Solved google redirect virus for vista

broni · 2011/01/01

This is not what I asked for.
You posted TDSSKiller log already.
Please, read my previous reply and....please, pay attention.

broni · 2011/01/01

Redo.

ebsgirl · 2011/01/01

Here is what the black box said...just manually writting it in

bootkit remover<c> 2009 esagelab
www.esagelab.com

Program version:1.2.0.0
OS Version: Microsoft Windows Vista Home Premium
Edition service Pack 2 <build 6002>, 32 bit

System volume is \\.\c:
\\.\c->\\.\Physical drive 0 at offset
0x00000000'00007e00
ATA-Read<>eviceI0Control<>ERROR 1
Boot Sector MD5 is: 6e1c385735071a353ec369fd572116f3

size Device Name MBR STATUS
----------------------------------------------------
232 GB \\.\Physical Drive0 Unknown boot code

Unknown boot code has been found on some of your physival disks

To inspect the boot code manually, dump the master boot sector:
remove.exe dump<device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exefix<device_name>

Done:
press any key to quit.....

ebsgirl · 2011/01/01

"broni said: ↑

This is not what I asked for.
You posted TDSSKiller log already.
Please, read my previous reply and....please, pay attention.
Click to expand...

I tried to copy and paste but it did not copy, so I accidently pasted the last thing that was pasted, so I just manually wrote what it said as it will not allow me to copy..hope this is the correct information you are looking for

broni · 2011/01/01

Good

We need to fix your MBR...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.

Double click on NTBR_CD.exe file and a folder of the same name will appear.

Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.

Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.

Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!

Read the warning and then continue as prompted.

You first need to select your keyboard layout - press Enter for English.

Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK

On the following screen enter 5 to select Install Standard MBR code.

Enter 1 to overwrite the infected MBR Code with the Standard MBR code.

When asked to confirm please do so.

Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.

Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

ebsgirl · 2011/01/02

I have created the Cd and have read up on how to set the CD-Rom to first priority.

how do I enter the BIOS? Is it the same (f8) to enter safe mode?

broni · 2011/01/02

You don't necessary have to enter BIOS.

Try to boot from the created CD.
Only, if it won't boot to the CD, you have to check "boot order" in BIOS.

To access BIOS, restart computer and closely watch the bottom of the monitor screen.
It'll say something like this:
Press <some key> to enter setup

Pressing that "some key" will allow you to enter BIOS.

ebsgirl · 2011/01/02

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ECS
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Compaq-Presario
System Product Name: NC696AA-ABA SR5710Y
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 141):
0x8244E000 \SystemRoot\system32\ntkrnlpa.exe
0x8241B000 \SystemRoot\system32\hal.dll
0x8040F000 \SystemRoot\system32\kdcom.dll
0x80416000 \SystemRoot\system32\PSHED.dll
0x80427000 \SystemRoot\system32\BOOTVID.dll
0x8042F000 \SystemRoot\system32\CLFS.SYS
0x80470000 \SystemRoot\system32\CI.dll
0x80550000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805CC000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8060E000 \SystemRoot\system32\drivers\acpi.sys
0x80654000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8065D000 \SystemRoot\system32\drivers\msisadrv.sys
0x80665000 \SystemRoot\system32\drivers\pci.sys
0x8068C000 \SystemRoot\System32\drivers\partmgr.sys
0x8069B000 \SystemRoot\system32\drivers\volmgr.sys
0x806AA000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F4000 \SystemRoot\system32\drivers\pciide.sys
0x806FB000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80709000 \SystemRoot\System32\drivers\mountmgr.sys
0x80719000 \SystemRoot\system32\drivers\nvraid.sys
0x80734000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x80755000 \SystemRoot\system32\drivers\atapi.sys
0x8075D000 \SystemRoot\system32\drivers\ataport.SYS
0x8077B000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x807A0000 \SystemRoot\system32\DRIVERS\storport.sys
0x82A01000 \SystemRoot\system32\drivers\fltmgr.sys
0x82A33000 \SystemRoot\system32\drivers\fileinfo.sys
0x82A43000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82A4C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82ABD000 \SystemRoot\system32\drivers\ndis.sys
0x82BC8000 \SystemRoot\system32\drivers\msrpc.sys
0x8A00D000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A048000 \SystemRoot\System32\drivers\tcpip.sys
0x8A132000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A204000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A314000 \SystemRoot\system32\drivers\volsnap.sys
0x8A34D000 \SystemRoot\System32\Drivers\spldr.sys
0x8A355000 \SystemRoot\System32\Drivers\mup.sys
0x8A364000 \SystemRoot\System32\drivers\ecache.sys
0x8A38B000 \SystemRoot\system32\drivers\disk.sys
0x8A39C000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A3E1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A3EC000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A14D000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8A15D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A3F5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A170000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A17A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A1B8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E80C000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0x8E858000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E882000 \SystemRoot\system32\DRIVERS\HSX_DP.sys
0x8EA06000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8EABB000 \SystemRoot\system32\drivers\modem.sys
0x8EAC8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EC0D000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8ED0D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8ED25000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8EE01000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F79E000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8ED2A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F7A0000 \SystemRoot\System32\drivers\watchdog.sys
0x8F7AC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F7DB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F7E6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EDCB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EDD6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EB55000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EB64000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EB78000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EB8D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EC00000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F7FD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EB9D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8EBA7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EBB4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8EBE9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F807000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8FA3E000 \SystemRoot\system32\drivers\portcls.sys
0x8FA6B000 \SystemRoot\system32\drivers\drmk.sys
0x8FA90000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FA99000 \SystemRoot\System32\Drivers\Null.SYS
0x8FAA0000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FAB0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8FAB7000 \SystemRoot\System32\drivers\vga.sys
0x8FAC3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FAE4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FAEC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FAF4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FAFF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FB0D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FB16000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FB2C000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8FB36000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FB4A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FB7C000 \SystemRoot\system32\drivers\afd.sys
0x8FBC4000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8FBC9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FBDF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FBED000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E984000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E9C0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E9CA000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FC04000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8FC4B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8FC58000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8FC62000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x8FC87000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
0x8FC90000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8FC99000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8FCA9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8FCAB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x97A20000 \SystemRoot\System32\win32k.sys
0x8FCB3000 \SystemRoot\System32\drivers\Dxapi.sys
0x8FCBD000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97C40000 \SystemRoot\System32\TSDDD.dll
0x97C60000 \SystemRoot\System32\cdd.dll
0x97C70000 \SystemRoot\System32\ATMFD.DLL
0x8FCCC000 \SystemRoot\system32\drivers\luafv.sys
0x8FCE7000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8FD1E000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x8FD21000 \SystemRoot\system32\drivers\spsys.sys
0x8FDD1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8FDE1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA8C0B000 \SystemRoot\system32\drivers\HTTP.sys
0xA8C78000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA8C95000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA8CAE000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA8CC3000 \SystemRoot\system32\drivers\mrxdav.sys
0xA8CE4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA8D03000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA8D3C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA8D54000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA8D7C000 \SystemRoot\System32\DRIVERS\srv.sys
0xA8DCA000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA8DE0000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAA80E000 \SystemRoot\system32\drivers\peauth.sys
0xAA8EC000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAA8F6000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAA902000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x77790000 \Windows\System32\ntdll.dll

Processes (total 71):
0 System Idle Process
4 System
448 C:\Windows\System32\smss.exe
516 csrss.exe
568 C:\Windows\System32\wininit.exe
580 csrss.exe
612 C:\Windows\System32\services.exe
624 C:\Windows\System32\lsass.exe
632 C:\Windows\System32\lsm.exe
712 C:\Windows\System32\winlogon.exe
816 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\nvvsvc.exe
904 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\audiodg.exe
1228 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\SLsvc.exe
1284 C:\Windows\System32\svchost.exe
1360 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1380 C:\Windows\System32\nvvsvc.exe
1488 C:\Windows\System32\svchost.exe
1580 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1884 C:\Windows\System32\dwm.exe
1916 C:\Windows\explorer.exe
2016 C:\Program Files\Common Files\Java\Java Update\jusched.exe
464 C:\Program Files\iTunes\iTunesHelper.exe
460 C:\hp\support\hpsysdrv.exe
472 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
476 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
524 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
1436 C:\Program Files\Carbonite\CarbonitePreinstaller.exe
1460 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
1724 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1240 C:\Windows\ehome\ehtray.exe
1076 C:\Windows\ehome\ehmsas.exe
1144 C:\Program Files\Windows Sidebar\sidebar.exe
2084 C:\Windows\System32\spoolsv.exe
2116 C:\Windows\System32\taskeng.exe
2124 C:\Windows\System32\svchost.exe
2208 C:\Windows\System32\taskeng.exe
2508 C:\Windows\System32\svchost.exe
2536 C:\Windows\System32\svchost.exe
2552 C:\Windows\System32\CISVC.EXE
2580 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
2760 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2840 C:\Program Files\Common Files\Motive\McciCMService.exe
2872 C:\Windows\System32\msiexec.exe
2920 C:\Windows\System32\svchost.exe
2960 C:\Windows\System32\svchost.exe
3016 C:\Windows\System32\svchost.exe
3044 C:\Windows\System32\SearchIndexer.exe
3124 C:\Windows\System32\drivers\XAudio.exe
3280 C:\Program Files\iPod\bin\iPodService.exe
4048 C:\Windows\System32\wbem\unsecapp.exe
2204 WmiPrvSE.exe
3596 C:\Program Files\Internet Explorer\iexplore.exe
3772 C:\Program Files\Internet Explorer\iexplore.exe
2340 C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
784 C:\Program Files\Internet Explorer\iexplore.exe
3920 C:\Windows\System32\SearchProtocolHost.exe
1644 C:\Windows\System32\SearchFilterHost.exe
2184 C:\Program Files\Internet Explorer\iexplore.exe
3992 C:\Windows\System32\mobsync.exe
4116 C:\Windows\System32\dllhost.exe
4144 C:\Windows\System32\SearchProtocolHost.exe
4336 dllhost.exe
4396 dllhost.exe
4424 C:\Users\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`68580800 (NTFS)

PhysicalDrive0 Model Number: HitachiHDP725025GLA, Rev: GM2O

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

ebsgirl · 2011/01/02

it looks like the redirect virus is gone...is there more steps to make sure its clean? thanks again so much for your time

broni · 2011/01/02

Good job

We're not done yet though.
We have to make sure, nothing is hiding out there....

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

ebsgirl · 2011/01/02

i didnt see Malwarebytes anti-malware on the list..does this need to be disabled as well? if so, how do i disable it?

ebsgirl · 2011/01/02

ok so just figured it out..i have the free down load so there is no real time protection i'll post log when done

broni · 2011/01/02

Ok

ebsgirl · 2011/01/02

ComboFix 11-01-02.02 - Owner 01/02/2011 11:21:04.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.2197 [GMT -8:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Owner\AppData\Local\Desktop Cleanup Wizard
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\cid.drv
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\Microsoft At Work.url
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\Owner\AppData\Roaming\MSA
c:\users\Owner\AppData\Roaming\MSA\userid.dat
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\pcre3.dll
c:\windows\system32\wmadtdifosini.dll

.
((((((((((((((((((((((((( Files Created from 2010-12-02 to 2011-01-02 )))))))))))))))))))))))))))))))
.

2011-01-02 07:34 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6389A21B-8F13-4674-AD71-28FE2B1B8938}\mpengine.dll
2011-01-02 05:17 . 2011-01-02 05:17 -------- d-----w- c:\program files\7-Zip
2011-01-01 20:37 . 2010-12-31 20:00 293968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-01 20:37 . 2010-12-31 19:59 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-01 20:37 . 2010-12-31 19:56 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-01 20:37 . 2010-12-31 19:56 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-01 20:37 . 2010-12-31 19:56 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-01 20:37 . 2010-12-31 20:06 38848 ----a-w- c:\windows\avastSS.scr
2011-01-01 20:37 . 2010-12-31 20:06 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-01 20:37 . 2011-01-01 20:37 -------- d-----w- c:\programdata\Alwil Software
2011-01-01 20:37 . 2011-01-01 20:37 -------- d-----w- c:\program files\Alwil Software
2010-12-31 21:09 . 2010-12-31 21:09 -------- d-----w- c:\program files\ESET
2010-12-31 19:59 . 2011-01-01 05:46 -------- d-----w- C:\TDSSKiller_Quarantine
2010-12-26 09:00 . 2010-12-26 09:00 -------- d-----w- c:\program files\Common Files\Microsoft Games
2010-12-26 08:19 . 2010-12-26 08:19 -------- d-----w- c:\windows\PCHEALTH
2010-12-25 18:02 . 2010-12-25 18:02 -------- d-----w- c:\programdata\Seagate
2010-12-25 18:02 . 2010-12-25 18:02 -------- d-----w- c:\program files\Seagate
2010-12-25 18:01 . 2010-12-25 18:01 -------- d-----w- c:\users\Owner\AppData\Local\Downloaded Installations
2010-12-25 18:00 . 2011-01-01 03:49 -------- d-----w- c:\program files\Carbonite
2010-12-25 18:00 . 2010-12-25 18:00 -------- d-sh--w- c:\windows\ftpcache
2010-12-16 04:16 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-16 04:16 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-16 04:16 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-14 13:50 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-12-08 17:53 . 2010-12-08 18:05 -------- d-----w- c:\users\Owner\.gimp-2.6
2010-12-08 17:53 . 2010-12-08 17:53 -------- d-----w- c:\users\Owner\.gegl-0.0
2010-12-08 05:09 . 2010-12-08 17:47 88 --sh--r- c:\programdata\F2A58F2E00.sys
2010-12-08 05:09 . 2010-12-08 17:48 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2010-12-08 05:07 . 2010-12-25 17:12 -------- d-----w- c:\programdata\Corel
2010-12-08 05:05 . 2010-12-25 16:47 -------- d-----w- c:\users\Owner\AppData\Roaming\Corel
2010-12-08 05:03 . 2010-12-25 16:46 -------- d-----w- c:\programdata\Ulead Systems
2010-12-08 04:41 . 2011-01-02 19:14 -------- d-----w- c:\program files\Common Files\Akamai
2010-12-07 16:50 . 2010-12-26 08:07 -------- d-----w- c:\program files\Google
2010-12-05 04:00 . 2010-12-05 04:00 -------- d-----w- c:\program files\ASIO4ALL v2
2010-12-05 03:59 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-12-05 03:59 . 2009-08-02 20:09 1554944 ----a-w- c:\windows\system32\vorbis.acm
2010-12-05 03:59 . 2010-12-05 03:59 -------- d-----w- c:\program files\Vstplugins
2010-12-05 03:59 . 2010-12-05 03:59 -------- d-----w- c:\program files\Outsim
2010-12-05 03:57 . 2010-12-05 04:05 -------- d-----w- c:\program files\Image-Line

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 18:41 . 2009-10-03 00:55 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-19 04:45 . 2006-11-02 08:52 24632 ----a-w- c:\windows\system32\drivers\crcdisk.sys
2010-10-16 19:42 . 2010-10-16 19:42 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-10-16 19:42 . 2010-10-16 19:42 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 19:42 . 2010-10-16 19:42 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 19:42 . 2010-10-16 19:42 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 19:42 . 2010-10-16 19:42 2079336 ----a-w- c:\windows\system32\nvsvc.dll
2010-10-16 18:55 . 2010-10-28 04:09 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-10-16 18:55 . 2010-10-28 04:09 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-10-16 18:55 . 2010-10-28 04:09 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55 . 2010-10-28 04:09 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55 . 2010-10-28 04:09 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55 . 2010-10-28 04:09 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55 . 2010-10-28 04:09 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-10-16 18:55 . 2010-10-28 04:09 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 18:55 . 2010-10-28 04:09 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-10-16 18:55 . 2010-10-28 04:09 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-10-16 18:55 . 2008-11-13 10:43 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55 . 2008-01-21 02:23 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdatePSTShortCut "= "c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"UpdatePDIRShortCut "= "c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdateP2GoShortCut "= "c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"hpsysdrv "= "c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"CarboniteSetupLite "= "c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr "= "c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-12-31 3395600]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IMVU.lnk - c:\users\Owner\AppData\Roaming\IMVUClient\IMVUClient.exe [N/A]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [N/A]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"tjdhijyuvldgqdvunjqfTaskMgr "= 0 (0x0)
"qmmzlkhqabugqvdcftxvTaskMgr "= 0 (0x0)
"jrpaumuqtnaiqhjhgsmfTaskMgr "= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Users
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\users\Owner
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\users\Owner\AppData
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\users\Owner\AppData\Local
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\users\Owner\AppData\Local\Temp

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride "=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-31 51280]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2008-09-10 20640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 16:50]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 16:50]

2010-12-06 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-13 19:12]

2011-01-02 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = <local>
Trusted Zone: netzero.com
Trusted Zone: netzero.net
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} - hxxp://www.shockwave.com/content/dreamchronicles2/sis/dream2web.1.0.0.13.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{2CCDCF0C-04BC-40FF-B040-A7E5A4900151} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{2CCDCF0C-04BC-40FF-B040-A7E5A4900151} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
SafeBoot-klmdb.sys
MSConfigStartUp-opeB370 - c:\users\Owner\AppData\Local\Temp\opeB370.exe
AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-02 11:29
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath "= "\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2011-01-02 11:31:57
ComboFix-quarantined-files.txt 2011-01-02 19:31

Pre-Run: 126,066,905,088 bytes free
Post-Run: 126,043,422,720 bytes free

- - End Of File - - 868BC12B9489CCCD2743D7693FD6FBD9

broni · 2011/01/02

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\programdata\F2A58F2E00.sys


DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = <local>

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
 "tjdhijyuvldgqdvunjqfTaskMgr "=-
 "qmmzlkhqabugqvdcftxvTaskMgr "=-
 "jrpaumuqtnaiqhjhgsmfTaskMgr "=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Users]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\users\Owner]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\users\Owner\AppData]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\users\Owner\AppData\Local]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\users\Owner\AppData\Local\Temp]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
 "AntiVirusOverride "=-
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

ebsgirl · 2011/01/02

ok so my avast no longer has the little icon in toolbar to just disable..so i went into the program and individually turned off each real time shield..so it says real time shields are off...is that good enough?

broni · 2011/01/02

Go

ebsgirl · 2011/01/02

ComboFix 11-01-02.02 - Owner 01/02/2011 12:04:40.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1885 [GMT -8:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\F2A58F2E00.sys "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\F2A58F2E00.sys

.
((((((((((((((((((((((((( Files Created from 2010-12-02 to 2011-01-02 )))))))))))))))))))))))))))))))
.

2011-01-02 20:10 . 2011-01-02 20:10 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-01-02 20:10 . 2011-01-02 20:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-02 07:34 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6389A21B-8F13-4674-AD71-28FE2B1B8938}\mpengine.dll
2011-01-02 05:17 . 2011-01-02 05:17 -------- d-----w- c:\program files\7-Zip
2011-01-01 20:37 . 2010-12-31 20:00 293968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-01 20:37 . 2010-12-31 19:59 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-01 20:37 . 2010-12-31 19:56 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-01 20:37 . 2010-12-31 19:56 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-01 20:37 . 2010-12-31 19:56 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-01 20:37 . 2010-12-31 20:06 38848 ----a-w- c:\windows\avastSS.scr
2011-01-01 20:37 . 2010-12-31 20:06 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-01 20:37 . 2011-01-01 20:37 -------- d-----w- c:\programdata\Alwil Software
2011-01-01 20:37 . 2011-01-01 20:37 -------- d-----w- c:\program files\Alwil Software
2010-12-31 21:09 . 2010-12-31 21:09 -------- d-----w- c:\program files\ESET
2010-12-31 19:59 . 2011-01-01 05:46 -------- d-----w- C:\TDSSKiller_Quarantine
2010-12-26 09:00 . 2010-12-26 09:00 -------- d-----w- c:\program files\Common Files\Microsoft Games
2010-12-26 08:19 . 2010-12-26 08:19 -------- d-----w- c:\windows\PCHEALTH
2010-12-25 18:02 . 2010-12-25 18:02 -------- d-----w- c:\programdata\Seagate
2010-12-25 18:02 . 2010-12-25 18:02 -------- d-----w- c:\program files\Seagate
2010-12-25 18:01 . 2010-12-25 18:01 -------- d-----w- c:\users\Owner\AppData\Local\Downloaded Installations
2010-12-25 18:00 . 2011-01-01 03:49 -------- d-----w- c:\program files\Carbonite
2010-12-25 18:00 . 2010-12-25 18:00 -------- d-sh--w- c:\windows\ftpcache
2010-12-16 04:16 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-16 04:16 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-16 04:16 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-14 13:50 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-12-08 17:53 . 2010-12-08 18:05 -------- d-----w- c:\users\Owner\.gimp-2.6
2010-12-08 17:53 . 2010-12-08 17:53 -------- d-----w- c:\users\Owner\.gegl-0.0
2010-12-08 05:09 . 2010-12-08 17:48 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2010-12-08 05:07 . 2010-12-25 17:12 -------- d-----w- c:\programdata\Corel
2010-12-08 05:05 . 2010-12-25 16:47 -------- d-----w- c:\users\Owner\AppData\Roaming\Corel
2010-12-08 05:03 . 2010-12-25 16:46 -------- d-----w- c:\programdata\Ulead Systems
2010-12-08 04:41 . 2011-01-02 19:14 -------- d-----w- c:\program files\Common Files\Akamai
2010-12-07 16:50 . 2010-12-26 08:07 -------- d-----w- c:\program files\Google
2010-12-05 04:00 . 2010-12-05 04:00 -------- d-----w- c:\program files\ASIO4ALL v2
2010-12-05 03:59 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-12-05 03:59 . 2009-08-02 20:09 1554944 ----a-w- c:\windows\system32\vorbis.acm
2010-12-05 03:59 . 2010-12-05 03:59 -------- d-----w- c:\program files\Vstplugins
2010-12-05 03:59 . 2010-12-05 03:59 -------- d-----w- c:\program files\Outsim
2010-12-05 03:57 . 2010-12-05 04:05 -------- d-----w- c:\program files\Image-Line

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 18:41 . 2009-10-03 00:55 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-19 04:45 . 2006-11-02 08:52 24632 ----a-w- c:\windows\system32\drivers\crcdisk.sys
2010-10-16 19:42 . 2010-10-16 19:42 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-10-16 19:42 . 2010-10-16 19:42 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 19:42 . 2010-10-16 19:42 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 19:42 . 2010-10-16 19:42 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 19:42 . 2010-10-16 19:42 2079336 ----a-w- c:\windows\system32\nvsvc.dll
2010-10-16 18:55 . 2010-10-28 04:09 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-10-16 18:55 . 2010-10-28 04:09 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-10-16 18:55 . 2010-10-28 04:09 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55 . 2010-10-28 04:09 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55 . 2010-10-28 04:09 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55 . 2010-10-28 04:09 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55 . 2010-10-28 04:09 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-10-16 18:55 . 2010-10-28 04:09 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 18:55 . 2010-10-28 04:09 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-10-16 18:55 . 2010-10-28 04:09 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-10-16 18:55 . 2008-11-13 10:43 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55 . 2008-01-21 02:23 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdatePSTShortCut "= "c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"UpdatePDIRShortCut "= "c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdateP2GoShortCut "= "c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"hpsysdrv "= "c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"CarboniteSetupLite "= "c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr "= "c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-12-31 3395600]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IMVU.lnk - c:\users\Owner\AppData\Roaming\IMVUClient\IMVUClient.exe [N/A]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [N/A]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride "=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-31 51280]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2008-09-10 20640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 16:50]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 16:50]

2010-12-06 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-13 19:12]

2011-01-02 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = hxxp://www.google.com
Trusted Zone: netzero.com
Trusted Zone: netzero.net
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} - hxxp://www.shockwave.com/content/dreamchronicles2/sis/dream2web.1.0.0.13.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-02 12:10
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath "= "\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2011-01-02 12:12:42
ComboFix-quarantined-files.txt 2011-01-02 20:12
ComboFix2.txt 2011-01-02 19:31

Pre-Run: 125,600,751,616 bytes free
Post-Run: 125,570,760,704 bytes free

- - End Of File - - 4BD4154769E72C8AC56FA58381098DD5

broni · 2011/01/02

Good

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

ebsgirl · 2011/01/02

OTL logfile created on: 1/2/2011 12:26:58 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.63 Gb Total Space | 116.99 Gb Free Space | 52.79% Space Free | Partition Type: NTFS
Drive D: | 11.25 Gb Total Space | 1.08 Gb Free Space | 9.62% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/02 12:26:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/12/31 12:06:35 | 003,395,600 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/12/31 12:06:34 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/10/16 11:42:12 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/10/05 07:48:10 | 000,328,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/04/18 07:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe

========== Modules (SafeList) ==========

MOD - [2011/01/02 12:26:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2010/12/31 12:06:33 | 000,187,144 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/12/31 12:06:34 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/08 15:41:43 | 003,020,888 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_aeec0f0.dll -- (Akamai)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/20 15:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/09/24 17:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/04/10 22:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - [2010/12/31 12:00:18 | 000,293,968 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/12/31 11:59:23 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/12/31 11:56:49 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/12/31 11:56:37 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/12/31 11:56:27 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/10/16 10:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/04/30 14:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 14:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/04/10 20:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/11 11:38:14 | 002,324,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/10/09 14:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/09/10 04:48:20 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/09/10 04:47:18 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/09/10 04:46:22 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/09/09 16:58:08 | 000,020,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2008/09/04 03:34:34 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/08/01 04:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/21 08:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/07/21 08:12:22 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 01:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/20 18:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 18:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 18:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 18:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 18:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 18:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 18:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 18:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 18:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 18:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 18:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 18:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 18:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 18:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 18:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 18:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 18:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 18:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 18:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 18:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 18:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[2009/03/18 11:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2009/03/18 11:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2011/01/02 12:10:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = C:\Users\Owner\AppData\Roaming\IMVUClient\IMVUClient.exe File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: netzero.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: netzero.net ([]* in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1288238257846 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} http://www.shockwave.com/content/dreamchronicles2/sis/dream2web.1.0.0.13.cab (CPlayFirstDreamChronControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/02 12:26:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/01/02 12:12:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/02 12:12:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2011/01/02 12:03:27 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/01/02 12:03:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/02 11:19:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/02 11:19:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/02 11:19:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/02 11:19:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/02 11:19:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/01 21:56:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\NTBR_CD
[2011/01/01 21:18:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\bootkit_remover
[2011/01/01 21:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/01/01 21:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/01/01 20:55:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\tdsskiller
[2011/01/01 12:37:22 | 000,293,968 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/01/01 12:37:22 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/01/01 12:37:22 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/01/01 12:37:22 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/01/01 12:37:22 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/01/01 12:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/01/01 12:37:12 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/01/01 12:37:12 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/01/01 12:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/01/01 12:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/01/01 12:18:27 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\TFC.exe
[2010/12/31 13:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/12/31 11:59:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010/12/30 14:07:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\beats
[2010/12/26 10:33:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\woains24
[2010/12/26 01:05:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Flight Simulator X Files
[2010/12/26 01:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Games
[2010/12/26 00:19:49 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/12/25 10:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2010/12/25 10:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
[2010/12/25 10:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2010/12/25 10:01:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Downloaded Installations
[2010/12/25 10:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
[2010/12/25 10:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2010/12/25 10:00:56 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010/12/08 09:53:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\.gimp-2.6
[2010/12/08 09:53:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\.gegl-0.0
[2010/12/07 21:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2010/12/07 21:05:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Corel
[2010/12/07 21:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2010/12/07 20:42:55 | 509,192,096 | ---- | C] (Acresso Software Inc.) -- C:\Users\Owner\Documents\PSPP_X3_TBYB.exe
[2010/12/07 20:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010/12/07 08:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/12/04 20:00:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2010/12/04 20:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2010/12/04 19:59:35 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\rewire.dll
[2010/12/04 19:59:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Image-Line
[2010/12/04 19:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2010/12/04 19:59:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2010/12/04 19:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\Vstplugins
[2010/12/04 19:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2010/12/04 19:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line

========== Files - Modified Within 30 Days ==========

[2011/01/02 12:26:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/01/02 12:13:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/02 12:13:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/02 12:10:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/02 11:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/02 11:17:46 | 004,012,504 | R--- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/01/02 10:35:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/02 10:08:29 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/01/02 08:55:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/02 05:44:27 | 000,085,504 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/02 04:09:26 | 000,645,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/02 04:09:26 | 000,121,128 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/01 22:15:51 | 000,080,384 | ---- | M] () -- C:\Users\Owner\Desktop\MBRCheck.exe
[2011/01/01 22:13:17 | 3085,299,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/01 21:49:17 | 002,565,432 | ---- | M] () -- C:\Users\Owner\Desktop\NTBR_CD.exe
[2011/01/01 21:17:11 | 001,110,476 | ---- | M] () -- C:\Users\Owner\Desktop\7z920.exe
[2011/01/01 21:15:16 | 000,039,605 | ---- | M] () -- C:\Users\Owner\Desktop\bootkit_remover.rar
[2011/01/01 20:55:11 | 001,232,020 | ---- | M] () -- C:\Users\Owner\Desktop\tdsskiller.zip
[2011/01/01 14:06:21 | 000,296,448 | ---- | M] () -- C:\Users\Owner\Desktop\v0gnk0uk.exe
[2011/01/01 13:28:35 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\TFC.exe
[2011/01/01 13:09:39 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/01/01 12:37:22 | 000,001,806 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/01/01 12:29:08 | 051,515,288 | ---- | M] () -- C:\Users\Owner\Desktop\setup_av_free.exe
[2010/12/31 19:49:35 | 000,376,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/31 12:48:03 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/12/31 12:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/12/31 12:06:33 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/12/31 12:00:18 | 000,293,968 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/12/31 11:59:23 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/12/31 11:56:49 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/12/31 11:56:37 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/12/31 11:56:27 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/12/30 23:14:01 | 000,000,112 | ---- | M] () -- C:\ProgramData\1VjM2R.dat
[2010/12/30 13:35:26 | 000,237,092 | ---- | M] () -- C:\Users\Owner\Desktop\28670__hello_flowers__57920_Trance_Scratch.wav
[2010/12/26 10:33:16 | 000,996,011 | ---- | M] () -- C:\Users\Owner\Desktop\woains24.zip
[2010/12/26 10:29:44 | 000,001,092 | ---- | M] () -- C:\Users\Owner\Desktop\Airplanes - Shortcut.lnk
[2010/12/25 10:03:29 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2010/12/25 10:00:57 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\Carbonite Online Backup Setup.lnk
[2010/12/08 09:59:11 | 000,002,166 | ---- | M] () -- C:\Users\Owner\.recently-used.xbel
[2010/12/08 09:51:48 | 000,001,709 | ---- | M] () -- C:\Users\Owner\Desktop\1000 Free Songs!.lnk
[2010/12/08 09:51:48 | 000,001,701 | ---- | M] () -- C:\Users\Owner\Desktop\Free Music Downloads.lnk
[2010/12/08 09:48:06 | 000,002,516 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/12/07 20:58:09 | 509,192,096 | ---- | M] (Acresso Software Inc.) -- C:\Users\Owner\Documents\PSPP_X3_TBYB.exe
[2010/12/06 11:05:08 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2010/12/04 19:59:34 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 9.lnk

========== Files Created - No Company Name ==========

[2011/01/02 11:19:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/02 11:19:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/02 11:19:59 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/02 11:19:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/02 11:19:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/02 11:17:39 | 004,012,504 | R--- | C] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/01/01 22:15:50 | 000,080,384 | ---- | C] () -- C:\Users\Owner\Desktop\MBRCheck.exe
[2011/01/01 21:49:17 | 002,565,432 | ---- | C] () -- C:\Users\Owner\Desktop\NTBR_CD.exe
[2011/01/01 21:17:07 | 001,110,476 | ---- | C] () -- C:\Users\Owner\Desktop\7z920.exe
[2011/01/01 21:15:21 | 000,039,605 | ---- | C] () -- C:\Users\Owner\Desktop\bootkit_remover.rar
[2011/01/01 20:55:11 | 001,232,020 | ---- | C] () -- C:\Users\Owner\Desktop\tdsskiller.zip
[2011/01/01 20:33:07 | 3085,299,712 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/01 14:06:20 | 000,296,448 | ---- | C] () -- C:\Users\Owner\Desktop\v0gnk0uk.exe
[2011/01/01 12:37:22 | 000,001,806 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/01/01 12:29:08 | 051,515,288 | ---- | C] () -- C:\Users\Owner\Desktop\setup_av_free.exe
[2010/12/30 23:14:01 | 000,000,112 | ---- | C] () -- C:\ProgramData\1VjM2R.dat
[2010/12/30 13:35:22 | 000,237,092 | ---- | C] () -- C:\Users\Owner\Desktop\28670__hello_flowers__57920_Trance_Scratch.wav
[2010/12/26 10:33:17 | 000,996,011 | ---- | C] () -- C:\Users\Owner\Desktop\woains24.zip
[2010/12/26 10:29:44 | 000,001,092 | ---- | C] () -- C:\Users\Owner\Desktop\Airplanes - Shortcut.lnk
[2010/12/25 10:03:29 | 000,001,987 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2010/12/25 10:00:57 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\Carbonite Online Backup Setup.lnk
[2010/12/08 09:59:11 | 000,002,166 | ---- | C] () -- C:\Users\Owner\.recently-used.xbel
[2010/12/08 09:51:48 | 000,001,709 | ---- | C] () -- C:\Users\Owner\Desktop\1000 Free Songs!.lnk
[2010/12/08 09:51:48 | 000,001,701 | ---- | C] () -- C:\Users\Owner\Desktop\Free Music Downloads.lnk
[2010/12/07 21:50:27 | 000,148,195 | ---- | C] () -- C:\Program Files\Common Files\BookViewer.xap
[2010/12/07 21:09:34 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/12/07 08:50:21 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/07 08:50:19 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/04 19:59:34 | 000,000,898 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 9.lnk
[2010/09/09 00:09:38 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010/09/09 00:09:38 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010/09/09 00:09:38 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010/09/08 17:18:22 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/08/29 14:04:23 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/08/22 11:08:56 | 000,000,096 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2010/08/21 08:43:49 | 000,126,464 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/04/06 02:10:15 | 000,225,411 | ---- | C] () -- C:\Windows\System32\PosPrKpLib.dll
[2010/04/06 02:10:07 | 000,020,480 | ---- | C] () -- C:\Windows\System32\PosTickerLib.dll
[2009/11/01 22:26:39 | 000,000,383 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/09/16 20:42:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/05 15:26:38 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/16 15:33:45 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/16 15:31:52 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/03/16 15:59:31 | 000,000,151 | ---- | C] () -- C:\Windows\disney.ini
[2009/03/11 00:39:08 | 000,085,504 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/10 23:25:49 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/03/10 23:22:46 | 000,000,044 | ---- | C] () -- C:\Windows\EPNX100.ini
[2009/03/10 21:33:01 | 000,014,598 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/03/10 21:23:29 | 001,556,996 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2008/11/13 02:35:04 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/11/13 02:35:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/09/23 03:52:14 | 000,078,848 | ---- | C] () -- C:\Windows\System32\OneWay.dll
[2002/06/02 06:05:40 | 000,038,912 | ---- | C] () -- C:\Windows\System32\1Way.dll

========== LOP Check ==========

[2009/06/28 17:30:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\blinkx
[2010/08/10 11:43:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\By Frank Salter
[2010/12/31 14:37:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CA092C6D7550B69F85BB4D6452AD9AEE
[2009/06/29 19:46:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Costco Photo Viewer US
[2010/09/05 22:17:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Enlightenus2SE_BFG
[2009/03/10 23:33:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\EPSON
[2009/11/22 18:32:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FloodLightGames
[2009/08/15 18:07:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\funkitron
[2010/09/18 11:36:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Gamelab
[2010/12/08 10:02:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\gtk-2.0
[2009/11/07 23:54:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iWin
[2009/03/10 23:31:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2009/03/11 22:22:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ludia
[2010/09/16 07:46:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Misyki
[2010/12/01 07:14:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MtStudio
[2010/11/30 20:31:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NetMedia Providers
[2010/08/31 20:15:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayFirst
[2010/11/30 20:31:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Publish Providers
[2010/11/30 20:31:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sony
[2009/03/10 21:33:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2010/09/05 23:28:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Top Evidence
[2010/09/16 02:35:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ufbuvi
[2009/06/25 13:07:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\URSoft
[2011/01/02 12:28:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2009/06/13 19:23:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WeatherBug
[2010/09/08 18:10:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WildTangent
[2010/09/26 09:47:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2011/01/02 10:08:29 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/01/01 22:10:09 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/05/18 21:57:31 | 001,049,654 | ---- | M] () -- C:\alpha.bmp
[2006/09/18 13:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 22:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/01/02 12:12:43 | 000,013,039 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/01/01 22:13:17 | 3085,299,712 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/12 19:33:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/09/12 19:33:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/03/14 16:54:24 | 000,000,825 | ---- | M] () -- C:\net_save.dna
[2011/01/01 22:13:16 | 3399,233,536 | -HS- | M] () -- C:\pagefile.sys
[2011/01/01 20:56:35 | 000,058,124 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_01.01.2011_20.55.56_log.txt
[2010/10/18 20:44:13 | 000,058,292 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_18.10.2010_21.42.43_log.txt
[2010/12/31 12:01:25 | 000,112,462 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_31.12.2010_11.57.49_log.txt
[2010/12/31 16:17:41 | 000,056,968 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_31.12.2010_16.16.14_log.txt
[2010/12/31 21:02:27 | 000,056,968 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_31.12.2010_21.01.12_log.txt
[2010/12/31 21:34:16 | 000,111,848 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_31.12.2010_21.32.31_log.txt
[2010/12/31 21:47:39 | 000,111,970 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_31.12.2010_21.44.55_log.txt
[2008/11/13 02:57:45 | 000,000,349 | ---- | M] () -- C:\updatedatfix.log
[2009/03/10 19:32:22 | 000,000,000 | ---- | M] () -- C:\Updates.txt
[2008/08/26 04:37:52 | 000,000,458 | ---- | M] () -- C:\Windows Sidebar

< %systemroot%\Fonts\*.com >
[2006/11/02 04:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 04:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 04:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/20 10:41:57 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 13:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 04:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/12/31 12:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/11/08 12:10:58 | 000,001,674 | -H-- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2008/01/20 18:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 19:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 19:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 19:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/10/27 22:07:55 | 000,000,355 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/01/01 21:17:11 | 001,110,476 | ---- | M] () -- C:\Users\Owner\Desktop\7z920.exe
[2011/01/02 11:17:46 | 004,012,504 | R--- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/01/01 22:15:51 | 000,080,384 | ---- | M] () -- C:\Users\Owner\Desktop\MBRCheck.exe
[2011/01/01 21:49:17 | 002,565,432 | ---- | M] () -- C:\Users\Owner\Desktop\NTBR_CD.exe
[2011/01/02 12:26:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/01/01 12:29:08 | 051,515,288 | ---- | M] () -- C:\Users\Owner\Desktop\setup_av_free.exe
[2011/01/01 13:28:35 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\TFC.exe
[2011/01/01 14:06:21 | 000,296,448 | ---- | M] () -- C:\Users\Owner\Desktop\v0gnk0uk.exe

< %PROGRAMFILES%\Common Files\*.* >
[2010/11/16 12:49:24 | 000,148,195 | ---- | M] () -- C:\Program Files\Common Files\BookViewer.xap

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2009/06/21 19:14:10 | 000,371,200 | ---- | M] (Microsoft Corporation) -- C:\Users\Owner\mskb928080.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/03/10 19:21:56 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini
[2011/01/01 20:35:43 | 000,001,244 | ---- | M] () -- C:\Users\Owner\Favorites\WildTangent Games.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/12/08 09:48:06 | 000,002,516 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/10/23 17:52:01 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/06/23 15:25:50 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
McDonnell Douglas KC-10 Extender Uninstaller.exe
Photo Pos Pro Uninstaller.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:FAB64002
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:B3A1E064
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:BAC2F271
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:3DAC3B29
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:B3D74A13
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:109734F6
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >

Log in or Sign up

Solved google redirect virus for vista

broni Moderator Malware Analyst

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

Share This Page

Log in or Sign up

Solved google redirect virus for vista

broni Moderator Malware Analyst

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

broni Moderator Malware Analyst

ebsgirl Inactive Thread Starter

Share This Page

Useful Searches