Hello. The past couple days I have been suffering from frequent "blue screen" crashes (OS is Windows 7), Google links re-directing to ad sites, and general slowness in my Internet Explorer 8. I've used Search & Destroy, AdAware, and Malwarebytes to scan the computer, but they never were able to delete Click.Giftload. They did in Safe Mode, but after rebooting and scanning again it was back.

I've tried to run DDS so I can provide a log, but when I try to save it/run it, my computer keeps saying it needs permission from the administrator (which I am), and keeps popping up when I hit "Try Again". My McAffe also pops up at the same time, saying it has deleted a Trojan. I've uploaded a screenshot of the issue.

Any help will be appreciated :)

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
Hi and welcome to Safer Networking. :)


I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Windows 7 Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:


I've tried to run DDS so I can provide a log, but when I try to save it/run it, my computer keeps saying it needs permission from the administrator (which I am), and keeps popping up when I hit "Try Again". My McAffe also pops up at the same time, saying it has deleted a Trojan. I've uploaded a screenshot of the issue.
It appears your security application McAfee is detecting DDS as a variation of the Artemis Trojan, actually this is what is known as a False Positive detection...Not a cause for concern I will further add and I will be asking your good self to scan with a different application in due course.

In the mean time can you inform myself which version of Windows 7 you have as in is it either 32 Bit or 64 Bit? If not sure you can check as follows:-

Right-click on the Desktop Computer icon >> Properties

Or via:

Start(Windows 7 Orb) >> Right-click on Computer >> Properties

Under System make a note of the System type:

Thank you very much for your assistance. The version of Windows 7 I have is the 32-Bit one.

Hi. :)


Thank you very much for your assistance. The version of Windows 7 I have is the 32-Bit one.
You're welcome and thank you for the clarification also.

Scan with OTL:

Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) and save it to your Desktop.

Alternate downloads are here (http://oldtimer.geekstogo.com/OTL.com) and here (http://oldtimer.geekstogo.com/OTL.scr).


Right-click on OTL.exe and select Run as Administrator to start OTL.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:


How is you computer performing now, any further symptoms and or problems encountered?
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

I've run the OTL scan. As asked, here are the logs.

First is the OTL.txt

OTL logfile created on: 3/23/2011 10:55:42 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Justin\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 326.18 Gb Total Space | 211.59 Gb Free Space | 64.87% Space Free | Partition Type: NTFS
Drive D: | 9.16 Gb Total Space | 1.25 Gb Free Space | 13.60% Space Free | Partition Type: NTFS
Drive M: | 931.51 Gb Total Space | 814.97 Gb Free Space | 87.49% Space Free | Partition Type: NTFS

Computer Name: VEDA | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Justin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe ()
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\BitTorrent\bittorrent.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Justin\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (nosGetPlusHelper) getPlus(R) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McOobeSv) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (DTSRVC) -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\system32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) -- C:\Program Files\CyberLink\PowerDVD\000.fcl (CyberLink Corp.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (CLBUDFR) -- C:\Windows\System32\drivers\CLBUDFR.sys (CyberLink Corporation.)
DRV - (CLBStor) -- C:\Windows\System32\drivers\CLBStor.sys (Cyberlink Co.,Ltd.)
DRV - (PCD5SRVC{BD6912E3-AC9D80E8-05040000}) -- C:\Program Files\PC-Doctor 5 for Windows\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (XG762_VS) -- C:\Windows\System32\drivers\WlanGZG.sys (Atheros Communications, Inc.)
DRV - (ZY202_XP) -- C:\Windows\System32\drivers\WlanUZXP.SYS (ZyDAS Technology Corporation)
DRV - (PdiPorts) -- C:\Windows\System32\drivers\PdiPorts.sys (Portrait Displays, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1983776509-132609297-3775980313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKU\S-1-5-21-1983776509-132609297-3775980313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1983776509-132609297-3775980313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1983776509-132609297-3775980313-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1983776509-132609297-3775980313-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/21 14:10:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/21 14:06:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/19 18:05:59 | 000,000,000 | ---D | M]

[2009/11/14 17:32:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
[2008/09/03 15:27:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2009/04/05 15:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/21 19:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\b8vemkwx.default\extensions
[2010/01/14 14:49:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\b8vemkwx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/21 19:13:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\b8vemkwx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/02 08:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 09:25:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 18:09:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/02 08:21:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110321140628.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1983776509-132609297-3775980313-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] File not found
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1983776509-132609297-3775980313-1000..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe ()
O4 - HKU\S-1-5-21-1983776509-132609297-3775980313-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1983776509-132609297-3775980313-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Justin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Justin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\Shell - "" = AutoRun
O33 - MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\Shell\AutoRun\command - "" = K:\Autorun_rlsmm.exe
O33 - MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\Shell\checker\command - "" = K:\TEST\CHECKER.exe
O33 - MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\Shell\dstest\command - "" = K:\TEST\DSTEST.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\rgn.exe" -a "%1" %* (Valve Corporation)
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\rgn.exe" -a "%1" %* (Valve Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/23 10:52:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2011/03/23 08:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/03/22 18:48:31 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\New folder
[2011/03/22 07:36:30 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Malwarebytes
[2011/03/22 07:36:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/22 07:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/22 07:36:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/22 07:36:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/22 07:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/22 07:35:33 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Justin\Documents\mbam-setup-1.50.1.1100.exe
[2011/03/21 21:00:42 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/03/21 21:00:38 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/03/21 20:57:22 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Sunbelt Software
[2011/03/21 20:54:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\{870E601A-FE70-4098-94B2-6E9963FCAA51}
[2011/03/21 20:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/03/21 19:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/21 19:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/03/21 19:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/03/21 19:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2011/03/21 19:16:00 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/03/21 19:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/03/21 14:06:27 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2011/03/21 14:06:08 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2011/03/21 14:06:06 | 000,386,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2011/03/21 14:06:06 | 000,313,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2011/03/21 14:06:06 | 000,164,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2011/03/21 14:06:06 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2011/03/21 14:06:06 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2011/03/21 14:06:06 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2011/03/21 14:06:05 | 000,152,960 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2011/03/21 14:06:05 | 000,095,600 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2011/03/21 14:06:05 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2011/03/21 14:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2011/03/21 14:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/03/21 14:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/03/21 13:34:23 | 000,095,568 | R--- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys.c739.deleteme
[2011/03/19 19:44:18 | 022,727,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Justin\Documents\IE9-Setup-US_Win7_X86.exe
[2011/03/19 19:41:40 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\ParetoLogic
[2011/03/19 19:41:40 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\DriverCure
[2011/03/19 19:41:29 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2011/03/19 19:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/03/19 19:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/03/19 19:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/03/19 19:40:28 | 005,193,608 | ---- | C] (ParetoLogic Inc.) -- C:\Users\Justin\Documents\ParetoLogic PC Health Advisor.exe
[2011/03/19 18:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/03/19 18:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/03/19 18:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/03/19 18:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/03/19 17:45:34 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\ElevatedDiagnostics
[2011/03/19 17:15:05 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{2CACCC08-4937-447B-AB31-6A501E2DE91B}
[2011/03/19 13:42:57 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\Gundam Wing Endless Waltz - Glory of the Defeated
[2011/03/09 23:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/03/09 09:07:19 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/09 09:07:19 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/03/09 09:07:17 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 09:07:17 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011/03/09 09:07:17 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 09:07:17 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/06 11:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/02/28 12:12:11 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\MG 00 Raiser
[2011/02/23 11:12:45 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/23 11:12:44 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/22 01:04:44 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011/02/22 01:04:42 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011/02/22 01:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/02/22 01:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/02/22 01:02:19 | 011,708,760 | ---- | C] (Nullsoft, Inc.) -- C:\Users\Justin\Documents\winamp5601_full_emusic-7plus_en-us.exe
[2009/07/13 18:24:44 | 000,361,472 | ---- | C] (Fujitsu Takamisawa Component Limited) -- C:\Users\Justin\AppData\Local\ahafuyip.dll_old.old
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Justin\*.tmp files -> C:\Users\Justin\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/23 10:52:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2011/03/23 09:03:45 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/23 09:03:45 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/23 08:57:36 | 000,619,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/23 08:57:36 | 000,105,440 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/23 08:54:38 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2011/03/23 08:51:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/23 08:51:16 | 1602,101,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/22 21:11:48 | 000,399,479 | ---- | M] () -- C:\Users\Justin\Desktop\ddsproblem.png
[2011/03/22 19:05:34 | 000,638,508 | ---- | M] () -- C:\Users\Justin\Desktop\GameFAQs Dissidia Final Fantasy (PSP) FAQ-Walkthrough by Blueset.mht
[2011/03/22 18:00:01 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/03/22 10:23:14 | 000,000,730 | ---- | M] () -- C:\Users\Justin\Desktop\paper.rtf
[2011/03/22 07:36:17 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/22 07:35:55 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Justin\Documents\mbam-setup-1.50.1.1100.exe
[2011/03/22 00:33:00 | 000,000,843 | ---- | M] () -- C:\Users\Justin\.recently-used.xbel
[2011/03/22 00:24:56 | 201,711,184 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/21 21:00:38 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/03/21 20:54:36 | 000,001,130 | ---- | M] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/03/21 20:54:36 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/03/21 19:37:01 | 000,335,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/21 19:31:52 | 000,001,222 | ---- | M] () -- C:\Users\Justin\Desktop\Spybot - Search & Destroy.lnk
[2011/03/21 19:13:22 | 000,001,137 | ---- | M] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/03/21 19:13:22 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/03/21 17:21:49 | 000,000,120 | ---- | M] () -- C:\Users\Justin\AppData\Local\Fmitanahifureqi.dat
[2011/03/21 13:45:59 | 000,012,136 | -HS- | M] () -- C:\ProgramData\02gx6r2l0370v70bm00a6ixv8r8l63551ywf7757812x05i
[2011/03/21 12:17:41 | 000,000,042 | ---- | M] () -- C:\Windows\System32\scud.udf
[2011/03/21 11:57:27 | 000,000,021 | ---- | M] () -- C:\Windows\tpcsd
[2011/03/21 00:56:31 | 000,000,000 | ---- | M] () -- C:\Users\Justin\AppData\Local\Pbegaxacodene.bin
[2011/03/20 23:08:36 | 000,440,656 | ---- | M] () -- C:\Users\Justin\Desktop\jp_title_screen.mp3
[2011/03/19 20:07:09 | 000,001,413 | ---- | M] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/19 19:52:59 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/03/19 19:52:59 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011/03/19 19:52:59 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2011/03/19 19:44:33 | 022,727,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Justin\Documents\IE9-Setup-US_Win7_X86.exe
[2011/03/19 19:40:51 | 005,193,608 | ---- | M] (ParetoLogic Inc.) -- C:\Users\Justin\Documents\ParetoLogic PC Health Advisor.exe
[2011/03/19 19:26:34 | 000,002,878 | ---- | M] () -- C:\Users\Justin\Documents\pass.rtf
[2011/03/19 18:41:39 | 000,001,729 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/03/18 01:29:00 | 000,025,999 | ---- | M] () -- C:\Users\Justin\Desktop\emo.rtf
[2011/03/16 03:05:30 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/03/16 03:05:29 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/03/15 11:13:41 | 000,000,687 | ---- | M] () -- C:\Users\Justin\Documents\reach.rtf
[2011/03/15 10:31:50 | 000,004,712 | ---- | M] () -- C:\Users\Justin\Documents\Halo Reach single player - multiplayer - firefight levels.rtf
[2011/03/09 23:42:42 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/09 18:06:27 | 2550,061,404 | ---- | M] () -- C:\Users\Justin\Desktop\[TV-J] Kidou Senshi Gundam UC Unicorn - episode.03 [BD 1920x1080 h264+AAC(5.1ch JP+EN) +Sub(JP-EN-SP-FR-CH) Chap].mp4
[2011/03/09 14:25:14 | 000,002,518 | ---- | M] () -- C:\Users\Justin\Desktop\dvd release dates.rtf
[2011/02/22 01:11:38 | 000,119,330 | ---- | M] () -- C:\Users\Justin\Documents\iPod_Support_v3_10.exe
[2011/02/22 01:09:58 | 000,125,854 | ---- | M] () -- C:\Users\Justin\Documents\iPod_Support_v1_02.exe
[2011/02/22 01:02:34 | 011,708,760 | ---- | M] (Nullsoft, Inc.) -- C:\Users\Justin\Documents\winamp5601_full_emusic-7plus_en-us.exe
[2011/02/21 12:57:21 | 071,576,788 | ---- | M] () -- C:\Users\Justin\Desktop\Mobile_Suit_Gundam_00_AwotT_Dengeki_Data_Collection.zip
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Justin\*.tmp files -> C:\Users\Justin\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/22 21:11:47 | 000,399,479 | ---- | C] () -- C:\Users\Justin\Desktop\ddsproblem.png
[2011/03/22 19:05:33 | 000,638,508 | ---- | C] () -- C:\Users\Justin\Desktop\GameFAQs Dissidia Final Fantasy (PSP) FAQ-Walkthrough by Blueset.mht
[2011/03/22 10:23:14 | 000,000,730 | ---- | C] () -- C:\Users\Justin\Desktop\paper.rtf
[2011/03/22 07:36:17 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/22 00:33:00 | 000,000,843 | ---- | C] () -- C:\Users\Justin\.recently-used.xbel
[2011/03/21 21:29:51 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/03/21 20:54:36 | 000,001,130 | ---- | C] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/03/21 20:54:36 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/03/21 19:31:52 | 000,001,222 | ---- | C] () -- C:\Users\Justin\Desktop\Spybot - Search & Destroy.lnk
[2011/03/21 19:13:22 | 000,001,137 | ---- | C] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/03/21 19:13:22 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/03/21 14:07:30 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2011/03/21 12:17:41 | 000,000,042 | ---- | C] () -- C:\Windows\System32\scud.udf
[2011/03/21 11:57:27 | 000,000,021 | ---- | C] () -- C:\Windows\tpcsd
[2011/03/21 10:36:58 | 000,012,136 | -HS- | C] () -- C:\ProgramData\02gx6r2l0370v70bm00a6ixv8r8l63551ywf7757812x05i
[2011/03/19 19:41:48 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/03/19 19:41:25 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/03/19 19:41:24 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011/03/19 19:41:23 | 000,000,360 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor.job
[2011/03/19 18:06:23 | 000,001,729 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/03/19 17:15:07 | 000,000,120 | ---- | C] () -- C:\Users\Justin\AppData\Local\Fmitanahifureqi.dat
[2011/03/19 17:15:07 | 000,000,000 | ---- | C] () -- C:\Users\Justin\AppData\Local\Pbegaxacodene.bin
[2011/03/15 11:13:26 | 000,000,687 | ---- | C] () -- C:\Users\Justin\Documents\reach.rtf
[2011/03/09 23:42:42 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/09 14:37:36 | 2550,061,404 | ---- | C] () -- C:\Users\Justin\Desktop\[TV-J] Kidou Senshi Gundam UC Unicorn - episode.03 [BD 1920x1080 h264+AAC(5.1ch JP+EN) +Sub(JP-EN-SP-FR-CH) Chap].mp4
[2011/02/22 01:09:56 | 000,125,854 | ---- | C] () -- C:\Users\Justin\Documents\iPod_Support_v1_02.exe
[2011/02/22 01:04:36 | 000,119,330 | ---- | C] () -- C:\Users\Justin\Documents\iPod_Support_v3_10.exe
[2011/02/21 12:57:20 | 071,576,788 | ---- | C] () -- C:\Users\Justin\Desktop\Mobile_Suit_Gundam_00_AwotT_Dengeki_Data_Collection.zip
[2010/03/30 20:54:41 | 000,009,728 | ---- | C] () -- C:\Users\Justin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/05 16:43:05 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/14 17:43:54 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/10/13 23:38:28 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini
[2009/09/17 19:36:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,335,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,619,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,105,440 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/16 23:28:37 | 000,170,454 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/11 05:10:26 | 000,226,816 | ---- | C] () -- C:\Program Files\tsMuxeR.exe
[2009/05/11 04:17:14 | 002,562,048 | ---- | C] () -- C:\Program Files\tsMuxerGUI.exe
[2008/09/22 13:31:09 | 000,000,004 | ---- | C] () -- C:\Windows\Pix11.dat
[2008/09/03 14:57:09 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/09/03 14:56:04 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2008/09/03 14:40:41 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2008/09/03 14:40:41 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2008/09/03 14:40:41 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2008/09/03 14:40:40 | 000,001,162 | ---- | C] () -- C:\Windows\System32\W32N55.INI
[2008/09/02 19:57:26 | 000,157,529 | ---- | C] () -- C:\Windows\hpoins28.dat
[2008/08/30 10:45:14 | 000,004,020 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\wklnhst.dat
[2008/08/29 14:32:45 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
[2008/08/29 14:31:38 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/08/29 14:31:37 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/03/11 15:13:05 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/03/11 15:13:05 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/03/11 15:13:05 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/03/11 15:13:05 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/03/11 14:38:46 | 000,000,068 | ---- | C] () -- C:\Windows\System32\Compaq_Demo.ini
[2008/03/11 14:27:50 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/03/11 14:23:46 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2008/03/11 14:21:40 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/03/11 14:21:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/12/12 19:01:47 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat
[1999/07/06 19:00:00 | 000,000,006 | RHS- | C] () -- C:\Windows\@@desktop.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:63238B95
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:68F4226F

< End of report >

And here is Extras.txt

OTL Extras logfile created on: 3/23/2011 10:55:42 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Justin\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 326.18 Gb Total Space | 211.59 Gb Free Space | 64.87% Space Free | Partition Type: NTFS
Drive D: | 9.16 Gb Total Space | 1.25 Gb Free Space | 13.60% Space Free | Partition Type: NTFS
Drive M: | 931.51 Gb Total Space | 814.97 Gb Free Space | 87.49% Space Free | Partition Type: NTFS

Computer Name: VEDA | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Windows\System32\config\systemprofile\AppData\Local\rgn.exe (Valve Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Windows\System32\config\systemprofile\AppData\Local\rgn.exe (Valve Corporation)

[HKEY_USERS\S-1-5-21-1983776509-132609297-3775980313-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{22D90DD2-8654-4E8A-B2F1-B6B86A2BF390}" = CyberLink UDF Reader 5.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
"{5115C036-C0D5-4E1B-81C9-542CA967478A}" = muvee autoProducer 6.1
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = PlayNC Launcher
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{7F2B6338-4C07-49A0-BDF0-AD92E3124A7E}" = Compaq Demo
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{9E78C42C-4FF9-4F41-BBC4-BF872606E79D}_is1" = Driver Robot 1.1.0.14
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A2E23800-051D-4F35-8169-85F5739A04C5}" = openCanvas4.5.09e Plus
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{fef8097e-662d-49b3-aa77-2919db3746d7}" = HP Total Care Advisor
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"AOL Instant Messenger" = AOL Instant Messenger
"Audio Record Wizard_is1" = Audio Record Wizard v3.99
"AviSynth" = AviSynth 2.5
"BitTorrent" = BitTorrent 5.0.9
"Buddy Spy_is1" = Buddy Spy 2.2.10
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"DriverAgent.exe" = DriverAgent by TouchStone Software
"DVD Flick_is1" = DVD Flick
"FLAC" = FLAC 1.2.1b (remove only)
"FREE Hi-Q Recorder_is1" = FREE Hi-Q Recorder 1.92
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"MSC" = McAfee AntiVirus Plus
"MSNINST" = MSN
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"Open Codecs" = Xiph.Org Open Codecs 0.84.17359
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PandoraRecovery" = PandoraRecovery (Remove Only)
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Recover My Files_is1" = Recover My Files
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TomTom HOME" = TomTom HOME 2.6.1.1549
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.9
"WildTangent hp Master Uninstall" = My HP Games
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1983776509-132609297-3775980313-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NCsoft-Exteel" = Exteel

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/22/2011 10:06:43 PM | Computer Name = VEDA | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16722 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ba4 Start
Time: 01cbe8fd6e81eab2 Termination Time: 10 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 2eddacd3-54f2-11e0-a614-001d92f57446

Error - 3/22/2011 10:28:42 PM | Computer Name = VEDA | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16722 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1578 Start
Time: 01cbe901fd0f8e64 Termination Time: 0 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 423d0fc3-54f5-11e0-a614-001d92f57446

Error - 3/23/2011 12:30:49 AM | Computer Name = VEDA | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16722 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 107c Start
Time: 01cbe91178bee2d4 Termination Time: 78 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 3/23/2011 12:33:18 AM | Computer Name = VEDA | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16722 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c64 Start
Time: 01cbe9131755d6da Termination Time: 33 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 3/23/2011 12:38:49 AM | Computer Name = VEDA | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16722 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: d20 Start
Time: 01cbe913fc197876 Termination Time: 14 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 3/23/2011 9:51:44 AM | Computer Name = VEDA | Source = WinMgmt | ID = 10
Description =

Error - 3/23/2011 10:08:08 AM | Computer Name = VEDA | Source = Application Error | ID = 1000
Description = Faulting application name: AcroRd32.exe, version: 8.1.0.137, time
stamp: 0x46444e37 Faulting module name: AcroRd32.dll, version: 8.1.3.187, time stamp:
0x48f5acd6 Exception code: 0xc0000005 Fault offset: 0x00023772 Faulting process id:
0x1140 Faulting application start time: 0x01cbe963ba45c7ce Faulting application path:
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe Faulting module path: C:\Program
Files\Adobe\Reader 8.0\Reader\AcroRd32.dll Report Id: fa09e84c-5556-11e0-b8d7-001d92f57446

Error - 3/23/2011 10:10:17 AM | Computer Name = VEDA | Source = Application Error | ID = 1000
Description = Faulting application name: AcroRd32.exe, version: 8.1.0.137, time
stamp: 0x46444e37 Faulting module name: AcroRd32.dll, version: 8.1.3.187, time stamp:
0x48f5acd6 Exception code: 0xc0000005 Fault offset: 0x00023772 Faulting process id:
0xb60 Faulting application start time: 0x01cbe96408c28737 Faulting application path:
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe Faulting module path: C:\Program
Files\Adobe\Reader 8.0\Reader\AcroRd32.dll Report Id: 4721994c-5557-11e0-b8d7-001d92f57446

Error - 3/23/2011 11:22:59 AM | Computer Name = VEDA | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 3/23/2011 11:51:31 AM | Computer Name = VEDA | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16722 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f78 Start
Time: 01cbe97208f132bb Termination Time: 16 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 695f955c-5565-11e0-b8d7-001d92f57446

[ Media Center Events ]
Error - 6/9/2009 11:37:39 AM | Computer Name = VEDA | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 4:55:11 PM | Computer Name = VEDA | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 6:52:47 PM | Computer Name = VEDA | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 3/22/2011 9:17:46 PM | Computer Name = VEDA | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/22/2011 9:17:46 PM | Computer Name = VEDA | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/22/2011 9:17:46 PM | Computer Name = VEDA | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/22/2011 9:17:46 PM | Computer Name = VEDA | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/22/2011 9:17:46 PM | Computer Name = VEDA | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/22/2011 9:17:46 PM | Computer Name = VEDA | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/22/2011 9:19:06 PM | Computer Name = VEDA | Source = DCOM | ID = 10005
Description =

Error - 3/22/2011 9:50:48 PM | Computer Name = VEDA | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/22/2011 9:53:31 PM | Computer Name = VEDA | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/23/2011 9:53:04 AM | Computer Name = VEDA | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >

On your question about the performance, it hasn't went to blue-screen in the past 24 hours, but I've still had trouble with Internet Explorer 8. The most frequent problem is still the Google-link redirect, and IE will hang when I try to open a new tab/window and freeze, forcing me to use Task Manager to close it.

And one more issue I neglected to mention: if I have to restart my computer, after I put in my password my desktop will not show, just a black screen with the mouse cursor. This usually forces me to just kill the power and turn it back on, and after that the desktop will load. I really do think it's due to whatever malware/virus I have, because my computer has consistently been pretty fast starting up and this has only started in the past few days.

Hi. :)


On your question about the performance, it hasn't went to blue-screen in the past 24 hours, but I've still had trouble with Internet Explorer 8. The most frequent problem is still the Google-link redirect, and IE will hang when I try to open a new tab/window and freeze, forcing me to use Task Manager to close it.
OK we can repair this if the need, however IE8 has now been superseded by IE9. I have noticed you have the installer for IE9 in your Documents folder, do not take any action with regard to this please for the time being.


And one more issue I neglected to mention: if I have to restart my computer, after I put in my password my desktop will not show, just a black screen with the mouse cursor. This usually forces me to just kill the power and turn it back on, and after that the desktop will load. I really do think it's due to whatever malware/virus I have, because my computer has consistently been pretty fast starting up and this has only started in the past few days.

OK, do you have a copy of the Windows 7 32 Bit Installation DVD in case we need to perform some repairs?

You could also do with some more installed/upgraded RAM also. If you wish to upgrade the installed memory, Crucial (http://www.crucial.com) have a small scanner(CrucialScan.exe) which is perfectly safe to download and run. Which will advise if your system can support any upgraded memory modules. They cater for the US/UK and Europe.

Next:

Now please go to Start(Windows 7 Orb) >> Control Panel >> Programs and Features and remove the following (if present):

Ad-Aware <-- In conflict with McAfee.
Adobe Reader 8.1.3 <-- We will update this in due course.
Adobe Media Player <-- No longer supported, so a security risk.
BitTorrent <-- This will have to go if you want my assistance, read here (http://forums.spybot.info/showthread.php?t=282).
Java(TM) 6 Update 22 <-- We will update this in due course.
ParetoLogic PC Health Advisor <-- Will be of little benefit and may adversely affect a system.
Spybot - Search & Destroy <-- Will hinder the Malware Removal process, you may reinstall when I give the all clear.
WeatherBug Gadget <-- Has undesirable characteristics.

To do so click once on each of the above to highlight and click on Uninstall and follow the prompts.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.


Please go here (http://www.aumha.org/downloads/erunt-setup.exe) and download ERUNT.
ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
Make sure that at least the first two check boxes are selected.
Click on OK
Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Custom OTL Script:

Right-click OTL.exe and select Run as Administrator to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [WinampAgent] File not found
O4 - HKU\S-1-5-21-1983776509-132609297-3775980313-1000..\Run: C:\Program Files\BitTorrent\bittorrent.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O33 - MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\Shell - "" = AutoRun
O33 - MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\Shell\AutoRun\command - "" = K:\Autorun_rlsmm.exe
O33 - MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\Shell\checker\command - "" = K:\TEST\CHECKER.exe
O33 - MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\Shell\dstest\command - "" = K:\TEST\DSTEST.exe
[2011/03/21 20:54:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\{870E601A-FE70-4098-94B2-6E9963FCAA51}
[2011/03/21 20:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/03/21 19:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/21 19:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/03/21 19:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/03/21 19:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2011/03/21 19:16:00 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/03/19 19:41:40 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\ParetoLogic
[2011/03/19 19:41:40 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\DriverCure
[2011/03/19 19:41:29 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2011/03/19 19:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/03/19 19:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/03/19 19:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/03/19 19:40:28 | 005,193,608 | ---- | C] (ParetoLogic Inc.) -- C:\Users\Justin\Documents\ParetoLogic PC Health Advisor.exe
[2011/03/19 17:15:05 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{2CACCC08-4937-447B-AB31-6A501E2DE91B}
[2011/02/22 01:02:19 | 011,708,760 | ---- | C] (Nullsoft, Inc.) -- C:\Users\Justin\Documents\winamp5601_full_emusic-7plus_en-us.exe
[2009/07/13 18:24:44 | 000,361,472 | ---- | C] (Fujitsu Takamisawa Component Limited) -- C:\Users\Justin\AppData\Local\ahafuyip.dll_old.old
[2011/03/22 18:00:01 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/03/21 17:21:49 | 000,000,120 | ---- | M] () -- C:\Users\Justin\AppData\Local\Fmitanahifureqi.dat
[2011/03/21 13:45:59 | 000,012,136 | -HS- | M] () -- C:\ProgramData\02gx6r2l0370v70bm00a6ixv8r8l63551ywf7757812x05i
[2011/03/21 12:17:41 | 000,000,042 | ---- | M] () -- C:\Windows\System32\scud.udf
2011/03/19 19:52:59 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/03/19 19:52:59 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011/03/19 19:52:59 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:63238B95
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:68F4226F

:Files
ipconfig /flushdns /c
C:\Program Files\BitTorrent

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe"=-

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red [b]Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.

Launch the application, Check for Updates >> Perform full scan. <-- Select drives C, D & M
When the scan is complete, click OK, then Show Results to view the results.
Check(select) all items except those in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:


How is your computer performing now, any further symptoms and or problems encountered?
OTL Log from the Custom Script.
Malwarebytes Anti-Malware Log.

OK, do you have a copy of the Windows 7 32 Bit Installation DVD in case we need to perform some repairs?

Yes I do.

I removed all suggested programs (except Weatherbug, for some reason it wasn't listed), and made a backup with ERUNT.

I ran the OTL fix as instructed. The first time, it seemed like OTL had frozen, so I restarted my computer. Upon reboot I started over, and it completed without a problem, and I rebooted when prompted by OTL. But upon restarting and inputting my password, I had the black screen/no icons/no taskbar issue. I cut my computer off and turned it back on, selecting "Run Windows Normally", and it occurred again. On the third time it finally came up and had the log. Also, there is an item on my desktop with the name desktop.ini, was this due to the OTL fix?

After the MBAM reboot, I had no startup issues.

OTL Log from the Custom Script:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1983776509-132609297-3775980313-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent not found.
File C:\Program Files\BitTorrent\bittorrent.exe not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9c4a371-f3a2-11df-bd73-001d92f57446}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9c4a371-f3a2-11df-bd73-001d92f57446}\ not found.
File K:\Autorun_rlsmm.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9c4a371-f3a2-11df-bd73-001d92f57446}\ not found.
File K:\TEST\CHECKER.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9c4a371-f3a2-11df-bd73-001d92f57446}\ not found.
File K:\TEST\DSTEST.exe not found.
Folder C:\ProgramData\{870E601A-FE70-4098-94B2-6E9963FCAA51}\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\ not found.
Folder C:\ProgramData\Spybot - Search & Destroy\ not found.
Folder C:\Program Files\Spybot - Search & Destroy\ not found.
Folder C:\ProgramData\RegCure\ not found.
Folder C:\32788R22FWJFW\ not found.
Folder C:\Users\Justin\AppData\Roaming\ParetoLogic\ not found.
Folder C:\Users\Justin\AppData\Roaming\DriverCure\ not found.
Folder C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic\ not found.
Folder C:\Program Files\Common Files\ParetoLogic\ not found.
Folder C:\Program Files\ParetoLogic\ not found.
Folder C:\ProgramData\ParetoLogic\ not found.
File C:\Users\Justin\Documents\ParetoLogic PC Health Advisor.exe not found.
Folder C:\Users\Justin\AppData\Local\{2CACCC08-4937-447B-AB31-6A501E2DE91B}\ not found.
File C:\Users\Justin\Documents\winamp5601_full_emusic-7plus_en-us.exe not found.
File C:\Users\Justin\AppData\Local\ahafuyip.dll_old.old not found.
File C:\Windows\tasks\ParetoLogic Registration3.job not found.
File C:\Users\Justin\AppData\Local\Fmitanahifureqi.dat not found.
File C:\ProgramData\02gx6r2l0370v70bm00a6ixv8r8l63551ywf7757812x05i not found.
File C:\Windows\System32\scud.udf not found.
File C:\Windows\tasks\PC Health Advisor Defrag.job not found.
File C:\Windows\tasks\PC Health Advisor.job not found.
Unable to delete ADS C:\ProgramData\Temp:63238B95 .
Unable to delete ADS C:\ProgramData\Temp:68F4226F .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Justin\Desktop\cmd.bat deleted successfully.
C:\Users\Justin\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files\BitTorrent not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Justin
->Flash cache emptied: 15775 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Justin
->Temp folder emptied: 251083173 bytes
->Temporary Internet Files folder emptied: 444014376 bytes
->Java cache emptied: 3426635 bytes
->FireFox cache emptied: 22849879 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 22016 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1278273782 bytes
RecycleBin emptied: 6330802708 bytes

Total Files Cleaned = 7,945.00 mb



OTL by OldTimer - Version 3.2.22.3 log created on 03232011_155444

Files\Folders moved on Reboot...
C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OG0124IO\showthread[1].htm moved successfully.
C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6145

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/23/2011 7:16:06 PM
mbam-log-2011-03-23 (19-16-06).txt

Scan type: Full scan (C:\|D:\|M:\|)
Objects scanned: 518403
Time elapsed: 2 hour(s), 54 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\config\systemprofile\AppData\Local\dnu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\rgn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Hi. :)


I removed all suggested programs (except Weatherbug,
OK check this for myself please:-

Right-click a blank area on your Desktop >> and select Gadgets >> if Weatherbug is present click once on it to highlight >> now right-click on Weatherbug and select Uninstall.


Also, there is an item on my desktop with the name desktop.ini, was this due to the OTL fix?
Aye it should disappear when remove OTL via a specific manner.


After the MBAM reboot, I had no startup issues.
Good, however to play it safe/double check please carry out the below and then we will go from there...

Run Windows 7 SRD:

Please boot-up your machine with the Windows 7 DVD...

If not sure how to, a very good tutorial can be read here (http://www.bleepingcomputer.com/tutorials/tutorial161.html).
You will have to answer a few basic questions then select the option Repair your computer
At the the System Recovery Options screen click Windows 7 to highlight then Next>
Now click on/select Startup Repair
If prompted to use System Restore, select Cancel.
The same if prompted to Send information about this problem (recommended), select Don't send.
Click Finish when Startup Repair has completed, remove the SRD disc and then click on Restart
Windows 7 - System File Checker:

You may require your Windows 7 DVD for the below...

Click on Start(Windows 7 Orb).
Click on All Programs >> Accessories
Right click on Command Prompt and select Run as Administrator.
Click on Continue in the UAC prompt.
At the Command Prompt C:\Windows\System32> type in the following exactly:
CD C:\
Then depress the Enter/Return key, then type in the following exactly:
sfc /scannow
Then depress the Enter/Return key.
Note: This may take awhile to finish. When completed close the Administrator Command Prompt window, via typing Exit then depress the Enter/Return key.

Right-click a blank area on your Desktop >> and select Gadgets >> if Weatherbug is present click once on it to highlight >> now right-click on Weatherbug and select Uninstall.

Ah, that did the trick.

Ran Startup Repair and it said that no problems were detected. I'm about to have to go to work, so since you said the System File Checker scan will take awhile, I'll have it run while I'm gone. I'll reply again upon my return and its completion.

Also, will there be a log of some sort that I'll need to provide after the SFC scan?

Hi. :)


Ah, that did the trick.
Good.


Ran Startup Repair and it said that no problems were detected. I'm about to have to go to work, so since you said the System File Checker scan will take awhile, I'll have it run while I'm gone. I'll reply again upon my return and its completion.

OK.


Also, will there be a log of some sort that I'll need to provide after the SFC scan?
There will be one created but I do not actually require to review it persay...If in the event a large ammount of say system files were replaced then yes I would like to review, though you would probably have to send it to a Zip file and then attach.

As it stands merely run the scan and all should be fine etc.

The scan finished. It said that it did not find any integrity violations.

I await your next instructions. :)

Hi. :)


The scan finished. It said that it did not find any integrity violations.

Good.

New Adobe Reader Installation:

Go here (ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.0.1/en_US/) and click on AdbeRdr1001_en_US.exe to download the latest version of Adobe Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.
After the new Reader is installed, Open Adobe Reader X. (Right click and Run as administrator with Windows 7)
OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
New Java Installation:

Click here (http://java.sun.com/javase/downloads/index.jsp) to visit Java's website.
Scroll down to JDK 6 Update 24 (JDK or JRE). Click on Download JRE.
Select Windows from the drop-down list for Platform.
Check (tick) Java SE Runtime Environment 6u24 with JavaFX License Agreement box and click on Continue.
Click on jre-6u24-windows-i586.exe link to download it and save this to a convenient location.
Right-click on jre-6u24-windows-i586.exe and select Run as Administrator to install Java.
Note: During installation de-select the option to install McAfee Security Scan Plus if offered.

Update FireFox:
Launch the browser >> Help >> Check for Updates...
Click on the Update Firefox.
Restart Firefox when prompted.
TFC(Temp File Cleaner):

Please download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop,
Save any unsaved work. TFC will close all open application windows.
Right-click TFC.exe and select Run as Administrator to run the program.
Click the Start button in the bottom left of TFC
If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).

Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here (http://www.eset.co.uk/ThreatCenter/OnlineScanner/) to run the scan.

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on: http://i223.photobucket.com/albums/dd202/Dakeyras_album/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i223.photobucket.com/albums/dd202/Dakeyras_album/EOLS3.gif
The virus signature database... will begin to download. Be patient this may take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i223.photobucket.com/albums/dd202/Dakeyras_album/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
Eset Log.

Completed the updates/installations, as well as the scan.

I haven't had any boot up issues today. IE has still been hanging/freezing when new tabs are opened, though not as often as before. Google links still re-direct to random ad sites/search sites.

ESET Log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=b73b6b1ef4003d4486f0b0459a693d18
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-25 07:00:07
# local_time=2011-03-25 02:00:07 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5121 16777213 100 75 245389 14066634 0 0
# compatibility_mode=5893 16776574 66 94 0 52611229 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=390055
# found=1
# cleaned=0
# scan_time=13172
C:\_OTL\MovedFiles\03232011_154719\C_Users\Justin\AppData\Local\ahafuyip.dll_old.old a variant of Win32/Kryptik.KNA trojan (unable to clean) 00000000000000000000000000000000

Hi. :)


IE has still been hanging/freezing when new tabs are opened, though not as often as before. Google links still re-direct to random ad sites/search sites.
There is a new version of IE now namely IE9 and I advise you update to this when I give the all clear. Anyway for not run the below and let myself know the outcome please...

Reset IE8:

Please download this Microsoft FixIt (http://download.microsoft.com/download/3/1/7/317254BC-6C9D-4532-827A-827041404428/MicrosoftFixit50195.msi) and save it to the desktop.
Double click on MicrosoftFixit50195.exe select I Agree and click on Next.
Follow the on-screen prompts.
You may delete MicrosoftFixit50195.exe when finished and or keep it if any problems in the future with IE8.
Next time IE8 is launched you will be prompted to reapply settings again, this is normal.
Note: Any add-ons will require to be reapplied after the above reset.

Finished with the IE8 Reset. I don't have much time to test, due to having work in a short while, but from what I tried I experienced no trouble opening numerous tabs and windows. Google links still re-direct, though.

Hi. :)


Finished with the IE8 Reset. I don't have much time to test, due to having work in a short while, but from what I tried I experienced no trouble opening numerous tabs and windows. Google links still re-direct, though.
OK run the below for me when able and we will go from there OK. :bigthumb:

Scan With RKUnHooker:


Please Download Rootkit Unhooker (http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE) Save it to your desktop.
Now right-click on RKUnhookerLE.exe and select Run as Administrator to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.
Note: You may get this warning it is ok, just ignore it:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Here's the RKU report. I've attached it as a .zip file, since it was too big to post as a reply, and the report itself was too large to attach.

Hi. :)

Please go to my file submission channel here (http://www.bleepingcomputer.com/submit-malware.php?channel=87).

Next to the box:- Link to topic where this file was requested: Add in the below:-

http://forums.spybot.info/showthread.php?t=61939

Next to the box: Browse to the file you want to submit: click on the Browse... tab and navigate to the below:-

C:\Windows\System32\Drivers\sphz.sys

Then click on the Send File tab. I will be notified when the file has been uploaded and checked.

Next:

Are you using a Router at all?

C:\Windows\System32\Drivers\sphz.sys

I can't seem to find that file. I have my folders set to show hidden files/folders, but when I search through the Drivers folder, I cannot find sphz.sys. I even did a search and it turned up nothing but the RKU Report (since it was mentioned in it).


Are you using a Router at all?

Yes, a Westell router. My computer is connected to it via a wireless USB adapter.

Hi. :)

OK let see if we can locate the file as follows...

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)


Right-click SystemLook.exe select Run as Administrator to run it.
Copy the content of the following codebox into the main textfield:

:filefind
sphz.sys


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Router Advice:

OK at this juncture I think it would be prudent to actually reset your Router and apply a new admin password. If the default password is retained, a remote attacker can install his own server address in between you and your Internet Service Provider. (The default passwords are published). If you go into the router installation routine, you can take a quick look at the IP addresses in the router setup to make sure no extras have been added.

Ensure the NAT(Network Address Translation) Firewall is active. Since a actual Wireless Router, check it is secure....Further information about this can be read here (http://www.practicallynetworked.com/support/wireless_secure.htm). Finally check for any firmware updates.

SystemLook Log:

SystemLook 04.09.10 by jpshortstuff
Log created at 13:15 on 26/03/2011 by Justin
Administrator - Elevation successful

========== filefind ==========

Searching for "sphz.sys"
No files found.

-= EOF =-

And I've completed the recommended Router reset.

Hi. :)

Most strange the file not found though RKUnhooker claims it is there, upon further research it appears to be either Apple and or Intel related. Though never actually come across the driver myself before hence I wanted a check with it. Quite possible is is hidden even with system files revealed etc. Anyway we can come back to this if the need.


And I've completed the recommended Router reset.
Good.

Any further issues? Still search engine redirects?

Any further issues? Still search engine redirects?

Yes, almost every time. And once or twice I've had the browser freeze issue.

Hi. :)


Yes, almost every time. And once or twice I've had the browser freeze issue.
OK, we will check this out further as follows...

Scan with TDSSKiller:

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract (unzip) it to your Desktop.


Right-click on TDSSKiller.exe and select Run as Administrator to launch it.
Click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
To find the log go to Start > Computer > C:
Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!

Scan with aswMBR:

Please download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.

Right-click the aswMBR.exe select Run as Administrator to run it

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswmbrscan.gif

Click the "Scan" button to start scan


http://i1224.photobucket.com/albums/ee362/Essexboy3/aswmbrsavelog.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

Note: There will also be a file on your desktop named MBR.dat(or similar) do not delete this for now it is a actual backup of the MBR(master boot record).

TDSSKiller Log:

2011/03/27 09:24:17.0750 6140 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/27 09:24:18.0249 6140 ================================================================================
2011/03/27 09:24:18.0249 6140 SystemInfo:
2011/03/27 09:24:18.0249 6140
2011/03/27 09:24:18.0249 6140 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/27 09:24:18.0249 6140 Product type: Workstation
2011/03/27 09:24:18.0249 6140 ComputerName: VEDA
2011/03/27 09:24:18.0249 6140 UserName: Justin
2011/03/27 09:24:18.0249 6140 Windows directory: C:\Windows
2011/03/27 09:24:18.0249 6140 System windows directory: C:\Windows
2011/03/27 09:24:18.0249 6140 Processor architecture: Intel x86
2011/03/27 09:24:18.0249 6140 Number of processors: 2
2011/03/27 09:24:18.0249 6140 Page size: 0x1000
2011/03/27 09:24:18.0249 6140 Boot type: Normal boot
2011/03/27 09:24:18.0249 6140 ================================================================================
2011/03/27 09:24:25.0144 6140 Initialize success
2011/03/27 09:24:31.0337 4356 ================================================================================
2011/03/27 09:24:31.0337 4356 Scan started
2011/03/27 09:24:31.0337 4356 Mode: Manual;
2011/03/27 09:24:31.0337 4356 ================================================================================
2011/03/27 09:24:33.0412 4356 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/27 09:24:33.0490 4356 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/27 09:24:33.0521 4356 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/27 09:24:33.0584 4356 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/27 09:24:33.0646 4356 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/27 09:24:33.0693 4356 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/27 09:24:33.0771 4356 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/03/27 09:24:33.0818 4356 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/27 09:24:33.0927 4356 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/03/27 09:24:34.0036 4356 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/27 09:24:34.0098 4356 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/03/27 09:24:34.0161 4356 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/27 09:24:34.0208 4356 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/27 09:24:34.0270 4356 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/27 09:24:34.0379 4356 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/27 09:24:34.0442 4356 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/27 09:24:34.0504 4356 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/27 09:24:34.0535 4356 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/03/27 09:24:34.0644 4356 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/03/27 09:24:34.0707 4356 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/27 09:24:34.0800 4356 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/27 09:24:34.0847 4356 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/27 09:24:34.0988 4356 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/03/27 09:24:35.0066 4356 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/03/27 09:24:35.0175 4356 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/03/27 09:24:35.0315 4356 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/27 09:24:35.0378 4356 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/27 09:24:35.0424 4356 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/27 09:24:35.0487 4356 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/27 09:24:35.0565 4356 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/03/27 09:24:35.0612 4356 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/27 09:24:35.0674 4356 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/27 09:24:35.0721 4356 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/27 09:24:35.0814 4356 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/27 09:24:35.0955 4356 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/27 09:24:36.0017 4356 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/27 09:24:36.0064 4356 cfwids (7e6f7da1c4de5680820f964562548949) C:\Windows\system32\drivers\cfwids.sys
2011/03/27 09:24:36.0251 4356 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/27 09:24:36.0314 4356 CLBStor (cc82215750723d839dbc5d2d625fc130) C:\Windows\system32\drivers\CLBStor.sys
2011/03/27 09:24:36.0423 4356 CLBUDFR (c002f79e6ee9bdf442514435c3d2bcb6) C:\Windows\system32\drivers\CLBUDFR.sys
2011/03/27 09:24:36.0579 4356 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/03/27 09:24:36.0688 4356 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/27 09:24:36.0719 4356 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/27 09:24:36.0766 4356 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/03/27 09:24:36.0813 4356 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/27 09:24:36.0860 4356 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/27 09:24:36.0906 4356 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/27 09:24:37.0078 4356 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/03/27 09:24:37.0140 4356 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/03/27 09:24:37.0187 4356 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/03/27 09:24:37.0296 4356 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
2011/03/27 09:24:37.0359 4356 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/03/27 09:24:37.0390 4356 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/03/27 09:24:37.0468 4356 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/03/27 09:24:37.0530 4356 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/27 09:24:37.0718 4356 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/03/27 09:24:37.0998 4356 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/27 09:24:38.0061 4356 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/27 09:24:38.0154 4356 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/03/27 09:24:38.0186 4356 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/03/27 09:24:38.0279 4356 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/27 09:24:38.0326 4356 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/03/27 09:24:38.0404 4356 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/03/27 09:24:38.0466 4356 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/27 09:24:38.0529 4356 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/03/27 09:24:38.0591 4356 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/03/27 09:24:38.0669 4356 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/27 09:24:38.0747 4356 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/27 09:24:38.0966 4356 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/27 09:24:39.0028 4356 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/03/27 09:24:39.0200 4356 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/27 09:24:39.0262 4356 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/27 09:24:39.0309 4356 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/27 09:24:39.0356 4356 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/27 09:24:39.0434 4356 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/27 09:24:39.0558 4356 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/27 09:24:39.0761 4356 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/27 09:24:39.0855 4356 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/03/27 09:24:39.0933 4356 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/27 09:24:39.0980 4356 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/27 09:24:40.0104 4356 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/27 09:24:40.0323 4356 igfx (c4097c4f60b7603b77e36715663d56eb) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/27 09:24:40.0619 4356 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/27 09:24:40.0822 4356 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/27 09:24:40.0978 4356 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/27 09:24:41.0025 4356 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/27 09:24:41.0072 4356 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/27 09:24:41.0150 4356 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/27 09:24:41.0212 4356 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/03/27 09:24:41.0306 4356 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/03/27 09:24:41.0352 4356 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/27 09:24:41.0399 4356 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/27 09:24:41.0524 4356 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/27 09:24:41.0586 4356 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/27 09:24:41.0618 4356 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/27 09:24:41.0711 4356 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/27 09:24:42.0086 4356 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/27 09:24:42.0148 4356 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/27 09:24:42.0210 4356 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/27 09:24:42.0273 4356 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/27 09:24:42.0320 4356 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/27 09:24:42.0366 4356 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/03/27 09:24:42.0554 4356 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/27 09:24:42.0616 4356 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/27 09:24:42.0678 4356 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\Windows\system32\drivers\mfeapfk.sys
2011/03/27 09:24:42.0756 4356 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\Windows\system32\drivers\mfeavfk.sys
2011/03/27 09:24:42.0959 4356 mfebopk (19161b1796cf74a6a326abde309062ba) C:\Windows\system32\drivers\mfebopk.sys
2011/03/27 09:24:43.0053 4356 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\Windows\system32\drivers\mfefirek.sys
2011/03/27 09:24:43.0146 4356 mfehidk (0efab2b91b27543fe589de700de07136) C:\Windows\system32\drivers\mfehidk.sys
2011/03/27 09:24:43.0318 4356 mfenlfk (b4022e16569bbd1a85e68e7e78e68880) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/03/27 09:24:43.0474 4356 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\Windows\system32\drivers\mferkdet.sys
2011/03/27 09:24:43.0661 4356 mfewfpk (183f32c79d1693170df3baecec611125) C:\Windows\system32\drivers\mfewfpk.sys
2011/03/27 09:24:43.0864 4356 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/03/27 09:24:43.0942 4356 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/27 09:24:43.0989 4356 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/27 09:24:44.0082 4356 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/27 09:24:44.0129 4356 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/03/27 09:24:44.0160 4356 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/27 09:24:44.0192 4356 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/27 09:24:44.0285 4356 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/03/27 09:24:44.0363 4356 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/27 09:24:44.0504 4356 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/27 09:24:44.0691 4356 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/27 09:24:44.0894 4356 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/27 09:24:44.0956 4356 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/27 09:24:45.0034 4356 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/03/27 09:24:45.0065 4356 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/27 09:24:45.0128 4356 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/27 09:24:45.0252 4356 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/27 09:24:45.0315 4356 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/27 09:24:45.0362 4356 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/03/27 09:24:45.0424 4356 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/03/27 09:24:45.0486 4356 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/27 09:24:45.0518 4356 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/03/27 09:24:45.0580 4356 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/27 09:24:45.0627 4356 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/03/27 09:24:45.0736 4356 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/27 09:24:45.0798 4356 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/03/27 09:24:45.0845 4356 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/27 09:24:45.0908 4356 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/27 09:24:45.0954 4356 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/27 09:24:46.0017 4356 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/27 09:24:46.0064 4356 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/03/27 09:24:46.0157 4356 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/27 09:24:46.0204 4356 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/27 09:24:46.0313 4356 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/27 09:24:46.0469 4356 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/03/27 09:24:46.0516 4356 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/27 09:24:46.0610 4356 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/03/27 09:24:46.0750 4356 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/03/27 09:24:46.0859 4356 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/27 09:24:46.0890 4356 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/27 09:24:46.0984 4356 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/27 09:24:47.0046 4356 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/27 09:24:47.0171 4356 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/03/27 09:24:47.0218 4356 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/03/27 09:24:47.0280 4356 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/03/27 09:24:47.0390 4356 PCD5SRVC{BD6912E3-AC9D80E8-05040000} (77a76c2da7c9431024b299ef7700dd4f) C:\Program Files\PC-Doctor 5 for Windows\pcd5srvc.pkms
2011/03/27 09:24:47.0748 4356 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/03/27 09:24:47.0811 4356 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/27 09:24:47.0873 4356 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/27 09:24:47.0936 4356 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/03/27 09:24:47.0982 4356 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys
2011/03/27 09:24:48.0138 4356 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/03/27 09:24:48.0279 4356 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/27 09:24:48.0326 4356 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/03/27 09:24:48.0450 4356 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/27 09:24:48.0544 4356 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/27 09:24:48.0747 4356 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/27 09:24:48.0825 4356 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/27 09:24:48.0856 4356 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/27 09:24:48.0965 4356 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/27 09:24:49.0043 4356 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/27 09:24:49.0152 4356 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/27 09:24:49.0246 4356 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/27 09:24:49.0308 4356 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/27 09:24:49.0386 4356 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/27 09:24:49.0418 4356 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/27 09:24:49.0542 4356 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/27 09:24:49.0589 4356 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/27 09:24:49.0636 4356 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/03/27 09:24:49.0792 4356 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/03/27 09:24:49.0917 4356 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/27 09:24:49.0979 4356 RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/03/27 09:24:50.0182 4356 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/27 09:24:50.0229 4356 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/27 09:24:50.0276 4356 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/27 09:24:50.0385 4356 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/27 09:24:50.0432 4356 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/03/27 09:24:50.0494 4356 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/27 09:24:50.0556 4356 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/27 09:24:50.0603 4356 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/27 09:24:50.0666 4356 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/27 09:24:50.0728 4356 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/27 09:24:50.0822 4356 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/03/27 09:24:50.0884 4356 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/27 09:24:50.0946 4356 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/27 09:24:50.0993 4356 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/03/27 09:24:51.0071 4356 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/03/27 09:24:51.0149 4356 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/03/27 09:24:51.0149 4356 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/03/27 09:24:51.0149 4356 sptd - detected Locked file (1)
2011/03/27 09:24:51.0243 4356 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/27 09:24:51.0383 4356 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/27 09:24:51.0492 4356 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/27 09:24:51.0711 4356 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/27 09:24:51.0820 4356 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/27 09:24:51.0929 4356 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/03/27 09:24:52.0194 4356 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/27 09:24:52.0288 4356 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/27 09:24:52.0553 4356 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/03/27 09:24:52.0600 4356 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/03/27 09:24:52.0694 4356 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/27 09:24:52.0725 4356 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/27 09:24:52.0896 4356 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/27 09:24:52.0974 4356 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/27 09:24:53.0037 4356 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\Windows\system32\DRIVERS\TVICHW32.SYS
2011/03/27 09:24:53.0130 4356 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/27 09:24:53.0193 4356 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/27 09:24:53.0271 4356 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/27 09:24:53.0333 4356 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/27 09:24:53.0380 4356 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/27 09:24:53.0474 4356 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/03/27 09:24:53.0614 4356 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/27 09:24:53.0661 4356 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/27 09:24:53.0723 4356 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/27 09:24:53.0786 4356 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/27 09:24:53.0864 4356 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/27 09:24:53.0910 4356 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/27 09:24:53.0988 4356 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/27 09:24:54.0051 4356 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/27 09:24:54.0113 4356 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/27 09:24:54.0176 4356 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/27 09:24:54.0285 4356 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/27 09:24:54.0332 4356 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/03/27 09:24:54.0425 4356 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/27 09:24:54.0534 4356 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/03/27 09:24:54.0628 4356 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/03/27 09:24:54.0690 4356 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/27 09:24:54.0768 4356 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/27 09:24:54.0924 4356 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/03/27 09:24:54.0987 4356 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/27 09:24:55.0112 4356 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/27 09:24:55.0221 4356 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
2011/03/27 09:24:55.0299 4356 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/03/27 09:24:55.0392 4356 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/03/27 09:24:55.0455 4356 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/27 09:24:55.0502 4356 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/27 09:24:55.0533 4356 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/27 09:24:55.0767 4356 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/03/27 09:24:55.0860 4356 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/27 09:24:56.0048 4356 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/27 09:24:56.0094 4356 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/03/27 09:24:56.0172 4356 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/03/27 09:24:56.0313 4356 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/03/27 09:24:56.0391 4356 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/27 09:24:56.0578 4356 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/27 09:24:56.0656 4356 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/03/27 09:24:56.0874 4356 XG762_VS (be701d39fb0543083ddf74227638bcf3) C:\Windows\system32\DRIVERS\WlanGZG.sys
2011/03/27 09:24:57.0030 4356 ZY202_XP (6d0b121fe665626d266678ea97c75622) C:\Windows\system32\DRIVERS\WlanUZXP.sys
2011/03/27 09:24:57.0233 4356 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD\000.fcl
2011/03/27 09:24:58.0450 4356 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/27 09:24:58.0497 4356 ================================================================================
2011/03/27 09:24:58.0497 4356 Scan finished
2011/03/27 09:24:58.0497 4356 ================================================================================
2011/03/27 09:24:58.0512 4292 Detected object count: 2
2011/03/27 09:25:14.0066 4292 Locked file(sptd) - User select action: Skip
2011/03/27 09:25:14.0081 4292 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Skip

aswMBR Log:

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-03-27 09:26:59
-----------------------------
09:26:59.623 OS Version: Windows 6.1.7600
09:26:59.623 Number of processors: 2 586 0xF0D
09:26:59.623 ComputerName: VEDA UserName:
09:27:00.856 Initialize success
09:27:12.915 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0
09:27:12.915 Disk 0 Vendor: ST3360320AS 3.CHN Size: 343399MB BusType: 3
09:27:12.930 Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3360320AS_____________________________3.CHN___#5&2aa567a1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
09:27:14.943 Disk 0 MBR read successfully
09:27:14.943 Disk 0 MBR scan
09:27:14.943 Disk 0 TDL4@MBR code has been found
09:27:14.958 Disk 0 MBR hidden
09:27:14.958 Disk 0 MBR [TDL4] **ROOTKIT**
09:27:14.974 Disk 0 trace - called modules:
09:27:14.974 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x868e6439]<<
09:27:14.989 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868c7030]
09:27:14.989 3 CLASSPNP.SYS[899bd59e] -> nt!IofCallDriver -> [0x86764918]
09:27:14.989 5 ACPI.sys[83bbc3b2] -> nt!IofCallDriver -> \IdeDeviceP0T0L0-0[0x86798908]
09:27:15.005 \Driver\atapi[0x868c9358] -> IRP_MJ_CREATE -> 0x868e6439
09:27:15.520 Scan finished successfully

Hi. :)

As a precaution move the MBR.dat(or similar) that aswMBR created to a form of removable storage media.

Re-scan with aswMBR:


Right-click the aswMBR.exe select Run as Administrator to run it
Click the Scan button to start the scan.
On completion of the scan, click the Fix MBR button.
When the Fix MBR process has completed, please save the log file, to your desktop, as you did before.
Copy and paste the contents of the log file in your next reply.
Next:

Please reboot your machine and let myself know if any further issues? Still search engine redirects?

After the reboot, I didn't have any search link re-directs. I tried clicking about 10 different links and they all went where they were supposed to.

aswMBR Log #2:

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-03-27 13:33:06
-----------------------------
13:33:06.722 OS Version: Windows 6.1.7600
13:33:06.722 Number of processors: 2 586 0xF0D
13:33:06.722 ComputerName: VEDA UserName:
13:33:10.450 Initialize success
13:33:13.196 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0
13:33:13.196 Disk 0 Vendor: ST3360320AS 3.CHN Size: 343399MB BusType: 3
13:33:13.211 Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3360320AS_____________________________3.CHN___#5&2aa567a1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
13:33:15.239 Disk 0 MBR read successfully
13:33:15.239 Disk 0 MBR scan
13:33:15.239 Disk 0 TDL4@MBR code has been found
13:33:15.255 Disk 0 MBR hidden
13:33:15.255 Disk 0 MBR [TDL4] **ROOTKIT**
13:33:15.271 Disk 0 trace - called modules:
13:33:15.271 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x868e5439]<<
13:33:15.286 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868c7030]
13:33:15.286 3 CLASSPNP.SYS[83f8c59e] -> nt!IofCallDriver -> [0x8675f918]
13:33:15.286 5 ACPI.sys[83bbc3b2] -> nt!IofCallDriver -> \IdeDeviceP0T0L0-0[0x85ab0630]
13:33:15.302 \Driver\atapi[0x868c7638] -> IRP_MJ_CREATE -> 0x868e5439
13:33:15.817 Scan finished successfully
13:34:15.892 Disk 0 fixing MBR
13:34:25.923 Disk 0 MBR restored successfully
13:34:25.923 Infection fixed successfully - please reboot ASAP

Hi. :)


After the reboot, I didn't have any search link re-directs. I tried clicking about 10 different links and they all went where they were supposed to.
Good, please re-run TFC(Temp File Cleaner) again as outlined here (http://forums.spybot.info/showpost.php?p=398757&postcount=16).

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.

Launch the application, Check for Updates >> Perform quick scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
Malwarebytes Anti-Malware Log.

How is your computer performing now, any further symptoms and or problems encountered?

I have had no more problems since the last aswMBR scan.

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6187

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/27/2011 6:43:34 PM
mbam-log-2011-03-27 (18-43-34).txt

Scan type: Quick scan
Objects scanned: 154201
Time elapsed: 5 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi. :)


I have had no more problems since the last aswMBR scan.
Good. After completing my below instructions/advice it would be prudent to use the installer you have for IE9 and install the browser. Also if not aware Service Pack One for Windows 7 is now available, you should be able to download and install it via Windows Update and or you could get it from here (http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c3202ce6-4056-4059-8a1b-3a9b77cdfdda).

Before actually installing the Service Pack it would be prudent to backup your system and temp' disable any security related applications before doing so as a precaution. The reason I am advising both of the aforementioned upgrades is these will increase the overall security of your machine whilst used online etc.

Next:

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow! (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html)

Also so is this:

What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)

Reset SR Points/Clean up with OTL:

Right-click OTL and select Run as Administrator to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[ClearAllRestorePoints]
Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered. When finished click on OK and close the log that appears.
Note: I do not need to review the log produced.
Now close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, depress the CleanUp button.
Say Yes to the prompt and then allow the program to reboot your computer.
The above process will flush old System Restore points and create a new clean one. It should also clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed security application, McAfee AntiVirus Plus automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:


Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
In the navigation pane, click Check for updates.
After Windows Update has finished checking for updates, click View available updates.
Click to select the check box for any found, then click Install.
When completed Reboot(restart) your computer if not prompted to do so.
Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge (http://sourceforge.net/) or Pricelessware (http://www.pricelesswarehome.org/).

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript (http://www.symantec.com/avcenter/noscript.exe) by Symantec or Script Defender (http://www.analogx.com/contents/download/system/sdefend.htm) by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:


hpHosts (http://hosts-file.net/?s=Download)
MVPS Hosts File (http://www.mvps.org/winhelp2002/hosts.htm)

Only use one of the above!

Install WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here (http://www.winpatrol.com/download.html).

You can find information about how WinPatrol works here (http://www.winpatrol.com/features.html).

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center (http://www.microsoft.com/security/default.aspx)

Any questions? Feel free to ask, if not stay safe!

No questions. Thank you very much for your assistance :)

You're welcome! :)

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.