04 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-03-09 04:51:48 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-03-09 04:51:42 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-03-09 04:51:34 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-03-09 04:51:28 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-03-09 04:51:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-03-09 04:51:22 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-03-09 04:48:46 4277760 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-03-09 04:40:22 5044224 ----a-w- C:\Windows\System32\atidxx64.dll
2011-03-09 04:34:36 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-03-09 04:34:34 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-03-09 04:34:24 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-03-09 04:34:22 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-03-09 04:34:12 7025152 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-03-09 04:32:32 5618688 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-03-09 04:30:30 4294656 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-03-09 04:24:48 5438976 ----a-w- C:\Windows\System32\atiumd64.dll
2011-03-09 04:18:16 360448 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-03-09 04:18:10 258048 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-03-09 04:18:00 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-03-09 04:17:56 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-03-09 04:17:56 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-03-09 04:17:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-03-09 04:17:48 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-03-09 04:17:42 300544 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-03-09 04:17:04 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-03-09 04:17:00 31232 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-03-09 04:16:54 38400 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-03-09 04:16:48 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-03-09 04:16:14 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-03-09 04:11:06 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-03-09 03:41:52 3239936 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-03-09 03:34:12 3471872 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-03-09 03:18:58 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-03-09 03:18:58 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-03-09 03:18:52 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-03-09 03:18:52 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-18 20:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 20:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-02-12 11:34:16 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-02-05 17:10:16 642944 ----a-w- C:\Windows\System32\winload.efi
2011-02-05 17:10:08 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-05 17:10:08 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-05 17:10:08 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-05 17:06:41 605552 ----a-w- C:\Windows\System32\winload.exe
2011-02-05 17:06:41 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-02-05 17:06:41 518672 ----a-w- C:\Windows\System32\winresume.exe
2011-02-03 02:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-02 22:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-24 21:28:41 0 ----a-w- C:\Windows\ativpsrm.bin
.
============= FINISH: 15:21:31.14 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/24/2011 4:15:40 PM
System Uptime: 4/24/2011 2:14:04 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A87TD EVO
Processor: AMD Phenom(tm) II X4 955 Processor | AM3 | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 76.052 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 233 GiB total, 132.658 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Application Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
BitTorrent
Bloodline Champions
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
EverQuest II (US English)
FileZilla Client 3.3.5.1
GIMP 2.6.11
Google Talk Plugin
Java Auto Updater
Java(TM) 6 Update 24
JMicron JMB36X Driver
League of Legends
Malwarebytes' Anti-Malware
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox 4.0 (x86 en-US)
Pando Media Booster
PC Probe II
PDFCreator
Platform
Python 2.7 numpy-1.5.1
Python 2.7 PIL-1.1.7
Python 2.7.1
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Sid Meier's Civilization V
Skype™ 5.1
Spybot - Search & Destroy
Steam
SumatraPDF
TightVNC 2.0.2
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
VIA Platform Device Manager
Xfire (remove only)
.
==== Event Viewer Messages From Past Week ========
.
4/24/2011 2:19:55 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
4/24/2011 2:14:16 PM, Error: Service Control Manager [7000] - The AODDriver4.0 service failed to start due to the following error: The system cannot find the path specified.
4/24/2011 2:14:14 PM, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/24/2011 2:12:55 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/24/2011 2:03:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Kirk3200MHz\Kirk SID (S-1-5-21-353034316-21409312-3111263575-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/23/2011 5:25:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AMD External Events Utility service to connect.
4/23/2011 5:25:17 PM, Error: Service Control Manager [7000] - The AMD External Events Utility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/22/2011 11:03:48 PM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

===================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Thank you for your prompt reply.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 199):
0x02A55000 \SystemRoot\system32\ntoskrnl.exe
0x02A0C000 \SystemRoot\system32\hal.dll
0x00BBA000 \SystemRoot\system32\kdcom.dll
0x00C3D000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C4A000 \SystemRoot\system32\PSHED.dll
0x00C5E000 \SystemRoot\system32\CLFS.SYS
0x00CBC000 \SystemRoot\system32\CI.dll
0x00EA4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F48000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F57000 \SystemRoot\system32\drivers\ACPI.sys
0x00FAE000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FB7000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FC1000 \SystemRoot\system32\drivers\pci.sys
0x00E00000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys
0x00E22000 \SystemRoot\system32\drivers\volmgr.sys
0x00E37000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E93000 \SystemRoot\system32\drivers\pciide.sys
0x00D7C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00D8C000 \SystemRoot\system32\DRIVERS\jraid.sys
0x00DAC000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x00DDB000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C00000 \SystemRoot\system32\drivers\vmbus.sys
0x01095000 \SystemRoot\system32\drivers\winhv.sys
0x010A9000 \SystemRoot\system32\drivers\atapi.sys
0x010B2000 \SystemRoot\system32\drivers\ataport.SYS
0x010DC000 \SystemRoot\system32\drivers\msahci.sys
0x010E7000 \SystemRoot\system32\drivers\amdxata.sys
0x010F2000 \SystemRoot\system32\drivers\fltmgr.sys
0x0113E000 \SystemRoot\system32\drivers\fileinfo.sys
0x01210000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01152000 \SystemRoot\System32\Drivers\msrpc.sys
0x013B3000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x013CE000 \SystemRoot\System32\drivers\pcw.sys
0x013DF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0141A000 \SystemRoot\system32\drivers\ndis.sys
0x0150D000 \SystemRoot\system32\drivers\NETIO.SYS
0x0156D000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0167F000 \SystemRoot\System32\drivers\tcpip.sys
0x01883000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x018CD000 \SystemRoot\system32\drivers\vmstorfl.sys
0x018DD000 \SystemRoot\system32\drivers\volsnap.sys
0x01929000 \SystemRoot\System32\Drivers\spldr.sys
0x01931000 \SystemRoot\System32\drivers\rdyboost.sys
0x0196B000 \SystemRoot\System32\Drivers\mup.sys
0x0197D000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01986000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x019C0000 \SystemRoot\system32\DRIVERS\disk.sys
0x01600000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x019D6000 \SystemRoot\system32\drivers\cdrom.sys
0x01668000 \SystemRoot\System32\Drivers\Null.SYS
0x01671000 \SystemRoot\System32\Drivers\Beep.SYS
0x01598000 \SystemRoot\System32\drivers\vga.sys
0x015A6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x015CB000 \SystemRoot\System32\drivers\watchdog.sys
0x015DB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x015E4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x015ED000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01400000 \SystemRoot\System32\Drivers\Msfs.SYS
0x013E9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01072000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0140B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02C06000 \SystemRoot\system32\drivers\afd.sys
0x02C8F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02CD4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02CDD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02D03000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02D19000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02D28000 \SystemRoot\system32\DRIVERS\serial.sys
0x02D45000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02D60000 \SystemRoot\system32\drivers\termdd.sys
0x02D74000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02DC5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02DD1000 \SystemRoot\system32\drivers\mssmbios.sys
0x02DDC000 \SystemRoot\System32\drivers\discache.sys
0x03E69000 \SystemRoot\system32\drivers\csc.sys
0x03EEC000 \SystemRoot\System32\Drivers\dfsc.sys
0x03F0A000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03F1B000 \SystemRoot\SysWow64\drivers\AsIO.sys
0x03F21000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03F47000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03F5C000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x0480C000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0402E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04122000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04168000 \SystemRoot\system32\drivers\HDAudBus.sys
0x0418C000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x041BC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x041BE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x041CB000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x05133000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x041D6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x041E7000 \SystemRoot\system32\DRIVERS\serenum.sys
0x041F3000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x05189000 \SystemRoot\system32\drivers\1394ohci.sys
0x03FAB000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04000000 \SystemRoot\system32\drivers\wmiacpi.sys
0x04009000 \SystemRoot\system32\drivers\CompositeBus.sys
0x051C7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03E00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04019000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03E24000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x051DD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x011B0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x011D1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04800000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x03E53000 \SystemRoot\system32\drivers\kbdclass.sys
0x02DEB000 \SystemRoot\system32\drivers\mouclass.sys
0x04025000 \SystemRoot\system32\drivers\swenum.sys
0x04474000 \SystemRoot\system32\drivers\ks.sys
0x044B7000 \SystemRoot\system32\DRIVERS\amdiox64.sys
0x044CB000 \SystemRoot\system32\drivers\umbus.sys
0x044DD000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x044F5000 \SystemRoot\system32\drivers\usbhub.sys
0x0454F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04564000 \SystemRoot\system32\drivers\AtihdW76.sys
0x04584000 \SystemRoot\system32\drivers\portcls.sys
0x045C1000 \SystemRoot\system32\drivers\drmk.sys
0x045E3000 \SystemRoot\system32\drivers\ksthunk.sys
0x0660B000 \SystemRoot\system32\drivers\viahduaa.sys
0x067BC000 \SystemRoot\system32\drivers\usbccgp.sys
0x067D9000 \SystemRoot\System32\Drivers\usbaapl64.sys
0x067EA000 \SystemRoot\system32\drivers\hidusb.sys
0x04400000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x06600000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x04419000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04426000 \SystemRoot\system32\drivers\kbdhid.sys
0x00030000 \SystemRoot\System32\win32k.sys
0x04434000 \SystemRoot\System32\drivers\Dxapi.sys
0x04440000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004C0000 \SystemRoot\System32\TSDDD.dll
0x00650000 \SystemRoot\System32\cdd.dll
0x0444E000 \SystemRoot\system32\drivers\luafv.sys
0x01630000 \SystemRoot\system32\drivers\WudfPf.sys
0x045E9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x038EE000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03941000 \SystemRoot\system32\DRIVERS\udfs.sys
0x03996000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x039A9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x039C1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x039CF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x039DB000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x039E6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x03800000 \SystemRoot\system32\drivers\HTTP.sys
0x038C9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06E7E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06E96000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06EC3000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06F10000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06F34000 \SystemRoot\system32\drivers\peauth.sys
0x06FDA000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06E00000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06E31000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08CB9000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08D23000 \SystemRoot\System32\DRIVERS\srv.sys
0x08C71000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x08C7C000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x08DBB000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x77B30000 \Windows\System32\ntdll.dll
0x478D0000 \Windows\System32\smss.exe
0xFFE50000 \Windows\System32\apisetschema.dll
0xFF810000 \Windows\System32\autochk.exe
0xFFD10000 \Windows\System32\rpcrt4.dll
0xFFC40000 \Windows\System32\usp10.dll
0xFFC10000 \Windows\System32\imm32.dll
0xFFB30000 \Windows\System32\advapi32.dll
0x77D00000 \Windows\System32\normaliz.dll
0xFFAD0000 \Windows\System32\Wldap32.dll
0x77CF0000 \Windows\System32\psapi.dll
0x779D0000 \Windows\System32\wininet.dll
0xFF8C0000 \Windows\System32\ole32.dll
0xFF7B0000 \Windows\System32\msctf.dll
0xFF710000 \Windows\System32\clbcatq.dll
0xFF630000 \Windows\System32\oleaut32.dll
0x777C0000 \Windows\System32\iertutil.dll
0xFF620000 \Windows\System32\nsi.dll
0xFF580000 \Windows\System32\msvcrt.dll
0xFF500000 \Windows\System32\shlwapi.dll
0xFF4B0000 \Windows\System32\ws2_32.dll
0x77670000 \Windows\System32\urlmon.dll
0x77570000 \Windows\System32\user32.dll
0xFF4A0000 \Windows\System32\lpk.dll
0xFF400000 \Windows\System32\comdlg32.dll
0xFE670000 \Windows\System32\shell32.dll
0xFE600000 \Windows\System32\gdi32.dll
0x77450000 \Windows\System32\kernel32.dll
0xFE580000 \Windows\System32\difxapi.dll
0xFE560000 \Windows\System32\imagehlp.dll
0xFE380000 \Windows\System32\setupapi.dll
0xFE360000 \Windows\System32\sechost.dll
0xFE340000 \Windows\System32\devobj.dll
0xFE300000 \Windows\System32\wintrust.dll
0xFE260000 \Windows\System32\comctl32.dll
0xFE0F0000 \Windows\System32\crypt32.dll
0xFE080000 \Windows\System32\KernelBase.dll
0xFE040000 \Windows\System32\cfgmgr32.dll
0xFE030000 \Windows\System32\msasn1.dll
0x75C30000 \Windows\SysWOW64\normaliz.dll

Processes (total 61):
0 System Idle Process
4 System
268 C:\Windows\System32\smss.exe
368 csrss.exe
440 C:\Windows\System32\wininit.exe
464 csrss.exe
504 C:\Windows\System32\services.exe
524 C:\Windows\System32\lsass.exe
532 C:\Windows\System32\lsm.exe
636 C:\Windows\System32\winlogon.exe
692 C:\Windows\System32\svchost.exe
772 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\atiesrxx.exe
900 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
492 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\atieclxx.exe
1272 C:\Windows\System32\taskeng.exe
1292 C:\Windows\System32\spoolsv.exe
1328 C:\Windows\System32\svchost.exe
1456 C:\Windows\System32\taskhost.exe
1476 C:\Windows\System32\rundll32.exe
1520 C:\Windows\SysWOW64\rundll32.exe
1572 C:\Windows\System32\dwm.exe
1580 E:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
1608 C:\Windows\explorer.exe
1616 C:\Windows\System32\taskeng.exe
1652 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1784 C:\Windows\DAODx.exe
1820 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1936 C:\Windows\System32\svchost.exe
1096 E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
2156 E:\Program Files (x86)\Steam\Steam.exe
2300 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
2324 C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
2360 E:\Program Files (x86)\iTunes\iTunesHelper.exe
2368 E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2376 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2760 C:\Windows\System32\svchost.exe
2824 C:\Windows\System32\svchost.exe
2312 E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2936 C:\Program Files\iPod\bin\iPodService.exe
3240 C:\Windows\System32\SearchIndexer.exe
3348 C:\Program Files\Windows Media Player\wmpnetwk.exe
3836 C:\Windows\System32\svchost.exe
3904 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
4768 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2744 C:\Windows\System32\svchost.exe
3412 E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
4652 E:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
4256 C:\Windows\System32\conhost.exe
1504 E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1664 E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3468 C:\Windows\System32\audiodg.exe
4464 E:\Program Files (x86)\Mozilla Firefox\firefox.exe
3460 dllhost.exe
4080 dllhost.exe
4580 E:\Downloads\MBRCheck.exe
2092 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: OCZ-VERTEX23.5, Rev: 1.27
PhysicalDrive1 Model Number: ST3250620AS, Rev: 3.AAE

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
232 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

ComboFix 11-04-24.02 - Kirk 04/24/2011 17:01:54.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8190.6583 [GMT -4:00]
Running from: e:\downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\program files (x86)\Steam\Steam.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-24 to 2011-04-24 )))))))))))))))))))))))))))))))
.
.
2011-04-24 18:27 . 2011-04-24 18:27 -------- d-----w- c:\users\Kirk\AppData\Roaming\Avira
2011-04-24 18:19 . 2011-04-24 18:19 -------- d-----w- c:\programdata\Avira
2011-04-24 18:19 . 2011-03-04 18:37 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-24 18:19 . 2011-03-04 18:37 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-24 18:11 . 2011-04-24 18:11 -------- d-----w- c:\windows\system32\appmgmt
2011-04-24 18:06 . 2011-04-24 18:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-24 18:06 . 2011-04-24 18:06 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-04-24 18:00 . 2011-04-24 18:00 -------- d-----w- c:\program files\iPod
2011-04-24 18:00 . 2011-04-24 18:01 -------- d-----w- c:\program files\iTunes
2011-04-24 17:59 . 2011-04-24 17:59 -------- d-----w- c:\program files\Bonjour
2011-04-24 17:59 . 2011-04-24 17:59 -------- d-----w- c:\program files (x86)\Bonjour
2011-04-23 21:25 . 2011-04-23 21:25 -------- d-----w- c:\programdata\ATI
2011-04-23 21:25 . 2011-04-23 21:25 -------- d-----w- c:\program files (x86)\AMD APP
2011-04-23 21:25 . 2011-04-23 21:25 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-04-23 21:25 . 2011-04-23 21:25 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-04-23 21:24 . 2011-04-23 21:24 -------- d-----w- c:\program files\ATI
2011-04-23 21:02 . 2011-04-23 21:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-23 02:57 . 2011-04-24 18:12 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-04-23 02:49 . 2009-05-18 22:17 34152 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-23 02:49 . 2008-04-17 21:12 126312 ----a-r- c:\windows\system32\GEARAspi64.dll
2011-04-23 02:49 . 2008-04-17 21:12 107368 ----a-r- c:\windows\SysWow64\GEARAspi.dll
2011-04-23 02:47 . 2011-04-24 18:14 -------- d-----w- c:\programdata\Norton
2011-04-23 02:10 . 2011-04-23 02:10 -------- d-----w- c:\users\Kirk\AppData\Roaming\Malwarebytes
2011-04-23 02:10 . 2011-04-23 02:10 -------- d-----w- c:\programdata\Malwarebytes
2011-04-23 02:10 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-23 02:10 . 2011-04-23 02:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-23 02:10 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-23 02:08 . 2011-04-23 02:08 -------- d-----w- c:\windows\Sun
2011-04-23 02:07 . 2011-04-23 02:07 98304 --sha-r- c:\windows\SysWow64\msscntrs6.dll
2011-04-22 07:48 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA59DB68-395F-4F80-8DF2-74862C9E08EE}\mpengine.dll
2011-04-17 03:44 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-17 03:44 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-04-16 19:55 . 2011-04-16 19:55 -------- d-----w- c:\users\Kirk\AppData\Local\My Games
2011-04-16 15:10 . 2011-04-16 15:10 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-04-15 13:14 . 2011-04-15 13:14 -------- d-----w- c:\users\Kirk\AppData\Local\AMD
2011-04-15 13:10 . 2011-04-15 13:10 -------- d-----w- c:\programdata\AMD
2011-04-15 03:11 . 2011-04-15 03:11 -------- d-----w- c:\windows\system32\SPReview
2011-04-15 03:11 . 2011-04-15 03:11 -------- d-----w- c:\windows\system32\EventProviders
2011-04-15 03:07 . 2010-11-20 13:34 46464 ----a-w- c:\windows\system32\drivers\vmstorfl.sys
2011-04-15 03:02 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 02:58 . 2010-02-18 13:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2011-04-13 00:31 . 2011-04-13 00:31 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-04-13 00:31 . 2011-04-13 00:31 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-04-10 15:59 . 2011-04-16 15:10 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-04-07 00:34 . 2011-04-07 00:34 -------- d-----w- c:\users\Kirk\AppData\Roaming\TS3Client
2011-04-06 20:26 . 2011-04-06 20:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:26 . 2011-04-06 20:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:26 . 2011-04-06 20:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:26 . 2011-04-06 20:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-15 13:11 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-04-15 13:11 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-21 23:56 . 2011-03-21 23:56 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-03-21 23:56 . 2011-03-21 23:56 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-03-21 23:56 . 2011-03-21 23:56 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-21 23:56 . 2011-03-21 23:56 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-03-21 23:55 . 2011-03-21 23:55 16115712 ----a-w- c:\windows\system32\amdocl64.dll
2011-03-21 23:55 . 2011-03-21 23:55 12385792 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-03-09 09:22 . 2011-03-09 09:22 9258496 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-03-09 05:41 . 2011-03-09 05:41 22518272 ----a-w- c:\windows\system32\atio6axx.dll
2011-03-09 05:19 . 2011-03-09 05:19 17397248 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-03-09 04:57 . 2011-03-09 04:57 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-03-09 04:56 . 2011-03-09 04:56 679424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-03-09 04:55 . 2010-11-26 02:57 795136 ----a-w- c:\windows\system32\aticfx64.dll
2011-03-09 04:53 . 2011-03-09 04:53 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-03-09 04:53 . 2011-03-09 04:53 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-03-09 04:53 . 2011-03-09 04:53 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-03-09 04:52 . 2011-03-09 04:52 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-03-09 04:51 . 2011-03-09 04:51 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-03-09 04:51 . 2011-03-09 04:51 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-03-09 04:51 . 2011-03-09 04:51 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-03-09 04:51 . 2011-03-09 04:51 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-03-09 04:51 . 2011-03-09 04:51 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-03-09 04:51 . 2011-03-09 04:51 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-03-09 04:48 . 2011-03-09 04:48 4277760 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-03-09 04:40 . 2010-11-26 02:40 5044224 ----a-w- c:\windows\system32\atidxx64.dll
2011-03-09 04:34 . 2011-03-09 04:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-03-09 04:34 . 2011-03-09 04:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-03-09 04:34 . 2011-03-09 04:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-03-09 04:34 . 2011-03-09 04:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-03-09 04:34 . 2011-03-09 04:34 7025152 ----a-w- c:\windows\system32\aticaldd64.dll
2011-03-09 04:32 . 2011-03-09 04:32 5618688 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-03-09 04:30 . 2011-03-09 04:30 4294656 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-03-09 04:24 . 2011-03-09 04:24 5438976 ----a-w- c:\windows\system32\atiumd64.dll
2011-03-09 04:18 . 2011-03-09 04:18 360448 ----a-w- c:\windows\system32\atiadlxx.dll
2011-03-09 04:18 . 2011-03-09 04:18 258048 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-03-09 04:18 . 2011-03-09 04:18 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-03-09 04:17 . 2011-03-09 04:17 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 300544 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-03-09 04:17 . 2010-11-26 02:16 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2011-03-09 04:17 . 2011-03-09 04:17 31232 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-03-09 04:16 . 2011-03-09 04:16 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2011-03-09 04:16 . 2011-03-09 04:16 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-03-09 04:16 . 2011-03-09 04:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-03-09 04:11 . 2010-11-26 02:24 58880 ----a-w- c:\windows\system32\coinst.dll
2011-03-09 03:41 . 2011-03-09 03:41 3239936 ----a-w- c:\windows\system32\atiumd6a.dll
2011-03-09 03:34 . 2011-03-09 03:34 3471872 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-03-09 03:18 . 2011-03-09 03:18 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-03-09 03:18 . 2011-03-09 03:18 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-03-09 03:18 . 2011-03-09 03:18 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-03-09 03:18 . 2011-03-09 03:18 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-02-19 12:05 . 2011-03-09 18:34 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 18:34 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 18:34 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-09 18:34 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 18:34 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-18 20:36 . 2011-02-18 20:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 20:36 . 2011-02-18 20:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-03 02:40 . 2011-01-24 21:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-02 22:11 . 2011-01-24 21:45 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 336384]
"iTunesHelper"="e:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"avgnt"="e:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;e:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-09 365568]
S2 AMD Reservation Manager;AMD Reservation Manager;e:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-353034316-21409312-3111263575-1000Core.job
- c:\users\Kirk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-22 23:02]
.
2011-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-353034316-21409312-3111263575-1000UA.job
- c:\users\Kirk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-22 23:02]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Kirk\AppData\Roaming\Mozilla\Firefox\Profiles\ycvuyqp0.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Steam - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 8930 - e:\program files (x86)\Steam\steam.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-24 17:05:43
ComboFix-quarantined-files.txt 2011-04-24 21:05
.
Pre-Run: 80,626,892,800 bytes free
Post-Run: 80,511,766,528 bytes free
.
- - End Of File - - AF7497DED46281A9054ECA25AEF59C10
 
Looks fine....

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
It said nothing found - But, when I run combo fix, my security center is working again and I'm not being redirected to any other sites in either browser (Firefox 4 or IE9)

2011/04/25 20:08:52.0001 2880 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/25 20:08:52.0546 2880 ================================================================================
2011/04/25 20:08:52.0546 2880 SystemInfo:
2011/04/25 20:08:52.0546 2880
2011/04/25 20:08:52.0546 2880 OS Version: 6.1.7601 ServicePack: 1.0
2011/04/25 20:08:52.0546 2880 Product type: Workstation
2011/04/25 20:08:52.0546 2880 ComputerName: KIRK3200MHZ
2011/04/25 20:08:52.0547 2880 UserName: Kirk
2011/04/25 20:08:52.0547 2880 Windows directory: C:\Windows
2011/04/25 20:08:52.0547 2880 System windows directory: C:\Windows
2011/04/25 20:08:52.0547 2880 Running under WOW64
2011/04/25 20:08:52.0547 2880 Processor architecture: Intel x64
2011/04/25 20:08:52.0547 2880 Number of processors: 4
2011/04/25 20:08:52.0547 2880 Page size: 0x1000
2011/04/25 20:08:52.0547 2880 Boot type: Normal boot
2011/04/25 20:08:52.0547 2880 ================================================================================
2011/04/25 20:08:57.0748 2880 Initialize success
2011/04/25 20:09:00.0206 5064 ================================================================================
2011/04/25 20:09:00.0206 5064 Scan started
2011/04/25 20:09:00.0206 5064 Mode: Manual;
2011/04/25 20:09:00.0206 5064 ================================================================================
2011/04/25 20:09:00.0484 5064 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/04/25 20:09:00.0498 5064 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/04/25 20:09:00.0510 5064 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/04/25 20:09:00.0527 5064 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/25 20:09:00.0544 5064 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/25 20:09:00.0560 5064 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/25 20:09:00.0584 5064 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/04/25 20:09:00.0597 5064 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/04/25 20:09:00.0614 5064 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/04/25 20:09:00.0635 5064 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/04/25 20:09:00.0648 5064 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2011/04/25 20:09:00.0661 5064 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/25 20:09:00.0790 5064 amdkmdag (bfa9657adf7ddc29242a6e0e88de36fa) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/25 20:09:00.0842 5064 amdkmdap (8c493027d9b2399283e724e9862ebb42) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/04/25 20:09:00.0856 5064 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/25 20:09:00.0868 5064 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
2011/04/25 20:09:00.0883 5064 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/25 20:09:00.0896 5064 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
2011/04/25 20:09:00.0924 5064 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/04/25 20:09:00.0952 5064 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/25 20:09:00.0965 5064 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/25 20:09:00.0995 5064 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/25 20:09:01.0007 5064 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/04/25 20:09:01.0023 5064 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
2011/04/25 20:09:01.0044 5064 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/25 20:09:01.0058 5064 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/25 20:09:01.0078 5064 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/25 20:09:01.0095 5064 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/25 20:09:01.0115 5064 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/25 20:09:01.0134 5064 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/25 20:09:01.0150 5064 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/25 20:09:01.0163 5064 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/25 20:09:01.0175 5064 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/25 20:09:01.0193 5064 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/25 20:09:01.0207 5064 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/25 20:09:01.0219 5064 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/25 20:09:01.0231 5064 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/25 20:09:01.0245 5064 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/25 20:09:01.0272 5064 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/25 20:09:01.0286 5064 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/04/25 20:09:01.0304 5064 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/25 20:09:01.0320 5064 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/25 20:09:01.0345 5064 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/25 20:09:01.0357 5064 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/04/25 20:09:01.0373 5064 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/04/25 20:09:01.0392 5064 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/25 20:09:01.0405 5064 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/04/25 20:09:01.0420 5064 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/25 20:09:01.0443 5064 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/04/25 20:09:01.0476 5064 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/04/25 20:09:01.0493 5064 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/25 20:09:01.0505 5064 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/25 20:09:01.0528 5064 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/25 20:09:01.0548 5064 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/25 20:09:01.0602 5064 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/25 20:09:01.0640 5064 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/25 20:09:01.0655 5064 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/04/25 20:09:01.0678 5064 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/25 20:09:01.0694 5064 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/25 20:09:01.0711 5064 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/25 20:09:01.0729 5064 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/25 20:09:01.0743 5064 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/25 20:09:01.0755 5064 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/25 20:09:01.0770 5064 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/04/25 20:09:01.0791 5064 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/25 20:09:01.0804 5064 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/25 20:09:01.0819 5064 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/25 20:09:01.0831 5064 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/25 20:09:01.0844 5064 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/25 20:09:01.0860 5064 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/25 20:09:01.0875 5064 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/04/25 20:09:01.0893 5064 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/04/25 20:09:01.0905 5064 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/25 20:09:01.0917 5064 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/25 20:09:01.0930 5064 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/25 20:09:01.0946 5064 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/04/25 20:09:01.0968 5064 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/04/25 20:09:01.0987 5064 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/04/25 20:09:02.0003 5064 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/25 20:09:02.0016 5064 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/04/25 20:09:02.0034 5064 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/04/25 20:09:02.0052 5064 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/25 20:09:02.0070 5064 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/04/25 20:09:02.0083 5064 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/25 20:09:02.0099 5064 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/25 20:09:02.0117 5064 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/04/25 20:09:02.0131 5064 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/25 20:09:02.0148 5064 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/25 20:09:02.0161 5064 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/04/25 20:09:02.0176 5064 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/04/25 20:09:02.0193 5064 JRAID (4a8a242fda43765f4f73ecde2ba0d62a) C:\Windows\system32\DRIVERS\jraid.sys
2011/04/25 20:09:02.0206 5064 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/04/25 20:09:02.0219 5064 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/04/25 20:09:02.0234 5064 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/25 20:09:02.0249 5064 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/25 20:09:02.0264 5064 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/25 20:09:02.0289 5064 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/25 20:09:02.0312 5064 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/25 20:09:02.0325 5064 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/25 20:09:02.0339 5064 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/25 20:09:02.0353 5064 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/25 20:09:02.0367 5064 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/25 20:09:02.0384 5064 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/25 20:09:02.0398 5064 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/25 20:09:02.0415 5064 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/25 20:09:02.0428 5064 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/25 20:09:02.0440 5064 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/04/25 20:09:02.0455 5064 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/25 20:09:02.0468 5064 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/04/25 20:09:02.0481 5064 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/04/25 20:09:02.0497 5064 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/25 20:09:02.0514 5064 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/04/25 20:09:02.0529 5064 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/25 20:09:02.0545 5064 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/25 20:09:02.0561 5064 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/25 20:09:02.0574 5064 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/04/25 20:09:02.0587 5064 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/04/25 20:09:02.0611 5064 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/25 20:09:02.0623 5064 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/25 20:09:02.0635 5064 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/04/25 20:09:02.0653 5064 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/25 20:09:02.0666 5064 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/25 20:09:02.0678 5064 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/25 20:09:02.0693 5064 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/04/25 20:09:02.0713 5064 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/04/25 20:09:02.0725 5064 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/25 20:09:02.0737 5064 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/25 20:09:02.0750 5064 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/04/25 20:09:02.0763 5064 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/25 20:09:02.0782 5064 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/25 20:09:02.0807 5064 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/04/25 20:09:02.0821 5064 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/25 20:09:02.0834 5064 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/25 20:09:02.0847 5064 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/25 20:09:02.0861 5064 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/25 20:09:02.0876 5064 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/04/25 20:09:02.0889 5064 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/25 20:09:02.0904 5064 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/25 20:09:02.0936 5064 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/25 20:09:02.0952 5064 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/25 20:09:02.0970 5064 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/25 20:09:03.0000 5064 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/04/25 20:09:03.0027 5064 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/25 20:09:03.0040 5064 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
2011/04/25 20:09:03.0055 5064 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2011/04/25 20:09:03.0069 5064 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/04/25 20:09:03.0084 5064 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/04/25 20:09:03.0097 5064 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/04/25 20:09:03.0111 5064 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/04/25 20:09:03.0132 5064 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/25 20:09:03.0145 5064 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/04/25 20:09:03.0163 5064 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/04/25 20:09:03.0173 5064 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/04/25 20:09:03.0187 5064 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/25 20:09:03.0202 5064 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/25 20:09:03.0222 5064 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/25 20:09:03.0284 5064 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/25 20:09:03.0298 5064 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/25 20:09:03.0319 5064 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/25 20:09:03.0343 5064 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/25 20:09:03.0363 5064 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/25 20:09:03.0380 5064 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/25 20:09:03.0393 5064 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/25 20:09:03.0406 5064 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/25 20:09:03.0423 5064 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/25 20:09:03.0440 5064 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/25 20:09:03.0455 5064 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/25 20:09:03.0471 5064 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/25 20:09:03.0488 5064 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/25 20:09:03.0500 5064 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/25 20:09:03.0517 5064 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/04/25 20:09:03.0531 5064 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/25 20:09:03.0547 5064 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/25 20:09:03.0562 5064 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/04/25 20:09:03.0577 5064 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/04/25 20:09:03.0593 5064 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/04/25 20:09:03.0625 5064 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/25 20:09:03.0641 5064 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/04/25 20:09:03.0659 5064 RTL8187B (4a06585c8673f4458e9fbbc9dddb4d28) C:\Windows\system32\DRIVERS\wg111v3.sys
2011/04/25 20:09:03.0674 5064 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/04/25 20:09:03.0690 5064 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/04/25 20:09:03.0710 5064 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/25 20:09:03.0732 5064 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/25 20:09:03.0753 5064 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/25 20:09:03.0766 5064 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/25 20:09:03.0779 5064 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/25 20:09:03.0803 5064 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/04/25 20:09:03.0816 5064 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/25 20:09:03.0828 5064 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/25 20:09:03.0841 5064 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/25 20:09:03.0859 5064 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/25 20:09:03.0872 5064 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/25 20:09:03.0886 5064 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/25 20:09:03.0908 5064 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/25 20:09:03.0933 5064 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
2011/04/25 20:09:03.0954 5064 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/25 20:09:03.0972 5064 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/25 20:09:03.0995 5064 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/25 20:09:04.0011 5064 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/04/25 20:09:04.0023 5064 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/04/25 20:09:04.0036 5064 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/04/25 20:09:04.0092 5064 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/04/25 20:09:04.0138 5064 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/25 20:09:04.0158 5064 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/25 20:09:04.0174 5064 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/25 20:09:04.0186 5064 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/25 20:09:04.0199 5064 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/25 20:09:04.0213 5064 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/04/25 20:09:04.0245 5064 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/25 20:09:04.0258 5064 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/04/25 20:09:04.0284 5064 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/25 20:09:04.0299 5064 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/25 20:09:04.0314 5064 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/25 20:09:04.0340 5064 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/25 20:09:04.0353 5064 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/04/25 20:09:04.0366 5064 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/25 20:09:04.0385 5064 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/04/25 20:09:04.0398 5064 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
2011/04/25 20:09:04.0412 5064 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/04/25 20:09:04.0427 5064 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/25 20:09:04.0442 5064 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/04/25 20:09:04.0460 5064 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/25 20:09:04.0472 5064 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/25 20:09:04.0485 5064 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
2011/04/25 20:09:04.0499 5064 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/25 20:09:04.0518 5064 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/04/25 20:09:04.0534 5064 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/25 20:09:04.0546 5064 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/25 20:09:04.0572 5064 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/04/25 20:09:04.0604 5064 VIAHdAudAddService (dfdf7f9caa50ee72a633ea4bbd65a557) C:\Windows\system32\drivers\viahduaa.sys
2011/04/25 20:09:04.0624 5064 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/04/25 20:09:04.0638 5064 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/04/25 20:09:04.0653 5064 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/04/25 20:09:04.0665 5064 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/04/25 20:09:04.0682 5064 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/04/25 20:09:04.0697 5064 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/04/25 20:09:04.0715 5064 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/25 20:09:04.0731 5064 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/04/25 20:09:04.0744 5064 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/25 20:09:04.0763 5064 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/25 20:09:04.0777 5064 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/25 20:09:04.0788 5064 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/25 20:09:04.0814 5064 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/25 20:09:04.0832 5064 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/25 20:09:04.0871 5064 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/25 20:09:04.0883 5064 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/25 20:09:04.0920 5064 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/25 20:09:04.0937 5064 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/25 20:09:04.0964 5064 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/25 20:09:04.0989 5064 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/04/25 20:09:05.0004 5064 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/25 20:09:05.0044 5064 ================================================================================
2011/04/25 20:09:05.0044 5064 Scan finished
2011/04/25 20:09:05.0044 5064 ================================================================================
 
Good news :)
I just wanted to make sure....

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 4/25/2011 8:14:15 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = E:\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 78.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 75.17 Gb Free Space | 67.30% Space Free | Partition Type: NTFS
Drive D: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 232.88 Gb Total Space | 131.10 Gb Free Space | 56.30% Space Free | Partition Type: NTFS

Computer Name: KIRK3200MHZ | User Name: Kirk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/25 20:13:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
PRC - [2011/04/25 20:08:50 | 001,377,112 | R--- | M] (Kaspersky Lab ZAO) -- C:\Users\Kirk\AppData\Local\Temp\Temp1_tdsskiller(1).zip\TDSSKiller.exe
PRC - [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- E:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) -- E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/04/26 22:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


========== Modules (SafeList) ==========

MOD - [2011/04/25 20:13:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/09 00:53:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/04/16 03:15:58 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/09 01:06:44 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/06/17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- E:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/09 05:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/09 00:17:42 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/04 14:37:13 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/03/04 14:37:12 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 09:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/17 08:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/05/30 23:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/26 21:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/26 21:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/02 07:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/11 07:28:35 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/11/18 10:47:46 | 000,446,976 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wg111v3.sys -- (RTL8187B)
DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 18:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F 02 37 8E D1 01 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: E:\Program Files (x86)\Mozilla Firefox\components [2011/03/24 19:21:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: E:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/24 19:21:21 | 000,000,000 | ---D | M]

[2011/01/24 17:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kirk\AppData\Roaming\Mozilla\Extensions
[2011/04/07 22:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kirk\AppData\Roaming\Mozilla\Firefox\Profiles\ycvuyqp0.default\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\KIRK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YCVUYQP0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/02/23 20:57:16 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/04/24 17:04:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.87.74.166 68.87.68.166
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/14 05:29:38 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/04/24 17:05:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/24 17:01:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/24 17:01:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/24 17:01:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/24 17:01:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/24 17:01:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/24 17:00:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/24 14:55:03 | 000,000,000 | ---D | C] -- C:\Users\Kirk\Desktop\Antivirus Logs
[2011/04/24 14:27:45 | 000,000,000 | ---D | C] -- C:\Users\Kirk\AppData\Roaming\Avira
[2011/04/24 14:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/04/24 14:19:42 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/04/24 14:19:42 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/04/24 14:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/04/24 14:11:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011/04/24 14:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/24 14:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/04/24 14:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/04/24 14:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/24 14:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/24 14:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/24 13:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/24 13:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/04/23 17:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/04/23 17:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/04/23 17:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/04/23 17:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/04/23 17:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/04/23 17:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/04/23 17:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/22 22:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/04/22 22:48:51 | 000,000,000 | ---D | C] -- C:\Users\Kirk\Documents\Symantec
[2011/04/22 22:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/04/22 22:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/04/22 22:10:57 | 000,000,000 | ---D | C] -- C:\Users\Kirk\AppData\Roaming\Malwarebytes
[2011/04/22 22:10:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/04/22 22:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/22 22:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/22 22:10:21 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/04/22 22:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/04/22 22:08:26 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/04/16 15:55:08 | 000,000,000 | ---D | C] -- C:\Users\Kirk\AppData\Local\My Games
[2011/04/16 15:55:06 | 000,000,000 | ---D | C] -- C:\Users\Kirk\Documents\My Games
[2011/04/15 09:14:02 | 000,000,000 | ---D | C] -- C:\Users\Kirk\AppData\Local\AMD
[2011/04/15 09:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/04/14 23:11:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/04/14 23:11:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/04/14 23:08:01 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011/04/14 23:07:58 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011/04/10 12:00:25 | 000,000,000 | ---D | C] -- C:\Users\Kirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/04/10 11:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/04/10 11:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011/04/06 20:34:18 | 000,000,000 | ---D | C] -- C:\Users\Kirk\AppData\Roaming\TS3Client

========== Files - Modified Within 30 Days ==========

[2011/04/25 20:07:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353034316-21409312-3111263575-1000UA.job
[2011/04/25 19:07:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353034316-21409312-3111263575-1000Core.job
[2011/04/25 10:32:46 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/25 10:32:46 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/24 17:04:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/04/24 16:50:13 | 000,778,278 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/24 16:50:13 | 000,659,802 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/24 16:50:13 | 000,120,730 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/24 16:44:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/24 16:44:10 | 2146,037,759 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/24 14:06:52 | 000,001,278 | ---- | M] () -- C:\Users\Kirk\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/24 14:06:52 | 000,001,254 | ---- | M] () -- C:\Users\Kirk\Desktop\Spybot - Search & Destroy.lnk
[2011/04/24 14:01:06 | 000,001,575 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/22 22:10:24 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/22 22:07:35 | 000,098,304 | RHS- | M] () -- C:\Windows\SysWow64\msscntrs6.dll
[2011/04/16 11:10:31 | 000,001,433 | ---- | M] () -- C:\Users\Kirk\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/16 11:10:12 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/04/16 11:10:12 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/04/15 09:13:25 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/04/24 17:01:26 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/24 17:01:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/24 17:01:26 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/24 17:01:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/24 17:01:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/24 14:06:52 | 000,001,278 | ---- | C] () -- C:\Users\Kirk\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/24 14:06:52 | 000,001,254 | ---- | C] () -- C:\Users\Kirk\Desktop\Spybot - Search & Destroy.lnk
[2011/04/24 14:01:06 | 000,001,575 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/22 22:10:24 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/22 22:07:35 | 000,098,304 | RHS- | C] () -- C:\Windows\SysWow64\msscntrs6.dll
[2011/04/16 11:10:12 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/04/16 11:10:12 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/04/14 23:08:19 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2011/04/14 23:08:14 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/04/14 23:07:56 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011/04/14 23:07:54 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011/04/14 23:07:54 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011/04/14 23:07:51 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2011/04/14 23:07:51 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011/03/21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/02/22 22:24:08 | 000,000,600 | ---- | C] () -- C:\Users\Kirk\AppData\Local\PUTTY.RND
[2011/02/02 20:01:20 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/02/02 20:01:20 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/02/02 20:01:19 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/02/02 20:01:19 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/01/25 21:01:36 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/01/24 18:08:20 | 000,765,362 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/24 17:28:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/24 17:17:23 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/01/24 17:17:19 | 000,030,223 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/01/12 23:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/07/09 15:00:32 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 08:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/03/30 02:32:40 | 000,032,768 | R--- | C] () -- C:\Windows\DAODx.exe

========== LOP Check ==========

[2011/04/19 21:52:47 | 000,000,000 | ---D | M] -- C:\Users\Kirk\AppData\Roaming\.minecraft
[2011/04/23 22:18:09 | 000,000,000 | ---D | M] -- C:\Users\Kirk\AppData\Roaming\BitTorrent
[2011/03/13 23:31:40 | 000,000,000 | ---D | M] -- C:\Users\Kirk\AppData\Roaming\FileZilla
[2011/03/13 13:30:26 | 000,000,000 | ---D | M] -- C:\Users\Kirk\AppData\Roaming\gtk-2.0
[2011/01/24 19:14:47 | 000,000,000 | ---D | M] -- C:\Users\Kirk\AppData\Roaming\LolClient
[2011/02/04 00:01:44 | 000,000,000 | ---D | M] -- C:\Users\Kirk\AppData\Roaming\SumatraPDF
[2011/02/26 13:23:09 | 000,000,000 | ---D | M] -- C:\Users\Kirk\AppData\Roaming\TightVNC
[2011/04/06 20:34:29 | 000,000,000 | ---D | M] -- C:\Users\Kirk\AppData\Roaming\TS3Client
[2009/07/14 01:08:49 | 000,020,102 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/04/24 17:05:43 | 000,019,712 | ---- | M] () -- C:\ComboFix.txt
[2011/04/24 16:44:10 | 2146,037,759 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/24 16:44:17 | 4293,042,175 | -HS- | M] () -- C:\pagefile.sys
[2011/04/25 20:09:05 | 000,064,306 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_25.04.2011_20.08.52_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/16 11:10:31 | 000,000,221 | -HS- | M] () -- C:\Users\Kirk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/02/23 21:53:53 | 000,270,142 | ---- | M] () -- C:\Users\Kirk\Desktop\Minecraft.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/04/15 09:13:51 | 000,000,402 | -HS- | M] () -- C:\Users\Kirk\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
OTL Extras logfile created on: 4/25/2011 8:14:15 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = E:\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 78.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 75.17 Gb Free Space | 67.30% Space Free | Partition Type: NTFS
Drive D: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 232.88 Gb Total Space | 131.10 Gb Free Space | 56.30% Space Free | Partition Type: NTFS

Computer Name: KIRK3200MHZ | User Name: Kirk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{40B91513-A7B9-94AB-5353-926FB1C07334}" = WMV9/VC-1 Video Playback
"{47B188E2-2447-5C40-15B6-9D49DC90BF5B}" = ATI Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5F143175-13D3-5AE8-5AE9-262C6D60F994}" = AMD Fuel
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{D7B6A47A-3DC9-64FE-BFD0-ED02F036D539}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{32939827-d8e5-470a-b126-870db3c69fdf}" = Python 2.7.1
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A9D04F7-80CA-4755-97EC-6025B515A6B8}" = League of Legends
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E884205-E3A3-55F3-2EE2-0E39F8E6CCED}" = Catalyst Control Center Graphics Previews Common
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9329BA0E-DD91-D33E-B73F-AA5179C53736}" = Catalyst Control Center
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD5D6437-94F6-C8F4-AF1B-B1658E0CB8F7}" = CCC Help English
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F38556C1-486C-C07B-4655-2F1BCF18C68A}" = Catalyst Control Center InstallProxy
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"FileZilla Client" = FileZilla Client 3.3.5.1
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"numpy-py2.7" = Python 2.7 numpy-1.5.1
"Steam App 8930" = Sid Meier's Civilization V
"SumatraPDF" = SumatraPDF
"TightVNC" = TightVNC 2.0.2
"WinGimp-2.0_is1" = GIMP 2.6.11
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PIL-py2.7" = Python 2.7 PIL-1.1.7
"SOE-EverQuest II Streaming (US English)" = EverQuest II (US English)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/26/2011 5:41:29 PM | Computer Name = Kirk3200MHz | Source = Application Hang | ID = 1002
Description = The program EverQuest2.exe version 1.0.0.1 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 5a4 Start
Time: 01cbd5fd2a5be9c5 Termination Time: 0 Application Path: E:\ProgramData\Sony
Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe Report Id: 0c3a04b7-41f1-11e0-a985-20cf30e203fa


Error - 3/16/2011 9:55:29 PM | Computer Name = Kirk3200MHz | Source = Application Error | ID = 1000
Description = Faulting application name: javaw.exe, version: 6.0.240.7, time stamp:
0x4d4a0b98 Faulting module name: java.dll, version: 6.0.240.7, time stamp: 0x4d4a3fad
Exception
code: 0xc0000005 Fault offset: 0x00004e2f Faulting process id: 0x2f8 Faulting application
start time: 0x01cbe44663308052 Faulting application path: E:\Program Files (x86)\Java\bin\javaw.exe
Faulting
module path: E:\Program Files (x86)\Java\bin\java.dll Report Id: a20bdb4a-5039-11e0-8e19-20cf30e203fa

Error - 3/23/2011 9:55:34 PM | Computer Name = Kirk3200MHz | Source = Application Error | ID = 1000
Description = Faulting application name: javaw.exe, version: 6.0.240.7, time stamp:
0x4d4a0b98 Faulting module name: awt.dll, version: 6.0.240.7, time stamp: 0x4d4a3faa
Exception
code: 0xc0000005 Fault offset: 0x000a3664 Faulting process id: 0x89c Faulting application
start time: 0x01cbe9c68e68345f Faulting application path: E:\Program Files (x86)\Java\bin\javaw.exe
Faulting
module path: E:\Program Files (x86)\Java\bin\awt.dll Report Id: cdd54a29-55b9-11e0-bcce-20cf30e203fa

Error - 3/30/2011 9:55:12 PM | Computer Name = Kirk3200MHz | Source = Application Error | ID = 1000
Description = Faulting application name: javaw.exe, version: 6.0.240.7, time stamp:
0x4d4a0b98 Faulting module name: java.dll, version: 6.0.240.7, time stamp: 0x4d4a3fad
Exception
code: 0xc0000005 Fault offset: 0x00004e2f Faulting process id: 0x9b8 Faulting application
start time: 0x01cbef46ab368f9e Faulting application path: E:\Program Files (x86)\Java\bin\javaw.exe
Faulting
module path: E:\Program Files (x86)\Java\bin\java.dll Report Id: e9ea64d2-5b39-11e0-8f92-20cf30e203fa

Error - 3/30/2011 10:28:02 PM | Computer Name = Kirk3200MHz | Source = Application Hang | ID = 1002
Description = The program winamp.exe version 5.6.0.3091 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: b24 Start
Time: 01cbef4b21d3268a Termination Time: 20 Application Path: E:\Program Files (x86)\Winamp\winamp.exe

Report
Id: 718f7a9d-5b3e-11e0-8f92-20cf30e203fa

Error - 4/10/2011 11:58:53 AM | Computer Name = Kirk3200MHz | Source = MsiInstaller | ID = 11303
Description =

Error - 4/15/2011 9:13:50 AM | Computer Name = Kirk3200MHz | Source = ESENT | ID = 215
Description = WinMail (2572) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 4/15/2011 9:13:51 AM | Computer Name = Kirk3200MHz | Source = ESENT | ID = 215
Description = WinMail (2268) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 4/24/2011 2:19:09 PM | Computer Name = Kirk3200MHz | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\Kirk\AppData\Local\Temp\RarSFX0\redist.dll".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/24/2011 10:00:18 PM | Computer Name = Kirk3200MHz | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 4/24/2011 2:12:55 PM | Computer Name = Kirk3200MHz | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 4/24/2011 2:14:14 PM | Computer Name = Kirk3200MHz | Source = Service Control Manager | ID = 7001
Description = The SBSD Security Center Service service depends on the Security Center
service which failed to start because of the following error: %%1058

Error - 4/24/2011 2:14:16 PM | Computer Name = Kirk3200MHz | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.0 service failed to start due to the following error:
%%3

Error - 4/24/2011 2:19:55 PM | Computer Name = Kirk3200MHz | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 4/24/2011 4:44:25 PM | Computer Name = Kirk3200MHz | Source = Service Control Manager | ID = 7001
Description = The SBSD Security Center Service service depends on the Security Center
service which failed to start because of the following error: %%1058

Error - 4/24/2011 4:44:33 PM | Computer Name = Kirk3200MHz | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.0 service failed to start due to the following error:
%%3

Error - 4/24/2011 5:02:46 PM | Computer Name = Kirk3200MHz | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/24/2011 5:04:09 PM | Computer Name = Kirk3200MHz | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 4/24/2011 5:04:09 PM | Computer Name = Kirk3200MHz | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/24/2011 5:04:21 PM | Computer Name = Kirk3200MHz | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2011/04/22 22:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/04/22 22:48:51 | 000,000,000 | ---D | C] -- C:\Users\Kirk\Documents\Symantec
[2011/04/22 22:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/04/22 22:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted E:\KIRK3200MHZ\Backup Set 2011-02-28 185831\Backup Files 2011-02-28 185831\Backup files 1.zip Win32/Toolbar.Zugo application
successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Program Files (x86)\Common Files\Symantec Shared folder moved successfully.
C:\Users\Kirk\Documents\Symantec folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-04-24-14h12m11s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-04-24-14h11m59s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-04-23-12h11m04s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-04-23-00h49m44s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-04-22-22h59m47s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-04-22-22h57m25s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-04-22-22h52m17s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-04-22-22h48m52s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-04-22-22h48m51s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs folder moved successfully.
C:\ProgramData\NortonInstaller folder moved successfully.
C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963} folder moved successfully.
C:\ProgramData\Norton\00000083\00000033\1122 folder moved successfully.
C:\ProgramData\Norton\00000083\00000033\0 folder moved successfully.
C:\ProgramData\Norton\00000083\00000033 folder moved successfully.
C:\ProgramData\Norton\00000083 folder moved successfully.
C:\ProgramData\Norton folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kirk
->Temp folder emptied: 4225 bytes
->Temporary Internet Files folder emptied: 12385459 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 62400153 bytes
->Flash cache emptied: 846 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 442968741 bytes

Total Files Cleaned = 494.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Kirk
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04252011_203101

Files\Folders moved on Reboot...
C:\Users\Kirk\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.2.159.1
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Spybot Teatimer.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````


eset scan found this - I don't mind deleting the backup set if necessary.

E:\KIRK3200MHZ\Backup Set 2011-02-28 185831\Backup Files 2011-02-28 185831\Backup files 1.zip Win32/Toolbar.Zugo application
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL

:Services

:Reg

:Files
E:\KIRK3200MHZ\Backup Set 2011-02-28 185831\Backup Files 2011-02-28 185831\Backup files 1.zip

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
E:\KIRK3200MHZ\Backup Set 2011-02-28 185831\Backup Files 2011-02-28 185831\Backup files 1.zip moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kirk
->Temp folder emptied: 1544 bytes
->Temporary Internet Files folder emptied: 10737239 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 24624493 bytes
->Flash cache emptied: 456 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 34.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Kirk
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04252011_213403

Files\Folders moved on Reboot...
C:\Users\Kirk\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
 
I've done all you requested except the last OTL to clear restore points. I have system restore disabled.

Everything is running great. Thank you so much for your support.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
783
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back