Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

BSOD every time PC boots

Started by Gwendolyn85 , May 01 2011 12:31 AM

This topic is locked

#1
Gwendolyn85

Posted 01 May 2011 - 12:31 AM

Member

Member
42 posts

A few hours earlier I suddenly got one of those viruses that disguise themselves as an antivirus (unfortunately I can't remember the name); I promptly used rkill.exe and booted the PC to go to safe mode. When I booted this appeared:

Posted Image

After a couple of seconds it disappeared; I went into safe mode and ran malwarebytes; I found and deleted these files:

c:\Users\Ecristy\AppData\Local\Temp\nsvpjcdiw\hxvbxggxsik.exe (Trojan.FakeAlertRP.Gen) -> Quarantined and deleted successfully.
c:\programdata\alwil software\Avast5\arpot\f4643d3-1190-0.dat (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Ecristy\AppData\Local\Temp\0.23179149104519892.exe (Trojan.FakeAlertRP.Gen) -> Quarantined and deleted successfully.
c:\Users\Ecristy\AppData\Local\Temp\3DBD.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\40F6.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.

And restarted my PC, but the BSOD appeared again and windows wouldn't start at all (only a black screen). I tried running malwarebytes and avast a couple more times, but they didn't find anything.

I tried looking up some solutions and found that maybe the Rustock rootkit was the problem, so I got rustbfix.exe and ran it (again in safe mode since it wouldn't run otherwise), but no rustock rootkit was found. I haven't found an exact solution for these except wipe everything (which would be a pain) so any help is very appreciated.

I also attached the OTL txt file I got after running that program.

Attached Files

OTL.Txt 52.81KB 117 downloads

Edited by Gwendolyn85, 01 May 2011 - 12:32 AM.

#2
Gwendolyn85

Posted 01 May 2011 - 02:22 PM

Member

Topic Starter
Member
42 posts

I tried using Gmer again and this time it found a rootkit or rootkit behavior, but when I use rustbfix.exe it doesn't find anything. I did this according to what I found on this thread:

http://www.geekstogo...ard-infections/

I'm at my wits end on what to do, if anyone could help me I'd be forever grateful.

UPDATE: I had windows on safe mode while doing all this; it suddenly went BSOD and when I tried to just reboot and go into safe mode again, it just shows a black screen (nothing). Now I can't use safe mode.

Edited by Gwendolyn85, 01 May 2011 - 02:28 PM.

#3
Essexboy

Posted 07 May 2011 - 10:20 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi sorry for the delay in getting to you, can you get into any mode at all ?

From the safe mode menu have you tried Last Known Good ?

#4
Gwendolyn85

Posted 07 May 2011 - 01:45 PM

Member

Topic Starter
Member
42 posts

Hi Essexboy, there's no problem I know everyone posts their problems too and I'm grateful for getting help whenever you're available.

Ok I've tried "Last known good configuration" and ran Gmer, and it found a tdl4@mbr code in \Device\Harddisk0\DR0 so I looked up in the forum and found this http://forum.avast.c...p?topic=74709.0
I noticed you helped in that thread too, so I was wondering if I should follow that stuff there?

#5
Essexboy

Posted 07 May 2011 - 01:59 PM

GeekU Moderator

Retired Staff
69,964 posts

OK now you are in lets get to work - each infection is different so I would not recommend that you follow anyone elses thread. I will use the same tools initially though

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

THEN

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#6
Gwendolyn85

Posted 07 May 2011 - 03:32 PM

Member

Topic Starter
Member
42 posts

I made a mistake and clicked "fix mbr" when aswMBR.exe finished running and let the PC reboot, so I'm posting what I got afterwards:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-07 14:04:49
-----------------------------
14:04:49.987 OS Version: Windows 6.0.6000
14:04:49.987 Number of processors: 2 586 0xF0B
14:04:49.988 ComputerName: ECRISTY85-PC UserName: Ecristy85
14:04:51.354 Initialize success
14:04:55.237 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:04:55.239 Disk 0 Vendor: WDC_WD3200AAKS-75VYA0 12.01B02 Size: 305245MB BusType: 3
14:04:57.253 Disk 0 MBR read successfully
14:04:57.255 Disk 0 MBR scan
14:04:57.257 Disk 0 Windows VISTA default MBR code
14:04:59.261 Disk 0 scanning sectors +625139712
14:04:59.299 Disk 0 scanning C:\Windows\system32\drivers
14:05:03.867 Service scanning
14:05:05.913 Disk 0 trace - called modules:
14:05:05.931 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x858181f8]<<
14:05:05.934 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85fbf340]
14:05:05.939 3 ntkrnlpa.exe[830b07e2] -> nt!IofCallDriver -> [0x858dd928]
14:05:05.943 5 acpi.sys[8044332a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85891bb0]
14:05:05.949 \Driver\atapi[0x85858928] -> IRP_MJ_CREATE -> 0x858181f8
14:05:05.955 Scan finished successfully
14:05:15.508 Disk 0 MBR has been saved successfully to "C:\Users\Ecristy85\Desktop\MBR.dat"
14:05:15.513 The log file has been saved successfully to "C:\Users\Ecristy85\Desktop\aswMBR.txt"

------------

This is the OTL (for some reason Extras.txt didn't come out even though I ran OTL twice):

OTL logfile created on: 5/7/2011 2:19:57 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ecristy85\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 75.45 Gb Free Space | 26.19% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.45 Gb Free Space | 44.46% Space Free | Partition Type: NTFS

Computer Name: Ecristy85-PC | User Name: Ecristy85 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 22:42:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ecristy85\Desktop\OTL.exe
PRC - [2011/04/18 10:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/04/18 10:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/03/19 16:27:07 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/20 16:45:58 | 004,767,600 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
PRC - [2010/09/20 16:45:58 | 001,156,976 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
PRC - [2009/09/27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/12/16 04:44:52 | 005,463,552 | ---- | M] (With Force!!) -- C:\Program Files\The KMPlayer\KMPlayer.exe
PRC - [2007/07/22 23:27:00 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/05/25 09:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe

========== Modules (SafeList) ==========

MOD - [2011/04/30 22:42:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ecristy85\Desktop\OTL.exe
MOD - [2011/04/18 10:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2006/11/02 02:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - [2011/04/24 14:56:40 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/18 10:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/20 16:45:58 | 004,767,600 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008/02/15 09:36:06 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/11 07:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/05/25 09:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

========== Driver Services (SafeList) ==========

DRV - [2011/04/18 10:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 10:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 10:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 10:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 10:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/04/18 10:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/15 12:36:06 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/09/27 16:12:21 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/21 15:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/06/19 01:02:47 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/01/20 00:07:58 | 000,033,292 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/08/23 16:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/06/20 23:09:08 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/03/11 12:12:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUSB54GCx86.sys -- (netr73)
DRV - [2007/02/16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/08 06:45:00 | 000,029,184 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ActionReplayDS.sys -- (ActionReplayDS)
DRV - [2006/12/18 17:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006/10/05 14:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3798291978-1585835447-2024728025-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=2080215
IE - HKU\S-1-5-21-3798291978-1585835447-2024728025-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.g...smb&ibd=2080215
IE - HKU\S-1-5-21-3798291978-1585835447-2024728025-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3798291978-1585835447-2024728025-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3798291978-1585835447-2024728025-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 51152
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 04:00:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 04:00:40 | 000,000,000 | ---D | M]

[2011/03/25 04:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ecristy85\AppData\Roaming\Mozilla\Extensions
[2011/04/14 23:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ecristy85\AppData\Roaming\Mozilla\Firefox\Profiles\b1avgx15.default\extensions
[2011/03/25 04:10:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ecristy85\AppData\Roaming\Mozilla\Firefox\Profiles\b1avgx15.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/25 19:47:56 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Ecristy85\AppData\Roaming\Mozilla\Firefox\Profiles\b1avgx15.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/03/25 19:17:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ecristy85\AppData\Roaming\Mozilla\Firefox\Profiles\b1avgx15.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/25 04:33:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ecristy85\AppData\Roaming\Mozilla\Firefox\Profiles\b1avgx15.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/25 04:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/25 04:35:50 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/10/02 12:58:00 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2008/01/22 23:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKU\S-1-5-21-3798291978-1585835447-2024728025-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ISUSScheduler] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3798291978-1585835447-2024728025-1000..\Run: [AdobeBridge] File not found
O8 - Extra context menu item: &Translate with ATLAS - C:\Program Files\ATLAS V14\atlscript.html ()
O8 - Extra context menu item: ATLAS Translation &Editor - C:\Program Files\ATLAS V14\AtlscriptEdit.html ()
O9 - Extra Button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files\ATLAS V14\atlscript.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ecristy85\AppData\Roaming\ACD Systems\ACDSee\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Ecristy85\AppData\Roaming\ACD Systems\ACDSee\ACD Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0361f604-e32e-11dc-8407-001d09847d6b}\Shell - "" = AutoRun
O33 - MountPoints2\{0361f604-e32e-11dc-8407-001d09847d6b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{43b4ec25-0936-11e0-9e8d-001d09847d6b}\Shell\AutoRun\command - "" = Setup.exe
O33 - MountPoints2\{4dcf11b5-90bd-11dd-85dc-001d09847d6b}\Shell\AutoRun\command - "" = G:\wd_windows_tools\setup.exe
O33 - MountPoints2\{67246a36-141c-11de-a134-001d09847d6b}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{67246a36-141c-11de-a134-001d09847d6b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
O33 - MountPoints2\{6ed0d415-25ab-11e0-a2cd-001d09847d6b}\Shell\AutoRun\command - "" = H:\SecureII\Windows\SecureII.exe
O33 - MountPoints2\{a89d5780-e527-11df-a7aa-001d09847d6b}\Shell\AutoRun\command - "" = J:\wd_windows_tools\WDEULA.exe
O33 - MountPoints2\{bc2488d1-7c27-11de-ba5a-001d09847d6b}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{bc2488d1-7c27-11de-ba5a-001d09847d6b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
O33 - MountPoints2\{e0a424b3-eb2d-11dc-af41-001d09847d6b}\Shell\AutoRun\command - "" = bi
O33 - MountPoints2\H\Shell\AutoRun\command - "" = Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3798291978-1585835447-2024728025-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 13:52:58 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/07 12:45:08 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Ecristy85\Desktop\aswMBR.exe
[2011/05/06 09:19:16 | 000,100,480 | ---- | C] (GMER) -- C:\uxlyapog.sys
[2011/05/01 13:19:12 | 000,000,000 | ---D | C] -- C:\Rustbfix
[2011/04/30 22:51:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Ecristy85\Desktop\OTL.exe
[2011/04/28 21:45:15 | 000,000,000 | ---D | C] -- C:\Users\Ecristy85\Documents\Adobe Scripts
[2011/04/25 00:22:58 | 000,000,000 | ---D | C] -- C:\Users\Ecristy85\Desktop\mdkpck
[2011/04/24 14:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2011/04/20 22:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\ScummVM
[2011/04/13 18:52:29 | 000,000,000 | ---D | C] -- C:\Users\Ecristy85\Desktop\Legend of Zelda, The - The Minish Cap
[2011/04/07 20:35:27 | 000,000,000 | ---D | C] -- C:\Users\Ecristy85\Desktop\momo
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/07 14:05:15 | 000,000,512 | ---- | M] () -- C:\Users\Ecristy85\Desktop\MBR.dat
[2011/05/07 14:04:44 | 000,627,090 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/07 14:04:44 | 000,110,236 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/07 13:55:47 | 000,162,058 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/07 13:55:15 | 000,162,058 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/07 13:54:49 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/07 13:54:49 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/07 13:54:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/07 13:54:38 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/07 13:53:58 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/07 13:52:58 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/07 12:43:40 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Ecristy85\Desktop\aswMBR.exe
[2011/05/07 11:45:22 | 003,834,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/07 11:41:56 | 416,964,112 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/06 09:19:16 | 000,100,480 | ---- | M] (GMER) -- C:\uxlyapog.sys
[2011/04/30 22:44:02 | 000,009,160 | ---- | M] () -- C:\Users\Ecristy85\AppData\Local\d3d9caps.dat
[2011/04/30 22:42:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ecristy85\Desktop\OTL.exe
[2011/04/26 21:21:51 | 000,077,824 | ---- | M] () -- C:\Users\Ecristy85\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/20 22:14:41 | 000,000,296 | ---- | M] () -- C:\Windows\scummvm.ini
[2011/04/18 10:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/18 10:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/04/18 10:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/18 10:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/18 10:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/18 10:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/18 10:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/18 10:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/04/09 23:32:22 | 000,005,394 | -HS- | M] () -- C:\Users\Ecristy85\AppData\Local\ir806823nm0e02u0748c4iw4onj73w34x6m56pw625
[2011/04/09 23:32:22 | 000,005,394 | -HS- | M] () -- C:\ProgramData\ir806823nm0e02u0748c4iw4onj73w34x6m56pw625
[2011/04/09 23:31:18 | 000,015,802 | ---- | M] () -- C:\Users\Ecristy85\AppData\Roaming\9998.D5C
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/07 14:05:15 | 000,000,512 | ---- | C] () -- C:\Users\Ecristy85\Desktop\MBR.dat
[2011/05/07 11:43:19 | 2145,570,816 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/20 22:05:40 | 000,000,296 | ---- | C] () -- C:\Windows\scummvm.ini
[2011/04/09 23:31:26 | 000,005,394 | -HS- | C] () -- C:\Users\Ecristy85\AppData\Local\ir806823nm0e02u0748c4iw4onj73w34x6m56pw625
[2011/04/09 23:31:26 | 000,005,394 | -HS- | C] () -- C:\ProgramData\ir806823nm0e02u0748c4iw4onj73w34x6m56pw625
[2010/12/15 01:04:37 | 000,000,000 | ---- | C] () -- C:\Windows\FlipBook.INI
[2010/12/08 01:22:46 | 000,015,802 | ---- | C] () -- C:\Users\Ecristy85\AppData\Roaming\9998.D5C
[2010/10/01 18:24:52 | 000,162,058 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/10/01 18:24:52 | 000,162,058 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/09/22 23:50:03 | 000,000,600 | ---- | C] () -- C:\Users\Ecristy85\AppData\Local\PUTTY.RND
[2010/09/01 21:12:17 | 000,000,256 | -H-- | C] () -- C:\Windows\System32\LTAW14FN.BIN
[2010/09/01 21:12:17 | 000,000,256 | -H-- | C] () -- C:\Windows\System32\FJLTAFOU.BIN
[2010/07/09 23:54:04 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/07/09 23:54:03 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/07/09 23:54:01 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/07/09 23:54:01 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/07/09 23:54:00 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/04/24 21:15:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/03/30 23:10:56 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/03/30 23:10:56 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/03/30 23:10:56 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/03/30 23:10:55 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/03/16 23:47:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/03/16 23:05:06 | 000,000,022 | ---- | C] () -- C:\Windows\pspvc_path.ini
[2009/01/26 23:32:49 | 000,000,094 | ---- | C] () -- C:\Users\Ecristy85\AppData\Local\fusioncache.dat
[2008/09/22 21:56:25 | 000,127,767 | ---- | C] () -- C:\Windows\hpgins24.dat.temp
[2008/09/22 21:56:25 | 000,000,308 | ---- | C] () -- C:\Windows\hpgmdl24.dat.temp
[2008/09/22 20:42:08 | 000,127,762 | ---- | C] () -- C:\Windows\hpgins24.dat
[2008/09/22 20:42:08 | 000,000,308 | ---- | C] () -- C:\Windows\hpgmdl24.dat
[2008/08/22 23:32:45 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2008/08/22 23:32:45 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2008/08/22 23:32:45 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2008/08/22 23:32:45 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2008/07/25 22:55:06 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/05/12 18:53:16 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/05/12 18:50:08 | 000,831,488 | ---- | C] () -- C:\Windows\System32\divx_xx0a.dll
[2008/05/12 18:49:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/04/18 23:11:21 | 000,022,328 | ---- | C] () -- C:\Users\Ecristy85\AppData\Roaming\PnkBstrK.sys
[2008/03/23 14:51:51 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2008/03/07 11:30:02 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/03/07 11:30:02 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\B23C669194.sys
[2008/02/25 23:50:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/25 22:09:41 | 000,001,361 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2008/02/24 16:23:54 | 000,009,160 | ---- | C] () -- C:\Users\Ecristy85\AppData\Local\d3d9caps.dat
[2008/02/23 13:54:00 | 000,077,824 | ---- | C] () -- C:\Users\Ecristy85\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/15 09:41:57 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/02/15 09:41:57 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2008/02/15 09:41:57 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/02/15 09:41:56 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/02/15 01:58:58 | 000,000,859 | ---- | C] () -- C:\Windows\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2006/11/10 15:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 21:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 05:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:44:53 | 003,834,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 03:33:01 | 000,627,090 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,110,236 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 00:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 00:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/03/18 06:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\System32\x264vfw.dll

========== LOP Check ==========

[2008/02/24 16:33:04 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\ACD Systems
[2010/02/22 23:44:18 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\calibre
[2010/09/15 00:50:35 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/17 21:13:29 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\DAEMON Tools
[2010/05/14 21:54:52 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\Downloaded Installations
[2010/12/08 00:51:06 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\FileZilla
[2010/09/01 21:12:41 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\Fujitsu
[2009/02/09 00:07:33 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\GetRightToGo
[2008/09/26 11:22:54 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\Image Zone Express
[2011/03/12 17:08:46 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\Leawo
[2008/06/11 12:53:57 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\Lost Marble
[2010/05/06 22:05:49 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\LucasArts
[2011/01/07 13:30:28 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\mkvtoolnix
[2011/03/12 17:08:49 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\Moyea
[2009/09/11 01:41:12 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\Mp3tag
[2010/07/30 23:10:22 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\ONScripter-En
[2009/02/09 00:58:47 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\OpenOffice.org
[2011/03/25 01:24:33 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\Opera
[2008/09/22 20:56:53 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\Printer Info Cache
[2011/03/08 01:17:59 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\REMEMBER11
[2009/04/29 16:21:48 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\RenPy
[2009/06/12 22:58:22 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\ScummVM
[2010/09/21 21:11:15 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/09/05 19:13:38 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\TAGIRI
[2011/04/30 12:36:02 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\uTorrent
[2011/05/07 13:53:58 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 20:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/02/15 09:35:43 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/02/15 09:35:43 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/27 19:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 02:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 00:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 02:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006/11/02 02:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 00:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 00:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 02:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 02:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/11/02 02:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 02:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 00:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/19 16:27:03 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/19 16:27:03 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/19 16:27:03 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/19 16:27:07 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/19 16:27:07 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/19 16:27:07 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/03/09 07:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/03/09 07:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/03/09 07:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/03/09 09:56:18 | 000,634,648 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011/03/25 04:15:57 | 000,943,472 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011/03/25 04:15:57 | 000,943,472 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011/03/25 04:15:57 | 000,943,472 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011/03/25 04:15:57 | 000,943,472 | ---- | M] (Opera Software)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/19 16:27:03 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/19 16:27:03 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/19 16:27:03 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/19 16:27:07 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/19 16:27:07 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/19 16:27:07 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/03/09 07:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/03/09 07:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/03/09 07:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/03/09 09:56:18 | 000,634,648 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011/03/25 04:15:57 | 000,943,472 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011/03/25 04:15:57 | 000,943,472 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011/03/25 04:15:57 | 000,943,472 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011/03/25 04:15:57 | 000,943,472 | ---- | M] (Opera Software)

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:62E2D794

< End of report >

#7
Essexboy

Posted 07 May 2011 - 03:44 PM

GeekU Moderator

Retired Staff
69,964 posts

Ok probably not a disaster

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-21-3798291978-1585835447-2024728025-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 51152
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKU\S-1-5-21-3798291978-1585835447-2024728025-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
[2011/04/09 23:32:22 | 000,005,394 | -HS- | M] () -- C:\Users\Ecristy85\AppData\Local\ir806823nm0e02u0748c4iw4onj73w34x6m56pw625
[2011/04/09 23:32:22 | 000,005,394 | -HS- | M] () -- C:\ProgramData\ir806823nm0e02u0748c4iw4onj73w34x6m56pw625
[2011/04/09 23:31:18 | 000,015,802 | ---- | M] () -- C:\Users\Ecristy85\AppData\Roaming\9998.D5C

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#8
Gwendolyn85

Posted 07 May 2011 - 04:03 PM

Member

Topic Starter
Member
42 posts

I tried running OTL after copy pasting the text you gave me, but for some reason everything in the desktop disappears (I can only see the OTL window and my desktop image) and OTL stops working. I've tried it a couple of times; should I click something else maybe?

#9
Essexboy

Posted 07 May 2011 - 04:06 PM

GeekU Moderator

Retired Staff
69,964 posts

OTL will close down all programmes except itself whilst it runs - this is to stop interference.. If you have a lot of temporary files it may take up to ten minutes to run as it clears them all

If after 10 minutes or so it still appears to have become unresponsive then using control+Alt+delete bring up the task manager and end OTL then reboot and continue with the next stage please

#10
Gwendolyn85

Posted 07 May 2011 - 04:52 PM

Member

Topic Starter
Member
42 posts

Here's my next OTL.txt:

OTL logfile created on: 5/7/2011 3:35:11 PM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ecristy85\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 97.64 Gb Free Space | 33.90% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.45 Gb Free Space | 44.46% Space Free | Partition Type: NTFS

Computer Name: ECRISTY85-PC | User Name: Ecristy85 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 22:42:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ecristy85\Desktop\OTL.exe
PRC - [2011/04/18 10:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/04/18 10:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/03/19 16:27:07 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/20 16:45:58 | 004,767,600 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
PRC - [2010/09/20 16:45:58 | 001,156,976 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
PRC - [2009/09/27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/07/22 23:27:00 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/05/25 09:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe

========== Modules (SafeList) ==========

MOD - [2011/04/30 22:42:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ecristy85\Desktop\OTL.exe
MOD - [2011/04/18 10:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2006/11/02 02:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - [2011/04/24 14:56:40 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/18 10:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/20 16:45:58 | 004,767,600 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008/02/15 09:36:06 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/11 07:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/05/25 09:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

========== Driver Services (SafeList) ==========

DRV - [2011/04/18 10:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 10:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 10:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 10:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 10:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/04/18 10:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/15 12:36:06 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/09/27 16:12:21 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/21 15:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/06/19 01:02:47 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/01/20 00:07:58 | 000,033,292 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/08/23 16:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/06/20 23:09:08 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/03/11 12:12:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUSB54GCx86.sys -- (netr73)
DRV - [2007/02/16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/08 06:45:00 | 000,029,184 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ActionReplayDS.sys -- (ActionReplayDS)
DRV - [2006/12/18 17:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006/10/05 14:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=2080215
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.g...smb&ibd=2080215
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 04:00:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 04:00:40 | 000,000,000 | ---D | M]

[2011/03/25 04:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ecristy85\AppData\Roaming\Mozilla\Extensions
[2011/04/14 23:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ecristy85\AppData\Roaming\Mozilla\Firefox\Profiles\b1avgx15.default\extensions
[2011/03/25 04:10:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ecristy85\AppData\Roaming\Mozilla\Firefox\Profiles\b1avgx15.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/25 19:47:56 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Ecristy85\AppData\Roaming\Mozilla\Firefox\Profiles\b1avgx15.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/03/25 19:17:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ecristy85\AppData\Roaming\Mozilla\Firefox\Profiles\b1avgx15.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/25 04:33:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ecristy85\AppData\Roaming\Mozilla\Firefox\Profiles\b1avgx15.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/25 04:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/25 04:35:50 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/10/02 12:58:00 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2008/01/22 23:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2011/05/07 15:07:49 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ISUSScheduler] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O8 - Extra context menu item: &Translate with ATLAS - C:\Program Files\ATLAS V14\atlscript.html ()
O8 - Extra context menu item: ATLAS Translation &Editor - C:\Program Files\ATLAS V14\AtlscriptEdit.html ()
O9 - Extra Button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files\ATLAS V14\atlscript.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ecristy85\AppData\Roaming\ACD Systems\ACDSee\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Ecristy85\AppData\Roaming\ACD Systems\ACDSee\ACD Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0361f604-e32e-11dc-8407-001d09847d6b}\Shell - "" = AutoRun
O33 - MountPoints2\{0361f604-e32e-11dc-8407-001d09847d6b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{43b4ec25-0936-11e0-9e8d-001d09847d6b}\Shell\AutoRun\command - "" = Setup.exe
O33 - MountPoints2\{4dcf11b5-90bd-11dd-85dc-001d09847d6b}\Shell\AutoRun\command - "" = G:\wd_windows_tools\setup.exe
O33 - MountPoints2\{67246a36-141c-11de-a134-001d09847d6b}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{67246a36-141c-11de-a134-001d09847d6b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
O33 - MountPoints2\{6ed0d415-25ab-11e0-a2cd-001d09847d6b}\Shell\AutoRun\command - "" = H:\SecureII\Windows\SecureII.exe
O33 - MountPoints2\{a89d5780-e527-11df-a7aa-001d09847d6b}\Shell\AutoRun\command - "" = J:\wd_windows_tools\WDEULA.exe
O33 - MountPoints2\{bc2488d1-7c27-11de-ba5a-001d09847d6b}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{bc2488d1-7c27-11de-ba5a-001d09847d6b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
O33 - MountPoints2\{e0a424b3-eb2d-11dc-af41-001d09847d6b}\Shell\AutoRun\command - "" = bi
O33 - MountPoints2\H\Shell\AutoRun\command - "" = Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 14:46:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/07 13:52:58 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/07 12:45:08 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Ecristy85\Desktop\aswMBR.exe
[2011/05/06 09:19:16 | 000,100,480 | ---- | C] (GMER) -- C:\uxlyapog.sys
[2011/05/01 13:19:12 | 000,000,000 | ---D | C] -- C:\Rustbfix
[2011/04/30 22:51:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Ecristy85\Desktop\OTL.exe
[2011/04/28 21:45:15 | 000,000,000 | ---D | C] -- C:\Users\Ecristy85\Documents\Adobe Scripts
[2011/04/25 00:22:58 | 000,000,000 | ---D | C] -- C:\Users\Ecristy85\Desktop\mdkpck
[2011/04/24 14:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2011/04/20 22:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\ScummVM
[2011/04/13 18:52:29 | 000,000,000 | ---D | C] -- C:\Users\Ecristy85\Desktop\Legend of Zelda, The - The Minish Cap
[2011/04/07 20:35:27 | 000,000,000 | ---D | C] -- C:\Users\Ecristy85\Desktop\momo

========== Files - Modified Within 30 Days ==========

[2011/05/07 15:35:36 | 001,280,815 | ---- | M] () -- C:\Users\Ecristy85\Desktop\tdsskiller.zip
[2011/05/07 15:32:23 | 000,162,058 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/07 15:31:18 | 000,162,058 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/07 15:31:15 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/07 15:31:15 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/07 15:31:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/07 15:31:04 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/07 15:30:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/07 15:07:49 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/07 15:03:36 | 000,627,090 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/07 15:03:36 | 000,110,236 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/07 13:52:58 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/07 12:43:40 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Ecristy85\Desktop\aswMBR.exe
[2011/05/07 11:45:22 | 003,834,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/07 11:41:56 | 416,964,112 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/06 09:19:16 | 000,100,480 | ---- | M] (GMER) -- C:\uxlyapog.sys
[2011/04/30 22:44:02 | 000,009,160 | ---- | M] () -- C:\Users\Ecristy85\AppData\Local\d3d9caps.dat
[2011/04/30 22:42:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ecristy85\Desktop\OTL.exe
[2011/04/26 21:21:51 | 000,077,824 | ---- | M] () -- C:\Users\Ecristy85\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/20 22:14:41 | 000,000,296 | ---- | M] () -- C:\Windows\scummvm.ini
[2011/04/18 10:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/18 10:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/04/18 10:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/18 10:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/18 10:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/18 10:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/18 10:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/18 10:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/04/09 23:32:22 | 000,005,394 | -HS- | M] () -- C:\Users\Ecristy85\AppData\Local\ir806823nm0e02u0748c4iw4onj73w34x6m56pw625
[2011/04/09 23:31:18 | 000,015,802 | ---- | M] () -- C:\Users\Ecristy85\AppData\Roaming\9998.D5C

========== Files Created - No Company Name ==========

[2011/05/07 15:35:21 | 001,280,815 | ---- | C] () -- C:\Users\Ecristy85\Desktop\tdsskiller.zip
[2011/05/07 11:43:19 | 2145,570,816 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/20 22:05:40 | 000,000,296 | ---- | C] () -- C:\Windows\scummvm.ini
[2011/04/09 23:31:26 | 000,005,394 | -HS- | C] () -- C:\Users\Ecristy85\AppData\Local\ir806823nm0e02u0748c4iw4onj73w34x6m56pw625
[2010/12/15 01:04:37 | 000,000,000 | ---- | C] () -- C:\Windows\FlipBook.INI
[2010/12/08 01:22:46 | 000,015,802 | ---- | C] () -- C:\Users\Ecristy85\AppData\Roaming\9998.D5C
[2010/10/01 18:24:52 | 000,162,058 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/10/01 18:24:52 | 000,162,058 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/09/22 23:50:03 | 000,000,600 | ---- | C] () -- C:\Users\Ecristy85\AppData\Local\PUTTY.RND
[2010/09/01 21:12:17 | 000,000,256 | -H-- | C] () -- C:\Windows\System32\LTAW14FN.BIN
[2010/09/01 21:12:17 | 000,000,256 | -H-- | C] () -- C:\Windows\System32\FJLTAFOU.BIN
[2010/07/09 23:54:04 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/07/09 23:54:03 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/07/09 23:54:01 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/07/09 23:54:01 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/07/09 23:54:00 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/04/24 21:15:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/03/30 23:10:56 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/03/30 23:10:56 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/03/30 23:10:56 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/03/30 23:10:55 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/03/16 23:47:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/03/16 23:05:06 | 000,000,022 | ---- | C] () -- C:\Windows\pspvc_path.ini
[2009/01/26 23:32:49 | 000,000,094 | ---- | C] () -- C:\Users\Ecristy85\AppData\Local\fusioncache.dat
[2008/09/22 21:56:25 | 000,127,767 | ---- | C] () -- C:\Windows\hpgins24.dat.temp
[2008/09/22 21:56:25 | 000,000,308 | ---- | C] () -- C:\Windows\hpgmdl24.dat.temp
[2008/09/22 20:42:08 | 000,127,762 | ---- | C] () -- C:\Windows\hpgins24.dat
[2008/09/22 20:42:08 | 000,000,308 | ---- | C] () -- C:\Windows\hpgmdl24.dat
[2008/08/22 23:32:45 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2008/08/22 23:32:45 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2008/08/22 23:32:45 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2008/08/22 23:32:45 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2008/07/25 22:55:06 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/05/12 18:53:16 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/05/12 18:50:08 | 000,831,488 | ---- | C] () -- C:\Windows\System32\divx_xx0a.dll
[2008/05/12 18:49:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/04/18 23:11:21 | 000,022,328 | ---- | C] () -- C:\Users\Ecristy85\AppData\Roaming\PnkBstrK.sys
[2008/03/23 14:51:51 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2008/03/07 11:30:02 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/03/07 11:30:02 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\B23C669194.sys
[2008/02/25 23:50:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/25 22:09:41 | 000,001,361 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2008/02/24 16:23:54 | 000,009,160 | ---- | C] () -- C:\Users\Ecristy85\AppData\Local\d3d9caps.dat
[2008/02/23 13:54:00 | 000,077,824 | ---- | C] () -- C:\Users\Ecristy85\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/15 09:41:57 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/02/15 09:41:57 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2008/02/15 09:41:57 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/02/15 09:41:56 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/02/15 01:58:58 | 000,000,859 | ---- | C] () -- C:\Windows\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2006/11/10 15:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 21:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 05:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:44:53 | 003,834,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 03:33:01 | 000,627,090 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,110,236 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 00:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 00:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/03/18 06:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\System32\x264vfw.dll

========== LOP Check ==========

[2008/02/24 16:33:04 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\ACD Systems
[2010/02/22 23:44:18 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\calibre
[2010/09/15 00:50:35 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/17 21:13:29 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\DAEMON Tools
[2010/05/14 21:54:52 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\Downloaded Installations
[2010/12/08 00:51:06 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\FileZilla
[2010/09/01 21:12:41 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\Fujitsu
[2009/02/09 00:07:33 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\GetRightToGo
[2008/09/26 11:22:54 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\Image Zone Express
[2011/03/12 17:08:46 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\Leawo
[2008/06/11 12:53:57 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\Lost Marble
[2010/05/06 22:05:49 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\LucasArts
[2011/01/07 13:30:28 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\mkvtoolnix
[2011/03/12 17:08:49 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\Moyea
[2009/09/11 01:41:12 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\Mp3tag
[2010/07/30 23:10:22 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\ONScripter-En
[2009/02/09 00:58:47 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\OpenOffice.org
[2011/03/25 01:24:33 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\Opera
[2008/09/22 20:56:53 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\Printer Info Cache
[2011/03/08 01:17:59 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\REMEMBER11
[2009/04/29 16:21:48 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\RenPy
[2009/06/12 22:58:22 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\ScummVM
[2010/09/21 21:11:15 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/09/05 19:13:38 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\TAGIRI
[2011/04/30 12:36:02 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming\uTorrent
[2011/05/07 15:30:23 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:62E2D794

< End of report >

-----------------------------------

And this is the TDSSKiller report (I found one suspicious file and wasn't asked to reboot):

2011/05/07 15:47:49.0018 0580 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/07 15:47:49.0564 0580 ================================================================================
2011/05/07 15:47:49.0564 0580 SystemInfo:
2011/05/07 15:47:49.0564 0580
2011/05/07 15:47:49.0564 0580 OS Version: 6.0.6000 ServicePack: 0.0
2011/05/07 15:47:49.0564 0580 Product type: Workstation
2011/05/07 15:47:49.0564 0580 ComputerName: ECRISTY85-PC
2011/05/07 15:47:49.0564 0580 UserName: Ecristy85
2011/05/07 15:47:49.0564 0580 Windows directory: C:\Windows
2011/05/07 15:47:49.0564 0580 System windows directory: C:\Windows
2011/05/07 15:47:49.0564 0580 Processor architecture: Intel x86
2011/05/07 15:47:49.0564 0580 Number of processors: 2
2011/05/07 15:47:49.0564 0580 Page size: 0x1000
2011/05/07 15:47:49.0564 0580 Boot type: Normal boot
2011/05/07 15:47:49.0564 0580 ================================================================================
2011/05/07 15:47:49.0829 0580 Initialize success
2011/05/07 15:47:51.0982 2304 ================================================================================
2011/05/07 15:47:51.0982 2304 Scan started
2011/05/07 15:47:51.0982 2304 Mode: Manual;
2011/05/07 15:47:51.0982 2304 ================================================================================
2011/05/07 15:47:52.0933 2304 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/05/07 15:47:53.0011 2304 ActionReplayDS (f35b5d0cc142b87e687fc504baa69d82) C:\Windows\system32\Drivers\ActionReplayDS.sys
2011/05/07 15:47:53.0058 2304 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/07 15:47:53.0152 2304 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/07 15:47:53.0230 2304 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/07 15:47:53.0261 2304 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/07 15:47:53.0308 2304 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/05/07 15:47:53.0370 2304 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/05/07 15:47:53.0433 2304 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/07 15:47:53.0495 2304 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
2011/05/07 15:47:53.0526 2304 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/05/07 15:47:53.0542 2304 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
2011/05/07 15:47:53.0573 2304 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/07 15:47:53.0604 2304 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/05/07 15:47:53.0635 2304 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/07 15:47:53.0651 2304 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/07 15:47:53.0698 2304 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\Windows\system32\drivers\aswFsBlk.sys
2011/05/07 15:47:53.0729 2304 aswMonFlt (a80fb17ce4ed7af4a5f24aaa753e4168) C:\Windows\system32\drivers\aswMonFlt.sys
2011/05/07 15:47:53.0745 2304 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\Windows\system32\drivers\aswRdr.sys
2011/05/07 15:47:53.0838 2304 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\Windows\system32\drivers\aswSnx.sys
2011/05/07 15:47:53.0885 2304 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\Windows\system32\drivers\aswSP.sys
2011/05/07 15:47:53.0916 2304 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\Windows\system32\drivers\aswTdi.sys
2011/05/07 15:47:53.0947 2304 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/07 15:47:53.0979 2304 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
2011/05/07 15:47:54.0010 2304 athr (6046a55f79de9c581b8d5e9c1366cc81) C:\Windows\system32\DRIVERS\athr.sys
2011/05/07 15:47:54.0072 2304 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/05/07 15:47:54.0150 2304 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/07 15:47:54.0166 2304 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/07 15:47:54.0213 2304 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/07 15:47:54.0322 2304 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/07 15:47:54.0447 2304 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/07 15:47:54.0525 2304 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/07 15:47:54.0556 2304 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/07 15:47:54.0603 2304 BthEnum (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/07 15:47:54.0634 2304 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/07 15:47:54.0665 2304 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/07 15:47:54.0712 2304 BTHPORT (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
2011/05/07 15:47:54.0790 2304 BTHUSB (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/07 15:47:54.0805 2304 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/07 15:47:54.0821 2304 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/07 15:47:54.0852 2304 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/07 15:47:54.0883 2304 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/05/07 15:47:54.0946 2304 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
2011/05/07 15:47:54.0977 2304 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
2011/05/07 15:47:54.0993 2304 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/07 15:47:55.0024 2304 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/07 15:47:55.0071 2304 datunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\datunidr.sys
2011/05/07 15:47:55.0086 2304 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/05/07 15:47:55.0117 2304 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/05/07 15:47:55.0164 2304 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/05/07 15:47:55.0195 2304 DXGKrnl (b95202efd0464d226e7542c1e319c028) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/07 15:47:55.0305 2304 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/05/07 15:47:55.0476 2304 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/07 15:47:55.0601 2304 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/05/07 15:47:55.0632 2304 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/07 15:47:55.0663 2304 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/05/07 15:47:55.0695 2304 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/07 15:47:55.0710 2304 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/05/07 15:47:55.0741 2304 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/05/07 15:47:55.0757 2304 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/07 15:47:55.0788 2304 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/05/07 15:47:55.0819 2304 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/07 15:47:55.0835 2304 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/07 15:47:55.0866 2304 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/07 15:47:55.0882 2304 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/07 15:47:55.0913 2304 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/07 15:47:55.0929 2304 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/07 15:47:55.0975 2304 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/07 15:47:56.0007 2304 HTTP (3c3cba3ce1a66439a960d4531a167c39) C:\Windows\system32\drivers\HTTP.sys
2011/05/07 15:47:56.0038 2304 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/07 15:47:56.0069 2304 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/07 15:47:56.0116 2304 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
2011/05/07 15:47:56.0147 2304 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/07 15:47:56.0225 2304 igfx (bbace0293b73bf8c7cb591f2d06f26fa) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/07 15:47:56.0256 2304 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/07 15:47:56.0428 2304 IntcAzAudAddService (dad53c5474d888a663699a433d997386) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/07 15:47:56.0475 2304 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/07 15:47:56.0490 2304 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/07 15:47:56.0521 2304 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/07 15:47:56.0599 2304 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/07 15:47:56.0724 2304 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/07 15:47:56.0787 2304 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/05/07 15:47:56.0818 2304 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/05/07 15:47:56.0849 2304 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/07 15:47:56.0880 2304 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/07 15:47:56.0896 2304 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/07 15:47:56.0927 2304 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/07 15:47:56.0958 2304 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/07 15:47:57.0036 2304 klmdb (1b6711fc4a184b4c2a2131289db3a2e0) C:\Windows\system32\drivers\klmdb.sys
2011/05/07 15:47:57.0083 2304 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/07 15:47:57.0145 2304 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/07 15:47:57.0192 2304 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/07 15:47:57.0208 2304 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/07 15:47:57.0239 2304 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/07 15:47:57.0270 2304 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/05/07 15:47:57.0301 2304 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/07 15:47:57.0317 2304 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/05/07 15:47:57.0348 2304 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/07 15:47:57.0379 2304 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/07 15:47:57.0411 2304 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/07 15:47:57.0426 2304 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/05/07 15:47:57.0457 2304 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/07 15:47:57.0504 2304 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/07 15:47:57.0551 2304 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/07 15:47:57.0598 2304 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/05/07 15:47:57.0629 2304 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/07 15:47:57.0660 2304 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/07 15:47:57.0738 2304 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/07 15:47:57.0832 2304 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
2011/05/07 15:47:57.0847 2304 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/07 15:47:57.0894 2304 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/05/07 15:47:57.0925 2304 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
2011/05/07 15:47:57.0957 2304 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/07 15:47:57.0972 2304 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/07 15:47:57.0988 2304 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/05/07 15:47:58.0019 2304 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/05/07 15:47:58.0035 2304 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/07 15:47:58.0050 2304 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/05/07 15:47:58.0081 2304 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/05/07 15:47:58.0113 2304 NativeWifiP (1d162e52fb691eb555a476b04b4bff3f) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/07 15:47:58.0144 2304 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/05/07 15:47:58.0175 2304 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/07 15:47:58.0191 2304 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/07 15:47:58.0206 2304 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/07 15:47:58.0222 2304 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/05/07 15:47:58.0237 2304 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/07 15:47:58.0269 2304 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/07 15:47:58.0315 2304 netr73 (757f999aa72b55780ee810d4cd1bdd47) C:\Windows\system32\DRIVERS\WUSB54GCx86.sys
2011/05/07 15:47:58.0347 2304 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/07 15:47:58.0362 2304 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/05/07 15:47:58.0393 2304 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/07 15:47:58.0440 2304 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/05/07 15:47:58.0471 2304 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/07 15:47:58.0487 2304 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/05/07 15:47:58.0783 2304 nvlddmkm (8b75f652726a2ba3197860f300514e3f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/07 15:47:58.0846 2304 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/07 15:47:58.0861 2304 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/07 15:47:58.0908 2304 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/05/07 15:47:58.0955 2304 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/07 15:47:58.0986 2304 Packet (8f856dae19383bd69db444004d5d4f50) C:\Windows\system32\DRIVERS\packet.sys
2011/05/07 15:47:59.0017 2304 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/07 15:47:59.0033 2304 partmgr (84be786f33fdbd8765e05df3b7f5b9e6) C:\Windows\system32\drivers\partmgr.sys
2011/05/07 15:47:59.0064 2304 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/07 15:47:59.0080 2304 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
2011/05/07 15:47:59.0111 2304 pciide (b2fc76090ef1003463ccb07cabb35cff) C:\Windows\system32\drivers\pciide.sys
2011/05/07 15:47:59.0127 2304 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/07 15:47:59.0173 2304 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/07 15:47:59.0236 2304 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/07 15:47:59.0251 2304 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/07 15:47:59.0298 2304 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/07 15:47:59.0345 2304 PTproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys
2011/05/07 15:47:59.0392 2304 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/07 15:47:59.0423 2304 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/07 15:47:59.0501 2304 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/07 15:47:59.0829 2304 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/07 15:47:59.0875 2304 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/07 15:47:59.0907 2304 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/07 15:47:59.0938 2304 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/07 15:47:59.0969 2304 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/07 15:47:59.0985 2304 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/07 15:48:00.0031 2304 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2011/05/07 15:48:00.0047 2304 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/07 15:48:00.0078 2304 RDPWD (e2afac98fc6ca2ad2d09f2de1bc71ad9) C:\Windows\system32\drivers\RDPWD.sys
2011/05/07 15:48:00.0125 2304 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/07 15:48:00.0156 2304 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/07 15:48:00.0203 2304 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/07 15:48:00.0234 2304 SCDEmu (a73ae2510014103a44a5a58845219dcb) C:\Windows\system32\drivers\SCDEmu.sys
2011/05/07 15:48:00.0265 2304 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/07 15:48:00.0297 2304 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/07 15:48:00.0328 2304 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/07 15:48:00.0359 2304 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/05/07 15:48:00.0406 2304 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/05/07 15:48:00.0437 2304 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/07 15:48:00.0453 2304 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/07 15:48:00.0468 2304 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/07 15:48:00.0531 2304 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/05/07 15:48:00.0687 2304 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/07 15:48:00.0811 2304 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/07 15:48:00.0889 2304 Smb (46baf398809a0f3b2d3300a1760e4b91) C:\Windows\system32\DRIVERS\smb.sys
2011/05/07 15:48:00.0967 2304 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/05/07 15:48:01.0014 2304 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/05/07 15:48:01.0014 2304 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/05/07 15:48:01.0030 2304 sptd - detected LockedFile.Multi.Generic (1)
2011/05/07 15:48:01.0077 2304 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/05/07 15:48:01.0108 2304 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/07 15:48:01.0139 2304 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/07 15:48:01.0217 2304 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/07 15:48:01.0264 2304 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/07 15:48:01.0279 2304 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/07 15:48:01.0311 2304 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/07 15:48:01.0389 2304 Tcpip (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\drivers\tcpip.sys
2011/05/07 15:48:01.0451 2304 Tcpip6 (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/07 15:48:01.0513 2304 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/07 15:48:01.0529 2304 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/05/07 15:48:01.0607 2304 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/05/07 15:48:01.0623 2304 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/07 15:48:01.0669 2304 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/07 15:48:01.0794 2304 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/07 15:48:01.0888 2304 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/07 15:48:01.0903 2304 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/07 15:48:01.0935 2304 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/07 15:48:01.0966 2304 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/07 15:48:01.0997 2304 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/07 15:48:02.0044 2304 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/07 15:48:02.0059 2304 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/07 15:48:02.0091 2304 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/07 15:48:02.0106 2304 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/07 15:48:02.0153 2304 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
2011/05/07 15:48:02.0184 2304 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/07 15:48:02.0215 2304 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/07 15:48:02.0247 2304 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/07 15:48:02.0278 2304 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/07 15:48:02.0309 2304 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/07 15:48:02.0356 2304 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/07 15:48:02.0387 2304 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/07 15:48:02.0403 2304 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/07 15:48:02.0418 2304 usbuhci (d864735b0bfcb65440960a0b7cc1a38d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/07 15:48:02.0449 2304 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/07 15:48:02.0465 2304 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/05/07 15:48:02.0481 2304 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/05/07 15:48:02.0512 2304 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/07 15:48:02.0527 2304 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
2011/05/07 15:48:02.0559 2304 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
2011/05/07 15:48:02.0590 2304 volmgrx (420c48e593b9520c2dee45d671f923e1) C:\Windows\system32\drivers\volmgrx.sys
2011/05/07 15:48:02.0637 2304 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/05/07 15:48:02.0668 2304 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/07 15:48:02.0730 2304 wacmoumonitor (f24ee97511fb901189e11cbbd51605ba) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
2011/05/07 15:48:02.0808 2304 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/05/07 15:48:02.0824 2304 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/07 15:48:02.0902 2304 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/05/07 15:48:02.0949 2304 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/07 15:48:02.0964 2304 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/07 15:48:02.0995 2304 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/07 15:48:03.0027 2304 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/07 15:48:03.0136 2304 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/07 15:48:03.0183 2304 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/07 15:48:03.0214 2304 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/07 15:48:03.0245 2304 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/07 15:48:03.0323 2304 ================================================================================
2011/05/07 15:48:03.0323 2304 Scan finished
2011/05/07 15:48:03.0323 2304 ================================================================================
2011/05/07 15:48:03.0323 3544 Detected object count: 1
2011/05/07 15:49:07.0283 3544 LockedFile.Multi.Generic(sptd) - User select action: Skip

#11
Essexboy

Posted 08 May 2011 - 04:22 AM

GeekU Moderator

Retired Staff
69,964 posts

Are you still getting Blue screens ?

Posted Image

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

#12
Gwendolyn85

Posted 08 May 2011 - 09:58 PM

Member

Topic Starter
Member
42 posts

No, actually ever since I used aswMBR.exe the PC has been working perfectly, I can't thank you enough for your help and kindness ^^

This is the log that popped out; it didn't find out anything so it didn't restart:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6529

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

5/8/2011 8:51:03 PM
mbam-log-2011-05-08 (20-51-03).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 314978
Time elapsed: 54 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13
Essexboy

Posted 09 May 2011 - 11:27 AM

GeekU Moderator

Retired Staff
69,964 posts

Subject to no further problems :unsure:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :yes:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to this site and click Do I have Java
It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

Go to Control Panel and select System
Select System
On the left select System Protection and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name i.e. Clean
Select Create

Now we can purge the infected ones

GoStart > All programs > Accessories > system tools page
Select Performance Information and Tools
Right click Disc cleanup an select run as administrator
Select Your main drive and accept the warning if you get one
For a few moments the system will make some calculations
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

Final stretch

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

#14
Gwendolyn85

Posted 09 May 2011 - 11:35 AM

Member

Topic Starter
Member
42 posts

Thank you so much for your help Essexboy, you're a godsend! I'll do every step you've recommended to keep my PC clean from now on; again I can't thank you enough for your help, thank you!