Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very Strange Virus

Started by Rydon , Aug 05 2011 09:11 PM

  • This topic is locked This topic is locked

#1
Rydon
Posted 05 August 2011 - 09:11 PM

Rydon

    Member

  • Member
  • PipPip
  • 57 posts
So as of two weeks ago, I believe that I've had a very strange virus. It causes redirects/popup ads in my firefox and internet explorer, and it won't allow me to make windows updates. Every time I try to install a windows update, my system is unable to boot and it sends me into startup repair. After repair, it takes me back to a previous state. It also messes with my date and time settings. Malwarebytes won't pick up anything. I've reset my system to factory settings TWICE and the problem still persists. I don't know if this image will help at all. But Malwarebytes stopped one of the processes. Please help. I fear that it's only getting worse. I have windows updates disabled for now.

Attached Thumbnails

  • screencap.png

  • 0

Advertisements

#2
michaelg9
Posted 09 August 2011 - 12:37 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hi
:unsure: . I'm Michael and I'm going to help you fix your computer :yes:

Note: Before we start the process you should:
  • POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
  • Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  • Topics that are idle for 4 days after I post instructions will be closed, unless I'm notified of the delay.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

Sorry for the late reply.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here :)



Next:

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.



Next:


Posted Image OTL Custom Scan
  • Download OTL to your Desktop
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

#3
Rydon
Posted 09 August 2011 - 02:30 PM

Rydon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
GMER.txt was blank

OTL.txt
OTL logfile created on: 8/9/2011 4:24:10 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Ryan Hurtt\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.80 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 76.75% Memory free
15.60 Gb Paging File | 13.68 Gb Available in Paging File | 87.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 413.36 Gb Free Space | 91.64% Space Free | Partition Type: NTFS

Computer Name: RYANHURTT-PC | User Name: Ryan Hurtt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/10 02:55:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan Hurtt\Desktop\OTL.exe
PRC - [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/08/26 14:45:22 | 001,853,248 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/08/11 20:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/05/14 13:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/03/03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 22:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/09 15:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/22 10:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009/06/24 18:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/18 23:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (SafeList) ==========

MOD - [2011/08/10 02:55:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan Hurtt\Desktop\OTL.exe
MOD - [2009/07/13 21:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\imagehlp.dll
MOD - [2009/07/13 21:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\normaliz.dll
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/21 05:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/11/02 14:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/09/21 17:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2009/09/21 17:03:06 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2009/09/21 17:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/09/15 23:59:44 | 000,907,264 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2009/09/15 23:54:38 | 000,403,456 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2010/11/21 22:09:39 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/03/03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/26 13:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/23 18:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/21 23:33:41 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/21 23:33:41 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/21 23:33:41 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/03/15 13:25:18 | 007,850,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/10 17:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/21 05:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/08 05:51:38 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/12/01 13:55:31 | 000,359,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/11/02 14:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/15 22:45:08 | 000,174,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2009/09/15 22:45:00 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2009/09/15 22:44:58 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2009/09/15 12:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/08/24 12:20:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/21 01:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/24 15:13:02 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/07/23 14:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/04 20:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 09:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 19:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/06/25 18:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 17:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 17:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/15 15:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/06/26 12:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3962757058-329505454-186606251-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3962757058-329505454-186606251-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3962757058-329505454-186606251-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3962757058-329505454-186606251-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/09 15:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/10 03:02:25 | 000,000,000 | ---D | M]

[2011/08/10 02:52:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan Hurtt\AppData\Roaming\Mozilla\Extensions
[2011/08/10 02:51:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/07/08 03:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3962757058-329505454-186606251-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Ryan Hurtt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198 192.168.1.1
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\WINDOWS\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/10 03:04:03 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/10 03:03:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Roaming\Apple Computer
[2011/08/10 03:03:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Local\Apple Computer
[2011/08/10 03:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/10 03:03:51 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011/08/10 03:03:51 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011/08/10 03:03:51 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/08/10 03:03:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/08/10 03:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/10 03:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/10 03:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/08/10 03:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/08/10 03:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/10 03:02:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/08/10 03:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/08/10 03:01:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Local\Apple
[2011/08/10 03:01:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/08/10 03:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/08/10 03:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/10 03:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/08/10 03:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/08/10 03:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/08/10 03:00:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Roaming\Skype
[2011/08/10 03:00:55 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/08/10 03:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/08/10 03:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/08/10 02:58:48 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Roaming\acccore
[2011/08/10 02:58:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Local\AOL
[2011/08/10 02:58:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Local\AIM
[2011/08/10 02:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM
[2011/08/10 02:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/08/10 02:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM
[2011/08/10 02:58:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2011/08/10 02:58:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2011/08/10 02:58:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Roaming\WinRAR
[2011/08/10 02:58:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/08/10 02:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/08/10 02:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/08/10 02:55:52 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan Hurtt\Desktop\OTL.exe
[2011/08/10 02:55:21 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Ryan Hurtt\Desktop\aswMBR.exe
[2011/08/10 02:52:00 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Roaming\Mozilla
[2011/08/10 02:52:00 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Local\Mozilla
[2011/08/10 02:51:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/08/10 02:51:16 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Roaming\Macromedia
[2011/08/10 02:51:14 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Roaming\Adobe
[2011/08/08 11:09:35 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Roaming\Dell
[2011/08/08 11:09:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Local\Stardock_Corporation
[2011/08/08 11:09:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Roaming\Intel Corporation
[2011/08/08 11:09:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Roaming\Roxio
[2011/08/08 11:09:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Local\DataSafeOnline
[2011/08/08 11:09:22 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Roaming\Intel
[2011/08/08 11:09:03 | 000,000,000 | R--D | C] -- C:\Users\Ryan Hurtt\Searches
[2011/08/08 11:09:03 | 000,000,000 | R--D | C] -- C:\Users\Ryan Hurtt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/08/08 11:09:02 | 000,000,000 | R--D | C] -- C:\Users\Ryan Hurtt\Virtual Machines
[2011/08/08 11:09:02 | 000,000,000 | -H-D | C] -- C:\Users\Ryan Hurtt\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/08/08 11:08:53 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Roaming\Identities
[2011/08/08 11:08:51 | 000,000,000 | R--D | C] -- C:\Users\Ryan Hurtt\Contacts
[2011/08/08 11:08:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/08 11:08:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Local\VirtualStore
[2011/08/08 11:08:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Local\SoftThinks
[2011/08/08 11:06:10 | 000,000,000 | --SD | C] -- C:\Users\Ryan Hurtt\AppData\Roaming\Microsoft
[2011/08/08 11:06:10 | 000,000,000 | R--D | C] -- C:\Users\Ryan Hurtt\Videos
[2011/08/08 11:06:10 | 000,000,000 | R--D | C] -- C:\Users\Ryan Hurtt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/08/08 11:06:10 | 000,000,000 | R--D | C] -- C:\Users\Ryan Hurtt\Saved Games
[2011/08/08 11:06:10 | 000,000,000 | R--D | C] -- C:\Users\Ryan Hurtt\Pictures
[2011/08/08 11:06:10 | 000,000,000 | R--D | C] -- C:\Users\Ryan Hurtt\Music
[2011/08/08 11:06:10 | 000,000,000 | R--D | C] -- C:\Users\Ryan Hurtt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/08/08 11:06:10 | 000,000,000 | R--D | C] -- C:\Users\Ryan Hurtt\Links
[2011/08/08 11:06:10 | 000,000,000 | R--D | C] -- C:\Users\Ryan Hurtt\Favorites
[2011/08/08 11:06:10 | 000,000,000 | R--D | C] -- C:\Users\Ryan Hurtt\Downloads
[2011/08/08 11:06:10 | 000,000,000 | R--D | C] -- C:\Users\Ryan Hurtt\Documents
[2011/08/08 11:06:10 | 000,000,000 | R--D | C] -- C:\Users\Ryan Hurtt\Desktop
[2011/08/08 11:06:10 | 000,000,000 | R--D | C] -- C:\Users\Ryan Hurtt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/08/08 11:06:10 | 000,000,000 | -HSD | C] -- C:\Users\Ryan Hurtt\AppData\Local\Temporary Internet Files
[2011/08/08 11:06:10 | 000,000,000 | -HSD | C] -- C:\Users\Ryan Hurtt\Templates
[2011/08/08 11:06:10 | 000,000,000 | -HSD | C] -- C:\Users\Ryan Hurtt\Start Menu
[2011/08/08 11:06:10 | 000,000,000 | -HSD | C] -- C:\Users\Ryan Hurtt\SendTo
[2011/08/08 11:06:10 | 000,000,000 | -HSD | C] -- C:\Users\Ryan Hurtt\Recent
[2011/08/08 11:06:10 | 000,000,000 | -HSD | C] -- C:\Users\Ryan Hurtt\PrintHood
[2011/08/08 11:06:10 | 000,000,000 | -HSD | C] -- C:\Users\Ryan Hurtt\NetHood
[2011/08/08 11:06:10 | 000,000,000 | -HSD | C] -- C:\Users\Ryan Hurtt\Documents\My Videos
[2011/08/08 11:06:10 | 000,000,000 | -HSD | C] -- C:\Users\Ryan Hurtt\Documents\My Pictures
[2011/08/08 11:06:10 | 000,000,000 | -HSD | C] -- C:\Users\Ryan Hurtt\Documents\My Music
[2011/08/08 11:06:10 | 000,000,000 | -HSD | C] -- C:\Users\Ryan Hurtt\My Documents
[2011/08/08 11:06:10 | 000,000,000 | -HSD | C] -- C:\Users\Ryan Hurtt\Local Settings
[2011/08/08 11:06:10 | 000,000,000 | -HSD | C] -- C:\Users\Ryan Hurtt\AppData\Local\History
[2011/08/08 11:06:10 | 000,000,000 | -HSD | C] -- C:\Users\Ryan Hurtt\Cookies
[2011/08/08 11:06:10 | 000,000,000 | -HSD | C] -- C:\Users\Ryan Hurtt\Application Data
[2011/08/08 11:06:10 | 000,000,000 | -HSD | C] -- C:\Users\Ryan Hurtt\AppData\Local\Application Data
[2011/08/08 11:06:10 | 000,000,000 | -H-D | C] -- C:\Users\Ryan Hurtt\AppData
[2011/08/08 11:06:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Local\Temp
[2011/08/08 11:06:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Local\Microsoft
[2011/08/08 11:06:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan Hurtt\AppData\Roaming\Media Center Programs
[2011/08/08 02:05:10 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2011/08/08 00:45:23 | 000,000,000 | ---D | C] -- C:\Windows\SMINST
[2011/07/12 11:34:00 | 000,212,840 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dnssdX.dll
[2011/07/12 11:34:00 | 000,096,104 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe
[2011/07/12 11:34:00 | 000,085,864 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll
[2011/07/12 11:34:00 | 000,061,288 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\jdns_sd.dll
[2011/07/12 11:20:54 | 000,178,536 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dnssdX.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011/07/12 11:20:54 | 000,050,536 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\jdns_sd.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/10 03:04:03 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/10 03:03:55 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/10 03:02:20 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/10 03:00:56 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/10 02:58:48 | 000,000,360 | -H-- | M] () -- C:\IPH.PH
[2011/08/10 02:58:44 | 000,001,937 | ---- | M] () -- C:\Users\Ryan Hurtt\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/08/10 02:58:44 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/08/10 02:56:28 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Ryan Hurtt\Desktop\aswMBR.exe
[2011/08/10 02:55:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan Hurtt\Desktop\OTL.exe
[2011/08/10 02:51:57 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/10 02:50:46 | 000,001,439 | ---- | M] () -- C:\Users\Ryan Hurtt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/10 02:48:53 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/10 02:48:53 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/08/09 16:13:01 | 000,001,499 | ---- | M] () -- C:\Users\Ryan Hurtt\Desktop\Desktop.zip
[2011/08/09 16:12:38 | 000,000,512 | ---- | M] () -- C:\Users\Ryan Hurtt\Desktop\MBR.dat
[2011/08/09 16:10:20 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/09 16:10:20 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/09 16:07:20 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/09 16:07:20 | 000,616,952 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/09 16:07:20 | 000,104,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/09 16:02:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/09 16:02:25 | 1987,448,831 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/08 11:09:31 | 000,001,980 | ---- | M] () -- C:\Users\Ryan Hurtt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2011/08/08 02:05:22 | 000,040,791 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/08/08 02:05:22 | 000,040,791 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\Ryan Hurtt\Desktop\gmer.exe
[2011/07/12 11:34:00 | 000,212,840 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dnssdX.dll
[2011/07/12 11:34:00 | 000,096,104 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe
[2011/07/12 11:34:00 | 000,085,864 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll
[2011/07/12 11:34:00 | 000,061,288 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\jdns_sd.dll
[2011/07/12 11:20:54 | 000,178,536 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssdX.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011/07/12 11:20:54 | 000,050,536 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\jdns_sd.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/10 03:09:36 | 000,302,592 | ---- | C] () -- C:\Users\Ryan Hurtt\Desktop\gmer.exe
[2011/08/10 03:03:55 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/10 03:02:20 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/10 03:01:58 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/08/10 03:00:56 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/10 02:58:44 | 000,001,937 | ---- | C] () -- C:\Users\Ryan Hurtt\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/08/10 02:58:44 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/08/10 02:58:31 | 000,000,360 | -H-- | C] () -- C:\IPH.PH
[2011/08/10 02:51:57 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/10 02:51:57 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/10 02:50:46 | 000,001,439 | ---- | C] () -- C:\Users\Ryan Hurtt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/09 16:13:01 | 000,001,499 | ---- | C] () -- C:\Users\Ryan Hurtt\Desktop\Desktop.zip
[2011/08/09 16:12:38 | 000,000,512 | ---- | C] () -- C:\Users\Ryan Hurtt\Desktop\MBR.dat
[2011/08/08 11:09:31 | 000,001,980 | ---- | C] () -- C:\Users\Ryan Hurtt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2011/08/08 11:09:08 | 000,001,411 | ---- | C] () -- C:\Users\Ryan Hurtt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/08/08 11:09:04 | 000,001,445 | ---- | C] () -- C:\Users\Ryan Hurtt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/08/08 11:08:39 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/08/08 11:08:38 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/08 11:06:38 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2011/08/08 11:06:10 | 000,000,290 | ---- | C] () -- C:\Users\Ryan Hurtt\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/08/08 11:06:10 | 000,000,272 | ---- | C] () -- C:\Users\Ryan Hurtt\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/08/08 02:03:21 | 1987,448,831 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/21 22:23:27 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/10/30 17:26:36 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/10/30 17:26:36 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/10/30 17:26:36 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/10/30 17:26:35 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/10/30 17:26:35 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/08/10 02:59:02 | 000,000,000 | ---D | M] -- C:\Users\Ryan Hurtt\AppData\Roaming\acccore
[2011/08/10 02:48:53 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/07/14 01:08:49 | 000,002,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/10 02:48:53 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2010/11/21 23:33:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2010/11/21 23:33:38 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\WINDOWS\SysWOW64\explorer.exe
[2010/11/21 23:33:38 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/11/21 23:33:20 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/11/21 23:33:29 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2010/11/21 23:33:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\WINDOWS\explorer.exe
[2010/11/21 23:33:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/11/21 23:33:29 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/21 23:33:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/11/21 23:33:29 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/11/21 23:33:38 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/11/21 23:33:20 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2010/11/21 23:33:29 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/11/21 23:33:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\WINDOWS\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\WINDOWS\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\WINDOWS\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/11/21 23:33:38 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/11/21 23:33:38 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 23:33:38 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/08 03:16:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/08 03:16:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/08 03:16:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/07/08 03:16:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/07/08 03:16:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/07/08 03:16:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)

< End of report >







aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-09 16:08:32
-----------------------------
16:08:32.681 OS Version: Windows x64 6.1.7600
16:08:32.681 Number of processors: 4 586 0x2505
16:08:32.682 ComputerName: RYANHURTT-PC UserName: Ryan Hurtt
16:08:35.265 Initialize success
16:08:40.365 AVAST engine defs: 11080901
16:08:54.387 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:08:54.392 Disk 0 Vendor: ST950042 D005 Size: 476940MB BusType: 3
16:08:54.396 Device \Driver\iaStor -> MajorFunction fffffa800835c6c0
16:08:56.401 Disk 0 MBR read successfully
16:08:56.406 Disk 0 MBR scan
16:08:56.414 Disk 0 MBR:Alureon-G [Rtk]
16:08:56.419 Disk 0 TDL4@MBR code has been found
16:08:56.425 Disk 0 MBR hidden
16:08:56.431 Disk 0 MBR [TDL4] **ROOTKIT**
16:08:56.435 Disk 0 trace - called modules:
16:08:56.439 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys >>UNKNOWN [0xfffffa800835c6c0]<<
16:08:56.442 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80082b9060]
16:08:56.447 3 CLASSPNP.SYS[fffff88001a6343f] -> nt!IofCallDriver -> [0xfffffa8008189ce0]
16:08:56.451 5 stdflt.sys[fffff8800169ca4a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008002050]
16:08:56.667 \Driver\iaStor[0xfffffa8008197870] -> IRP_MJ_CREATE -> 0xfffffa800835c6c0
16:09:08.944 AVAST engine scan C:\Windows
16:09:33.633 AVAST engine scan C:\Windows\system32
16:10:52.267 AVAST engine scan C:\Windows\system32\drivers
16:11:18.001 AVAST engine scan C:\Users\Ryan Hurtt
16:11:51.413 AVAST engine scan C:\ProgramData
16:12:20.628 Scan finished successfully
16:12:38.855 Disk 0 MBR has been saved successfully to "C:\Users\Ryan Hurtt\Desktop\MBR.dat"
16:12:38.865 The log file has been saved successfully to "C:\Users\Ryan Hurtt\Desktop\aswMBR.txt"

Attached Files


  • 0

#4
michaelg9
Posted 09 August 2011 - 02:31 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Can you try running GMER again, in safe mode

Edit:Found aswMBR log in the zip. Please post the logs instead of attaching them

Edited by michaelg9, 09 August 2011 - 02:41 PM.

  • 0

#5
Rydon
Posted 09 August 2011 - 02:54 PM

Rydon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
It says GMER hasn't found any system modification...

Attached Files


  • 0

#6
michaelg9
Posted 09 August 2011 - 02:56 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,
It seems that we found the culprit :)

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix Button

Posted Image

Save the log as before and post in your next reply
  • 0

#7
Rydon
Posted 09 August 2011 - 03:18 PM

Rydon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
It says the disinfection failed. :)

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-09 17:06:59
-----------------------------
17:06:59.449 OS Version: Windows x64 6.1.7600
17:06:59.449 Number of processors: 4 586 0x2505
17:06:59.449 ComputerName: RYANHURTT-PC UserName: Ryan Hurtt
17:07:01.399 Initialize success
17:07:06.659 AVAST engine defs: 11080901
17:07:12.801 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:07:12.801 Disk 0 Vendor: ST950042 D005 Size: 476940MB BusType: 3
17:07:12.817 Device \Driver\iaStor -> MajorFunction fffffa800835b6c0
17:07:14.820 Disk 0 MBR read successfully
17:07:14.820 Disk 0 MBR scan
17:07:14.830 Disk 0 MBR:Alureon-G [Rtk]
17:07:14.830 Disk 0 TDL4@MBR code has been found
17:07:14.840 Disk 0 MBR hidden
17:07:14.850 Disk 0 MBR [TDL4] **ROOTKIT**
17:07:14.850 Disk 0 trace - called modules:
17:07:14.850 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys >>UNKNOWN [0xfffffa800835b6c0]<<
17:07:14.860 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008349060]
17:07:14.860 3 CLASSPNP.SYS[fffff88001b4b43f] -> nt!IofCallDriver -> [0xfffffa8008189c50]
17:07:14.870 5 stdflt.sys[fffff880016e6a4a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008089050]
17:07:14.870 \Driver\iaStor[0xfffffa8008195870] -> IRP_MJ_CREATE -> 0xfffffa800835b6c0
17:07:16.705 AVAST engine scan C:\Windows
17:07:25.741 AVAST engine scan C:\Windows\system32
17:08:36.161 AVAST engine scan C:\Windows\system32\drivers
17:08:48.164 AVAST engine scan C:\Users\Ryan Hurtt
17:09:15.910 AVAST engine scan C:\ProgramData
17:09:43.678 Scan finished successfully
17:10:57.583 Disk 0 MBR read successfully
17:10:57.593 Disk 0 MBR:Alureon-G [Rtk]
17:10:57.603 Disk 0 TDL4@MBR code has been found
17:10:57.603 Disk 0 fixing MBR ...
17:11:07.621 Disk 0 MBR restored successfully
17:11:07.631 Verifying disinfection
17:11:36.391 Disinfection error
17:11:45.449 Disk 0 MBR has been saved successfully to "C:\Users\Ryan Hurtt\Desktop\MBR.dat"
17:11:45.459 The log file has been saved successfully to "C:\Users\Ryan Hurtt\Desktop\aswMBR.txt"

Attached Files


Edited by michaelg9, 09 August 2011 - 03:23 PM.

  • 0

#8
michaelg9
Posted 09 August 2011 - 03:28 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Does the advanced boot menu, where you selected to boot into safe mode before, include a line named Repair Your Computer? Like this:
Posted Image

Also, do you have your Windows 7 CD?
  • 0

#9
Rydon
Posted 09 August 2011 - 03:35 PM

Rydon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Yes, it does include that line.
No, I no longer have my windows 7 CD. :)
  • 0

#10
michaelg9
Posted 09 August 2011 - 03:45 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
  • OK, then select that line. It will load some files and bring you here:
    Posted Image
  • Select Command Prompt
  • At the prompt type:

    bootrec /FixMbr

  • Reboot
  • Run another scan with aswMBR and post the log here. Also, tell me what was the output of the command above

  • 0

Advertisements

#11
Rydon
Posted 09 August 2011 - 03:54 PM

Rydon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Since I put in that command prompt and tried to start in safe mode all i get is a blue screen and a reboot. Its not doing anything. Should i launch startup repair?
  • 0

#12
michaelg9
Posted 09 August 2011 - 04:01 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Can you tell me what the error code is and if any files are mentioned?
Also, try StartUp repair and tell me if it fixed anything

Thanks
  • 0

#13
Rydon
Posted 09 August 2011 - 04:25 PM

Rydon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Startup repair isn't working. I tried system restore and that isn't working either. The screen flashes blue for a split second and reboots and says it can't boot successfully. Should I just restore it to factory settings? I don't know what's going on.
  • 0

#14
michaelg9
Posted 09 August 2011 - 04:33 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Go to the advanced menu options again and then select Disable Automatic Restart on System Failure. Then you'll be able to read it and tell em the error code and if any file exists.
Please don't do anything more than what I tell you
  • 0

#15
Rydon
Posted 09 August 2011 - 04:40 PM

Rydon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
"A problem has been detected and windows has been shut down to preent damage"

It says to check for viruses. Remove any newly installed hard drives or controllers. Run CHKDSK /F to check for corruption then restart.

Technical information:
*** STOP: 0x0000007B (0xFFFFF880009A9928, 0xFFFFFFFFC000000D....) Etc
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP