[tran_face]

i recently logged onto facebook and clicked on a fanpage that one of my friend liked. it then took me to another page and all of a sudden i started getting pop ups. since i am using avast as an antivirus a notification popped up saying that there was a trojan virus blocked. i dont know which one it was. now when i log onto my desktop theres nothing but a black screen and the cursor. i would then have to do alt+ctrl+del and start a new task and open explorer.exe for the desktop to show up. some of the webpages that i open up using mozilla firefox wont show anything but text and links for example yahoo's homepage. now when i go on facebook i cant post or comment on anyone's page. i noticed that i could do everything normally on facebook when im using internet explorer. the yahoo home page works on ie too. i also tried doing a system restore but it doesnt seem to do anything. i know that there are some things that i should have done before i post a new topic here but its been awhile since i last used this. can you please help guide me through all the steps please. thank you.

i followed the steps to the cleaning guide.


MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4156

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

5/30/2010 12:00:25 PM
mbam-log-2010-05-30 (12-00-25).txt

Scan type: Quick scan
Objects scanned: 135358
Time elapsed: 8 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)








GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-30 12:36:48
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Tran\AppData\Local\Temp\kxldipog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9EC02000, 0x1FA4DA, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[5656] USER32.dll!CreateWindowExW 75DD1305 5 Bytes JMP 6DF9D9BC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5656] USER32.dll!DialogBoxParamW 75DF10B0 5 Bytes JMP 6DEC5689 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5656] USER32.dll!DialogBoxIndirectParamW 75DF2EF5 5 Bytes JMP 6E0943F7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5656] USER32.dll!DialogBoxParamA 75E08152 5 Bytes JMP 6E094394 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5656] USER32.dll!DialogBoxIndirectParamA 75E0847D 5 Bytes JMP 6E09445A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5656] USER32.dll!MessageBoxIndirectA 75E1D4D9 5 Bytes JMP 6E094329 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5656] USER32.dll!MessageBoxIndirectW 75E1D5D3 5 Bytes JMP 6E0942BE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5656] USER32.dll!MessageBoxExA 75E1D639 5 Bytes JMP 6E09425C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5656] USER32.dll!MessageBoxExW 75E1D65D 5 Bytes JMP 6E0941FA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!CreateDialogParamW 75DC72A2 5 Bytes JMP 6DF9DD48 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!GetAsyncKeyState 75DC863C 5 Bytes JMP 6DEB90A7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!SetWindowsHookExW 75DC87AD 5 Bytes JMP 6DF99B29 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!CallNextHookEx 75DC8E3B 5 Bytes JMP 6DF8D171 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!UnhookWindowsHookEx 75DC98DB 5 Bytes JMP 6DF0486E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!EnableWindow 75DCCD8B 5 Bytes JMP 6DF9DBD5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!CreateWindowExW 75DD1305 5 Bytes JMP 6DF9D9BC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!GetKeyState 75DD8CB1 5 Bytes JMP 6DF9D183 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!IsDialogMessageW 75DE0745 5 Bytes JMP 6DEC5B9B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!CreateDialogParamA 75DE17AA 5 Bytes JMP 6E09507C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!IsDialogMessage 75DE1847 5 Bytes JMP 6E094918 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!CreateDialogIndirectParamA 75DE26F1 5 Bytes JMP 6E0950B3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!CreateDialogIndirectParamW 75DE9A62 5 Bytes JMP 6E0950EA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!SetKeyboardState 75DF0987 5 Bytes JMP 6E094C87 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!DialogBoxParamW 75DF10B0 5 Bytes JMP 6DEC5689 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!DialogBoxIndirectParamW 75DF2EF5 5 Bytes JMP 6E0943F7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!SendInput 75DF2F75 5 Bytes JMP 6E095843 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!EndDialog 75DF326E 5 Bytes JMP 6DEC8042 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!SetCursorPos 75E06FB2 5 Bytes JMP 6E095897 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!DialogBoxParamA 75E08152 5 Bytes JMP 6E094394 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!DialogBoxIndirectParamA 75E0847D 5 Bytes JMP 6E09445A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!MessageBoxIndirectA 75E1D4D9 5 Bytes JMP 6E094329 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!MessageBoxIndirectW 75E1D5D3 5 Bytes JMP 6E0942BE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!MessageBoxExA 75E1D639 5 Bytes JMP 6E09425C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!MessageBoxExW 75E1D65D 5 Bytes JMP 6E0941FA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!keybd_event 75E1D972 5 Bytes JMP 6E095BC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] SHELL32.dll!SHRestricted + D95 76668988 4 Bytes [4D, 30, 65, 62] {DEC EBP; XOR [EBP+0x62], AH}
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] SHELL32.dll!SHRestricted + D9D 76668990 8 Bytes [57, 2F, 65, 62, 9C, 5B, 64, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] ole32.dll!OleLoadFromStream 76071E12 5 Bytes JMP 6E094778 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] ole32.dll!CoCreateInstance 760A9EA6 5 Bytes JMP 6DF9DA18 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021863cae2b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0[email protected] 0x65 0x94 0xD6 0xCB ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0021863cae2b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0[email protected] 0x65 0x94 0xD6 0xCB ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\[email protected] 4916

---- EOF - GMER 1.0.15 ----










OTL

OTL logfile created on: 5/30/2010 12:40:12 PM - Run 1
OTL by OldTimer - Version 3.2.5.1 Folder = C:\Users\Tran\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.39 Gb Total Space | 94.63 Gb Free Space | 42.36% Space Free | Partition Type: NTFS
Drive D: | 9.49 Gb Total Space | 1.64 Gb Free Space | 17.29% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRAN-PC
Current User Name: Tran
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/30 11:30:47 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Tran\Desktop\OTL.exe
PRC - [2010/05/16 01:45:02 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/12/01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2009/12/01 13:37:46 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2009/10/23 11:56:20 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/07/17 20:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/04/10 23:28:15 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wisptis.exe
PRC - [2009/04/10 23:28:06 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/10 04:50:38 | 000,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WTablet\Pen_TabletUser.exe
PRC - [2008/04/10 04:50:06 | 001,369,384 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.exe
PRC - [2008/03/26 15:26:56 | 000,341,328 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2008/02/13 06:52:10 | 004,915,200 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2008/01/20 19:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2008/01/20 19:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/19 09:02:58 | 000,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2007/11/01 08:44:50 | 000,671,744 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2007/10/16 07:55:32 | 000,095,528 | ---- | M] () -- C:\WINDOWS\System32\WacomTouchService.exe
PRC - [2007/05/25 10:16:08 | 000,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/05/30 11:30:47 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Tran\Desktop\OTL.exe
MOD - [2009/04/10 23:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 19:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/12/01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache)
SRV - [2008/04/10 04:50:06 | 001,369,384 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2008/03/26 15:26:56 | 000,341,328 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/16 07:55:32 | 000,095,528 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WacomTouchService.exe -- (WacomTouchService)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2009/10/22 19:11:03 | 001,205,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/10/22 19:11:03 | 001,205,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2009/08/28 19:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2008/03/28 19:24:16 | 003,544,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/26 10:59:12 | 000,061,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/02/14 10:03:10 | 002,061,528 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/02/14 07:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/02/01 01:41:58 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008/02/01 01:41:58 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/02/01 01:41:58 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008/01/24 06:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/01/20 19:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 19:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 19:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 19:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 19:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 19:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 19:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 19:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 19:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 19:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 19:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 19:23:23 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 19:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 19:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 19:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 19:23:22 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008/01/20 19:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 19:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 19:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 19:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 19:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 19:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 19:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/18 04:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/11/05 09:39:18 | 000,010,536 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wacomhidfilter.sys -- (Wacomhidfilter)
DRV - [2007/11/01 08:49:50 | 001,021,056 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\smserial.sys -- (smserial)
DRV - [2007/10/06 03:30:50 | 000,012,712 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/08/28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/07/11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/02/22 07:55:10 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2007/02/16 04:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 09:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/10/30 04:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.0.3790
FF - prefs.js..keyword.URL: "http://search.yahoo....fr=ytff-tyc&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/27 01:21:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2010/03/26 10:26:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/30 04:23:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/30 04:23:50 | 000,000,000 | ---D | M]

[2009/10/23 08:09:27 | 000,000,000 | ---D | M] -- C:\Users\Tran\AppData\Roaming\Mozilla\Extensions
[2010/05/28 14:04:29 | 000,000,000 | ---D | M] -- C:\Users\Tran\AppData\Roaming\Mozilla\Firefox\Profiles\siptln3v.default\extensions
[2010/02/27 12:40:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Tran\AppData\Roaming\Mozilla\Firefox\Profiles\siptln3v.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/29 15:47:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Tran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tran\Pictures\end 2009, beginning 2010\DSC081601.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tran\Pictures\end 2009, beginning 2010\DSC081601.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/30 01:18:05 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\WINDOWS\System32\ias [2008/01/20 19:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/30 12:02:22 | 000,000,000 | ---D | C] -- C:\Users\Tran\Desktop\gmer
[2010/05/30 11:49:52 | 000,000,000 | ---D | C] -- C:\Users\Tran\AppData\Roaming\Malwarebytes
[2010/05/30 11:49:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/30 11:49:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/30 11:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/30 11:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/30 11:48:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/30 11:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/30 11:30:44 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Tran\Desktop\OTL.exe
[2010/05/30 11:29:48 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tran\Desktop\mbam-setup.exe
[2010/05/30 11:24:41 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Tran\Desktop\erunt_setup.exe
[2010/05/30 11:22:29 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Tran\Desktop\TFC.exe
[2010/05/24 22:06:58 | 000,000,000 | ---D | C] -- C:\Users\Tran\AppData\Roaming\Avery
[2010/05/16 01:47:35 | 000,000,000 | ---D | C] -- C:\Users\Tran\Desktop\books
[2010/05/12 23:00:42 | 000,000,000 | ---D | C] -- C:\Users\Tran\AppData\Roaming\skypePM
[2010/05/12 22:59:19 | 000,000,000 | ---D | C] -- C:\Users\Tran\AppData\Roaming\Skype
[2010/05/08 01:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/08 01:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/08 01:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/16 01:47:58 | 000,000,000 | ---D | C] -- C:\Users\Tran\AppData\Local\Nero
[2010/04/07 21:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/04/07 21:00:48 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/04/07 21:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/04/01 01:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/01 01:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/26 10:26:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\tr
[2010/03/26 10:26:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\sv
[2010/03/26 10:26:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\ru
[2010/03/26 10:26:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\no
[2010/03/26 10:26:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\da
[2010/03/26 10:26:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\ko
[2010/03/26 10:26:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\ja
[2010/03/26 10:26:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\it
[2010/03/26 10:26:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\fr
[2010/03/26 10:26:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\es
[2010/03/26 10:26:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\de
[2010/03/26 10:26:03 | 000,000,000 | ---D | C] -- C:\Windows\DPDrv
[2010/03/26 10:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2010/03/13 18:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/03/13 17:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8

========== Files - Modified Within 90 Days ==========

[2010/05/30 12:42:30 | 002,097,152 | -HS- | M] () -- C:\Users\Tran\ntuser.dat
[2010/05/30 12:31:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/30 12:22:18 | 000,000,267 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/05/30 12:21:31 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/30 12:14:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/30 12:14:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/30 12:13:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/30 12:13:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/30 12:13:10 | 2949,816,320 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/30 12:13:07 | 269,371,507 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/30 11:49:48 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/30 11:47:32 | 000,000,733 | ---- | M] () -- C:\Users\Tran\Desktop\NTREGOPT.lnk
[2010/05/30 11:47:32 | 000,000,714 | ---- | M] () -- C:\Users\Tran\Desktop\ERUNT.lnk
[2010/05/30 11:43:52 | 000,107,120 | ---- | M] () -- C:\Users\Tran\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/30 11:38:33 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/30 11:38:31 | 000,524,288 | -HS- | M] () -- C:\Users\Tran\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/30 11:38:31 | 000,065,536 | -HS- | M] () -- C:\Users\Tran\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/30 11:30:47 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Tran\Desktop\OTL.exe
[2010/05/30 11:30:28 | 000,284,915 | ---- | M] () -- C:\Users\Tran\Desktop\gmer.zip
[2010/05/30 11:29:48 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tran\Desktop\mbam-setup.exe
[2010/05/30 11:24:43 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Tran\Desktop\erunt_setup.exe
[2010/05/30 11:22:30 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Tran\Desktop\TFC.exe
[2010/05/30 04:52:24 | 000,010,443 | ---- | M] () -- C:\Users\Tran\Documents\geeks.docx
[2010/05/30 04:48:26 | 000,000,162 | -H-- | M] () -- C:\Users\Tran\Documents\~$geeks.docx
[2010/05/29 13:18:07 | 000,000,012 | ---- | M] () -- C:\Users\Tran\AppData\Roaming\bpzmnq.dat
[2010/05/27 00:26:10 | 000,011,679 | ---- | M] () -- C:\Users\Tran\Documents\good or evil.docx
[2010/05/26 00:43:06 | 000,013,021 | ---- | M] () -- C:\Users\Tran\Documents\Vote Billy.docx
[2010/05/25 02:38:38 | 000,000,680 | ---- | M] () -- C:\Users\Tran\AppData\Local\d3d9caps.dat
[2010/05/22 01:58:38 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/22 01:58:38 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/22 01:58:38 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/22 01:43:40 | 000,000,162 | -H-- | M] () -- C:\Users\Tran\Documents\~$ria Ngo resume.doc
[2010/05/20 01:33:41 | 000,012,944 | ---- | M] () -- C:\Users\Tran\Documents\FALL 10.docx
[2010/05/19 01:57:48 | 001,036,408 | ---- | M] () -- C:\Users\Tran\Desktop\Book 1 - Twilight.pdf
[2010/05/15 03:41:35 | 000,022,528 | ---- | M] () -- C:\Users\Tran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 23:23:24 | 000,051,048 | ---- | M] () -- C:\Users\Tran\Desktop\PCIQuestionnaire20100513[1].pdf
[2010/05/12 22:59:09 | 000,002,487 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/05/11 02:28:11 | 000,016,313 | ---- | M] () -- C:\Users\Tran\Documents\Make a difference.docx
[2010/05/11 02:27:49 | 000,039,214 | ---- | M] () -- C:\Users\Tran\Documents\report-1.rtf
[2010/05/08 01:12:18 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/06 01:20:10 | 000,015,968 | ---- | M] () -- C:\Users\Tran\Documents\Planned Parenthood.docx
[2010/05/04 18:32:25 | 000,014,482 | ---- | M] () -- C:\Users\Tran\Documents\Ventura Family YMCA.docx
[2010/05/04 00:23:50 | 000,000,162 | -H-- | M] () -- C:\Users\Tran\Desktop\~$ntura Family YMCA.docx
[2010/05/03 00:20:07 | 000,011,233 | ---- | M] () -- C:\Users\Tran\Documents\YMCA Ventura.docx
[2010/05/02 15:43:15 | 005,146,624 | ---- | M] () -- C:\Users\Tran\Desktop\18375747.mp3
[2010/05/02 15:41:00 | 034,451,450 | ---- | M] () -- C:\Users\Tran\Desktop\18375747.mp4
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/21 01:05:54 | 002,213,790 | ---- | M] () -- C:\Users\Tran\Documents\DEH-P5100UB_OperationManual1208.pdf
[2010/04/14 16:17:49 | 000,203,260 | ---- | M] () -- C:\Users\Tran\Documents\StateTaxReturn2009 11001564605430.pdf
[2010/04/07 21:13:47 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/04/01 01:34:31 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/03/27 13:14:14 | 000,026,112 | ---- | M] () -- C:\Users\Tran\Documents\Maria Ngo resume with ref..doc
[2010/03/27 13:02:07 | 000,027,136 | ---- | M] () -- C:\Users\Tran\Documents\Maria Ngo resume.doc
[2010/03/26 10:03:47 | 001,731,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/13 17:59:37 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010/03/11 02:54:08 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

========== Files Created - No Company Name ==========

[2010/05/30 11:49:48 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/30 11:47:32 | 000,000,733 | ---- | C] () -- C:\Users\Tran\Desktop\NTREGOPT.lnk
[2010/05/30 11:47:32 | 000,000,714 | ---- | C] () -- C:\Users\Tran\Desktop\ERUNT.lnk
[2010/05/30 11:30:25 | 000,284,915 | ---- | C] () -- C:\Users\Tran\Desktop\gmer.zip
[2010/05/30 04:48:26 | 000,000,162 | -H-- | C] () -- C:\Users\Tran\Documents\~$geeks.docx
[2010/05/30 04:48:25 | 000,010,443 | ---- | C] () -- C:\Users\Tran\Documents\geeks.docx
[2010/05/30 04:24:53 | 2949,816,320 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/29 13:18:06 | 000,000,012 | ---- | C] () -- C:\Users\Tran\AppData\Roaming\bpzmnq.dat
[2010/05/27 00:26:08 | 000,011,679 | ---- | C] () -- C:\Users\Tran\Documents\good or evil.docx
[2010/05/25 01:34:33 | 000,013,021 | ---- | C] () -- C:\Users\Tran\Documents\Vote Billy.docx
[2010/05/22 01:43:40 | 000,000,162 | -H-- | C] () -- C:\Users\Tran\Documents\~$ria Ngo resume.doc
[2010/05/19 01:57:48 | 001,036,408 | ---- | C] () -- C:\Users\Tran\Desktop\Book 1 - Twilight.pdf
[2010/05/13 23:23:24 | 000,051,048 | ---- | C] () -- C:\Users\Tran\Desktop\PCIQuestionnaire20100513[1].pdf
[2010/05/11 02:28:07 | 000,016,313 | ---- | C] () -- C:\Users\Tran\Documents\Make a difference.docx
[2010/05/11 02:27:46 | 000,039,214 | ---- | C] () -- C:\Users\Tran\Documents\report-1.rtf
[2010/05/08 01:12:18 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/06 01:20:09 | 000,015,968 | ---- | C] () -- C:\Users\Tran\Documents\Planned Parenthood.docx
[2010/05/04 00:23:50 | 000,000,162 | -H-- | C] () -- C:\Users\Tran\Desktop\~$ntura Family YMCA.docx
[2010/05/04 00:23:48 | 000,014,482 | ---- | C] () -- C:\Users\Tran\Documents\Ventura Family YMCA.docx
[2010/05/02 15:42:54 | 005,146,624 | ---- | C] () -- C:\Users\Tran\Desktop\18375747.mp3
[2010/05/02 15:38:42 | 034,451,450 | ---- | C] () -- C:\Users\Tran\Desktop\18375747.mp4
[2010/04/29 07:40:57 | 000,011,233 | ---- | C] () -- C:\Users\Tran\Documents\YMCA Ventura.docx
[2010/04/24 01:43:27 | 000,012,944 | ---- | C] () -- C:\Users\Tran\Documents\FALL 10.docx
[2010/04/21 01:05:54 | 002,213,790 | ---- | C] () -- C:\Users\Tran\Documents\DEH-P5100UB_OperationManual1208.pdf
[2010/04/14 16:17:49 | 000,203,260 | ---- | C] () -- C:\Users\Tran\Documents\StateTaxReturn2009 11001564605430.pdf
[2010/04/07 21:13:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/07 21:00:55 | 000,002,487 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/04/01 01:34:31 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/10/27 10:15:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/03/28 17:19:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/10/27 10:16:55 | 000,000,000 | ---D | M] -- C:\Users\Tran\AppData\Roaming\acccore
[2010/05/24 22:06:58 | 000,000,000 | ---D | M] -- C:\Users\Tran\AppData\Roaming\Avery
[2009/10/22 19:56:49 | 000,000,000 | ---D | M] -- C:\Users\Tran\AppData\Roaming\DigitalPersona
[2010/05/15 03:42:09 | 000,000,000 | ---D | M] -- C:\Users\Tran\AppData\Roaming\FrostWire
[2010/05/30 12:41:55 | 000,000,000 | ---D | M] -- C:\Users\Tran\AppData\Roaming\uTorrent
[2009/12/15 20:56:44 | 000,000,000 | ---D | M] -- C:\Users\Tran\AppData\Roaming\VTExtra
[2010/05/30 11:38:33 | 000,029,260 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/04/30 01:18:05 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/05/30 12:13:10 | 2949,816,320 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/22 19:43:10 | 000,000,368 | -H-- | M] () -- C:\IPH.PH
[2010/05/30 12:13:07 | 3263,606,784 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/03/28 17:19:20 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\System32\ATIDEMGX.dll
[2009/03/08 04:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\dxtmsft.dll
[2009/03/08 04:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\dxtrans.dll
[2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\rsaenh.dll
[2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 20:14:18 | 016,846,848 | ---- | M] () -- C:\WINDOWS\System32\config\COMPONENTS.SAV
[2008/01/20 20:14:08 | 000,106,496 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
[2008/01/20 20:14:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV
< End of report >

[Advertisements]

Did you get an Extras.log when you ran OTL? Please post if you did.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Right click on george and Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus programs at this time :!:

I would uninstall Frostwire. P2P program like utorrent and lim ewire are bad enough but the percentage of infected programs being passed around with Frostfire is so high that I consider it a virus delivery network.

Ron

[RKinner]

Did you get an Extras.log when you ran OTL? Please post if you did.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Right click on george and Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus programs at this time :!:

I would uninstall Frostwire. P2P program like utorrent and lim ewire are bad enough but the percentage of infected programs being passed around with Frostfire is so high that I consider it a virus delivery network.

Ron