Jump to content


Photo
- - - - -

internet explorer gets redirected to harmfull website


  • Please log in to reply
19 replies to this topic

#1 dirtybagtwb

dirtybagtwb

    Member

  • Members
  • PipPipPip
  • 75 posts

Posted 01 January 2012 - 03:24 PM

been having display issues lately even after a driver update.recently i noticed my AV has been blocking a website during my internet browsing that doesnt allow me to access certain websites here is the website in question http://banners.ero-a...g.com/banad...i have tried to run the hijack this log but for some reason it cannot find the log in question.any help u can offer is greatly appreciated.i will try to update this thread as i find out more info..
update: i found the hijack this log.. but it seems to be blank.

#2 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,235 posts

Posted 01 January 2012 - 08:19 PM

Let's take a closer look please:
Download OTL.exe by OldTimer to your Desktop.
  • Double click on OTL.exe to run it
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#3 dirtybagtwb

dirtybagtwb

    Member

  • Members
  • PipPipPip
  • 75 posts

Posted 01 January 2012 - 08:31 PM

[quote name='guestolo' timestamp='1325470744' post='480605']
Let's take a closer look please:
Download OTL.exe by OldTimer to your Desktop.
  • Double click on OTL.exe to run it
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
your not going to believe this but when i click on the OTL link it takes me to that same harmfull website... any other suggestions?

#4 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,235 posts

Posted 01 January 2012 - 08:45 PM

To MediaFire, I've uploaded OTl.exe, I've renamed it to twb.com
Save twb.com to your desktop and then try running it please

http://www.mediafire...fy0h70y/twb.com

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#5 dirtybagtwb

dirtybagtwb

    Member

  • Members
  • PipPipPip
  • 75 posts

Posted 01 January 2012 - 11:03 PM

To MediaFire, I've uploaded OTl.exe, I've renamed it to twb.com
Save twb.com to your desktop and then try running it please

http://www.mediafire...fy0h70y/twb.com

k.. here is the log....
OTL logfile created on: 1/1/2012 7:59:19 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dirtbag\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 4.46 Gb Available Physical Memory | 55.92% Memory free
15.96 Gb Paging File | 11.54 Gb Available in Paging File | 72.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 817.21 Gb Free Space | 87.74% Space Free | Partition Type: NTFS
Drive E: | 14.90 Gb Total Space | 6.07 Gb Free Space | 40.72% Space Free | Partition Type: FAT32

Computer Name: DIRTBAG-PC | User Name: Dirtbag | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/01 19:58:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dirtbag\Desktop\twb.com
PRC - [2011/12/08 18:03:17 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/12/02 12:09:58 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/23 20:12:43 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/11/08 20:47:49 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsav32.exe
PRC - [2011/09/08 19:28:36 | 001,008,296 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fssm32.exe
PRC - [2011/09/08 19:28:36 | 000,512,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32.exe
PRC - [2011/08/01 21:37:19 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/07/31 18:36:12 | 025,454,448 | ---- | M] (Phoenix Viewer) -- C:\Program Files (x86)\Phoenix Viewer\PhoenixViewer.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/23 15:06:03 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\ORSP Client\fsorsp.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/01/07 17:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/11/18 07:08:32 | 000,201,128 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSM32.EXE
PRC - [2009/11/18 07:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSMA32.EXE
PRC - [2009/11/18 07:08:32 | 000,090,536 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSHDLL32.EXE
PRC - [2009/11/18 07:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32st.exe
PRC - [2009/09/06 04:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/03/09 11:34:10 | 000,946,176 | ---- | M] () -- C:\Program Files (x86)\Phoenix Viewer\SLVoice.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/08 18:03:17 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/12/08 18:03:16 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/12/08 18:03:16 | 000,194,344 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/12/08 18:03:16 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/12/08 18:03:16 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011/07/31 18:35:00 | 000,761,856 | ---- | M] () -- C:\Program Files (x86)\Phoenix Viewer\llcommon.dll
MOD - [2011/07/31 18:08:36 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Phoenix Viewer\lgggrowl.dll
MOD - [2011/07/31 18:08:36 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Phoenix Viewer\lgggrowl++.dll
MOD - [2009/11/18 07:08:42 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSPC\fspcfsm.eng
MOD - [2009/11/18 07:07:10 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\strres.eng
MOD - [2009/11/18 07:07:02 | 000,553,384 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\gres.dll
MOD - [2009/11/18 07:06:54 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\fsavures.eng
MOD - [2009/11/18 07:06:52 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\flyerres.eng
MOD - [2009/11/18 07:06:40 | 000,090,536 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\aboutres.dll
MOD - [2009/11/18 07:06:36 | 000,442,792 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\about.dll
MOD - [2009/03/09 11:34:10 | 000,946,176 | ---- | M] () -- C:\Program Files (x86)\Phoenix Viewer\SLVoice.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 16:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 16:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/12/08 18:03:17 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/23 15:06:03 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/26 21:11:49 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/07 17:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/11/18 07:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\GCI Security Guard\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/11/18 07:07:30 | 000,846,248 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/11/18 07:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/09/06 04:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 12:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/22 17:57:44 | 000,050,384 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2011/03/10 21:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 21:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/28 10:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/08 16:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/12/08 16:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/20 18:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 18:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 18:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 18:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 14:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/10/19 14:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel«
DRV:64bit: - [2010/05/19 20:03:11 | 000,105,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/11/18 07:07:30 | 000,094,024 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2009/07/13 16:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 16:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 16:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 11:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 11:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 11:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 11:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 11:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/16 01:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2011/09/08 19:29:22 | 000,198,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/11/18 07:08:18 | 000,059,784 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\GCI Security Guard\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/11/18 07:06:22 | 000,016,768 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009/07/13 16:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Dirtbag\Pictures\Dirts Pics\September
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\GCI Security Guard\NRS\[email protected] [2011/12/07 15:57:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/02 12:10:05 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 12:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\GCI Security Guard\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\GCI Security Guard\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\GCI Security Guard\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\GCI Security Guard\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.165.131.12 209.165.131.13 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{789799E2-36E5-4239-976F-F680D938537A}: DhcpNameServer = 209.165.131.12 209.165.131.13 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/01 19:58:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dirtbag\Desktop\twb.com
[2012/01/01 12:16:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/01/01 12:16:39 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/31 13:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/12/29 18:51:56 | 002,560,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2011/12/28 15:20:58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/26 22:18:04 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Roaming\Firestorm
[2011/12/26 22:18:02 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Local\Firestorm
[2011/12/26 22:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm-Release
[2011/12/26 22:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firestorm-Release
[2011/12/26 22:11:21 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Local\SecondLife
[2011/12/26 17:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2011/12/26 17:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/12/26 17:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2011/12/14 23:29:58 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/14 23:29:58 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/14 23:29:57 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/14 23:29:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/14 23:29:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/14 23:29:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/14 23:29:56 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/14 23:29:56 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/14 23:29:56 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/14 23:29:56 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/14 23:29:56 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/14 20:23:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 20:23:23 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 20:23:23 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/09/25 16:56:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2010/02/03 20:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll

========== Files - Modified Within 30 Days ==========

[2012/01/01 19:58:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dirtbag\Desktop\twb.com
[2012/01/01 19:40:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/01 12:16:39 | 000,002,985 | ---- | M] () -- C:\Users\Dirtbag\Desktop\HiJackThis.lnk
[2012/01/01 11:53:27 | 000,025,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/01 11:53:27 | 000,025,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/01 11:52:16 | 000,725,056 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/01 11:52:16 | 000,622,250 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/01 11:52:16 | 000,106,740 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/01 11:46:42 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/01 11:46:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/01 11:46:16 | 2132,865,023 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/01 04:01:25 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2011/12/29 22:12:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/12/29 18:43:30 | 547,740,408 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/26 22:17:59 | 000,001,315 | ---- | M] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2011/12/26 17:28:05 | 000,001,453 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/12/15 19:57:49 | 000,271,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/12 20:19:47 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\Phoenix Viewer.lnk
[2011/12/07 15:49:05 | 000,005,120 | ---- | M] () -- C:\Users\Dirtbag\AppData\Local\Databases.db

========== Files Created - No Company Name ==========

[2012/01/01 12:16:39 | 000,002,985 | ---- | C] () -- C:\Users\Dirtbag\Desktop\HiJackThis.lnk
[2011/12/29 22:12:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/12/28 15:20:57 | 547,740,408 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/26 22:17:59 | 000,001,315 | ---- | C] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2011/12/26 17:28:05 | 000,001,453 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/08/31 13:29:00 | 004,023,808 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011/07/18 20:24:45 | 000,005,120 | ---- | C] () -- C:\Users\Dirtbag\AppData\Local\Databases.db
[2011/07/12 15:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/06/17 05:26:10 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/17 05:17:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/22 17:21:35 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2011/04/22 17:21:24 | 000,739,068 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/20 07:45:15 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2011/04/20 07:35:11 | 000,035,934 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/04/20 07:31:12 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/04/20 07:31:01 | 000,024,353 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/01/04 13:28:18 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/13 20:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 17:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 17:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 15:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 14:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 12:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 12:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 03:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/02/05 16:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

< End of report >

OTL Extras logfile created on: 1/1/2012 7:59:19 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dirtbag\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 4.46 Gb Available Physical Memory | 55.92% Memory free
15.96 Gb Paging File | 11.54 Gb Available in Paging File | 72.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 817.21 Gb Free Space | 87.74% Space Free | Partition Type: NTFS
Drive E: | 14.90 Gb Total Space | 6.07 Gb Free Space | 40.72% Space Free | Partition Type: FAT32

Computer Name: DIRTBAG-PC | User Name: Dirtbag | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 29
"{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1" = Phoenix Viewer 1.5.2.1185
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{395A57A6-E0E1-C599-3A28-19A96682B4C6}" = Adobe Photoshop.com Inspiration Browser
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{E14D6A39-96CA-44DF-9FC7-EB17BC9E2F73}" = Photosynth 2.0110.0317.1042
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Cisco Connect" = Cisco Connect
"Firestorm-Release" = Firestorm-Release (remove only)
"F-Secure Product 430" = GCI Security Guard
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"RealPlayer 15.0" = RealPlayer
"Runic Games Torchlight" = Torchlight
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 39160" = Dungeon Siege III
"Steam App 440" = Team Fortress 2
"Steam App 57710" = Dungeons - Demo
"Warzone 2100" = Warzone 2100
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/19/2011 5:43:07 PM | Computer Name = Dirtbag-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/19/2011 8:46:58 PM | Computer Name = Dirtbag-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: SRCHBXEX.dll, version: 1.2.123.0, time
stamp: 0x496e977c Exception code: 0xc0000005 Fault offset: 0x00007d0f Faulting process
id: 0x126c Faulting application start time: 0x01ccbeae81cd9c8a Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SRCHBXEX.dll
Report
Id: 1e77f052-2aa4-11e1-9cb7-f46d0492a459

Error - 12/20/2011 3:43:38 PM | Computer Name = Dirtbag-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/20/2011 4:35:37 PM | Computer Name = Dirtbag-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 12/20/2011 4:35:56 PM | Computer Name = Dirtbag-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\Steam\steamapps\common\total
war shogun 2\benchmarks\benchmark_output.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/20/2011 4:35:57 PM | Computer Name = Dirtbag-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\Steam\steamapps\common\total
war shogun 2\redist\flashsecurity.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/20/2011 4:35:57 PM | Computer Name = Dirtbag-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\Steam\steamapps\common\total
war shogun 2\redist\flashsecurity1.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/20/2011 4:36:03 PM | Computer Name = Dirtbag-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 12/20/2011 4:36:12 PM | Computer Name = Dirtbag-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 12/21/2011 1:12:45 AM | Computer Name = Dirtbag-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 12/19/2011 5:41:23 PM | Computer Name = Dirtbag-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
FSES

Error - 12/20/2011 3:41:55 PM | Computer Name = Dirtbag-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
FSES

Error - 12/21/2011 1:10:58 AM | Computer Name = Dirtbag-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:22:46 PM on ?12/?20/?2011 was unexpected.

Error - 12/21/2011 1:11:03 AM | Computer Name = Dirtbag-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
FSES

Error - 12/22/2011 1:03:44 AM | Computer Name = Dirtbag-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
FSES

Error - 12/23/2011 1:55:52 AM | Computer Name = Dirtbag-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
FSES

Error - 12/23/2011 2:47:37 PM | Computer Name = Dirtbag-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
FSES

Error - 12/24/2011 5:22:42 PM | Computer Name = Dirtbag-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
FSES

Error - 12/25/2011 11:36:47 PM | Computer Name = Dirtbag-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
FSES

Error - 12/26/2011 10:21:54 PM | Computer Name = Dirtbag-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
FSES


< End of report >

#6 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,235 posts

Posted 02 January 2012 - 12:11 AM

Can you do the following:
If it's possible to temporarily disable the protection software from F-Secure, can you do so, so as not to have it interfere with the following

Right click on OTL.exe(twb.com) and select to "Run as Administrator" then Run it
  • Under the Custom Scans/Fixes box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please

    :OTL
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    :Files
    ipconfig /flushdns /c
    :Commands
    [resethosts]
    [EmptyFlash]
    [EmptyTemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

Let me know if there is any improvement please

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#7 dirtybagtwb

dirtybagtwb

    Member

  • Members
  • PipPipPip
  • 75 posts

Posted 02 January 2012 - 02:05 AM

Can you do the following:
If it's possible to temporarily disable the protection software from F-Secure, can you do so, so as not to have it interfere with the following

Right click on OTL.exe(twb.com) and select to "Run as Administrator" then Run it

  • Under the Custom Scans/Fixes box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

Let me know if there is any improvement please

for some reason when i right click as u ask i dont have that option in the menu.unless i am doing something wrong.i was however able to disable F-secure and can run other programs on my desktop as administrator but not twb.

#8 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,235 posts

Posted 02 January 2012 - 02:10 AM

Just double click on it and run it, allow to run if prompted by Windows

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#9 dirtybagtwb

dirtybagtwb

    Member

  • Members
  • PipPipPip
  • 75 posts

Posted 02 January 2012 - 02:58 AM

Just double click on it and run it, allow to run if prompted by Windows



ok i was able to run it and adAll processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File sethosts] not found.
File ptyFlash] not found.
File ptyTemp] not found.

OTL by OldTimer - Version 3.2.31.0 log created on 01012012_235226

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
i was able to run the fix here is the log,please let me know if u need new twb logs as well.i will check out my interent browsing and let u know if it helped,thank u

UPDATE:it didnt help,still redirected to harmfull website,any other suggestions,just in case it will help here is a new set of TWB logs too.
OTL logfile created on: 1/2/2012 12:03:06 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dirtbag\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.31 Gb Available Physical Memory | 79.11% Memory free
15.96 Gb Paging File | 14.14 Gb Available in Paging File | 88.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 817.10 Gb Free Space | 87.73% Space Free | Partition Type: NTFS
Drive E: | 14.90 Gb Total Space | 6.07 Gb Free Space | 40.72% Space Free | Partition Type: FAT32

Computer Name: DIRTBAG-PC | User Name: Dirtbag | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/01 19:58:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dirtbag\Desktop\twb.com
PRC - [2011/12/08 18:03:17 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/12/02 12:09:58 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/23 20:12:43 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/11/08 20:47:49 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsav32.exe
PRC - [2011/09/08 19:28:36 | 001,008,296 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fssm32.exe
PRC - [2011/09/08 19:28:36 | 000,512,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32.exe
PRC - [2011/08/01 21:37:19 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/23 15:06:03 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\ORSP Client\fsorsp.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/01/07 17:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/11/18 07:08:32 | 000,201,128 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSM32.EXE
PRC - [2009/11/18 07:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSMA32.EXE
PRC - [2009/11/18 07:08:32 | 000,090,536 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSHDLL32.EXE
PRC - [2009/11/18 07:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32st.exe
PRC - [2009/09/06 04:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/08 18:03:17 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/12/08 18:03:16 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/12/08 18:03:16 | 000,194,344 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/12/08 18:03:16 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/12/08 18:03:16 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2009/11/18 07:08:42 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSPC\fspcfsm.eng
MOD - [2009/11/18 07:07:10 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\strres.eng
MOD - [2009/11/18 07:07:02 | 000,553,384 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\gres.dll
MOD - [2009/11/18 07:06:54 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\fsavures.eng
MOD - [2009/11/18 07:06:52 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\flyerres.eng
MOD - [2009/11/18 07:06:40 | 000,090,536 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\aboutres.dll
MOD - [2009/11/18 07:06:36 | 000,442,792 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\about.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 16:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 16:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/12/08 18:03:17 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/23 15:06:03 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/26 21:11:49 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/07 17:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/11/18 07:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\GCI Security Guard\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/11/18 07:07:30 | 000,846,248 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/11/18 07:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/09/06 04:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 12:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/22 17:57:44 | 000,050,384 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2011/03/10 21:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 21:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/28 10:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/08 16:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/12/08 16:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/20 18:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 18:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 18:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 18:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 14:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/10/19 14:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/05/19 20:03:11 | 000,105,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/11/18 07:07:30 | 000,094,024 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2009/07/13 16:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 16:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 16:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 11:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 11:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 11:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 11:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 11:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/16 01:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2011/09/08 19:29:22 | 000,198,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/11/18 07:08:18 | 000,059,784 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\GCI Security Guard\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/11/18 07:06:22 | 000,016,768 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009/07/13 16:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Dirtbag\Pictures\Dirts Pics\September
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\GCI Security Guard\NRS\[email protected] [2011/12/07 15:57:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/02 12:10:05 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 12:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\GCI Security Guard\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\GCI Security Guard\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\GCI Security Guard\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\GCI Security Guard\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.165.131.12 209.165.131.13 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{789799E2-36E5-4239-976F-F680D938537A}: DhcpNameServer = 209.165.131.12 209.165.131.13 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/01 23:52:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/01 19:58:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dirtbag\Desktop\twb.com
[2012/01/01 12:16:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/01/01 12:16:39 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/31 13:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/12/29 18:51:56 | 002,560,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2011/12/28 15:20:58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/26 22:18:04 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Roaming\Firestorm
[2011/12/26 22:18:02 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Local\Firestorm
[2011/12/26 22:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm-Release
[2011/12/26 22:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firestorm-Release
[2011/12/26 22:11:21 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Local\SecondLife
[2011/12/26 17:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2011/12/26 17:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/12/26 17:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2011/12/14 23:29:58 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/14 23:29:58 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/14 23:29:57 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/14 23:29:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/14 23:29:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/14 23:29:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/14 23:29:56 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/14 23:29:56 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/14 23:29:56 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/14 23:29:56 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/14 23:29:56 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/14 20:23:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 20:23:23 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 20:23:23 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/09/25 16:56:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2010/02/03 20:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll

========== Files - Modified Within 30 Days ==========

[2012/01/02 00:00:35 | 000,025,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 00:00:35 | 000,025,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 00:00:24 | 000,725,056 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/02 00:00:24 | 000,622,250 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/02 00:00:24 | 000,106,740 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/01 23:53:42 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/01 23:53:30 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2012/01/01 23:53:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/01 23:53:22 | 2132,865,023 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/01 23:40:03 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/01 19:58:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dirtbag\Desktop\twb.com
[2012/01/01 12:16:39 | 000,002,985 | ---- | M] () -- C:\Users\Dirtbag\Desktop\HiJackThis.lnk
[2011/12/29 22:12:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/12/29 18:43:30 | 547,740,408 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/26 22:17:59 | 000,001,315 | ---- | M] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2011/12/26 17:28:05 | 000,001,453 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/12/15 19:57:49 | 000,271,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/12 20:19:47 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\Phoenix Viewer.lnk
[2011/12/07 15:49:05 | 000,005,120 | ---- | M] () -- C:\Users\Dirtbag\AppData\Local\Databases.db

========== Files Created - No Company Name ==========

[2012/01/01 23:16:06 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\Scheduled scanning task.job
[2012/01/01 12:16:39 | 000,002,985 | ---- | C] () -- C:\Users\Dirtbag\Desktop\HiJackThis.lnk
[2011/12/29 22:12:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/12/28 15:20:57 | 547,740,408 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/26 22:17:59 | 000,001,315 | ---- | C] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2011/12/26 17:28:05 | 000,001,453 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/08/31 13:29:00 | 004,023,808 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011/07/18 20:24:45 | 000,005,120 | ---- | C] () -- C:\Users\Dirtbag\AppData\Local\Databases.db
[2011/07/12 15:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/06/17 05:26:10 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/17 05:17:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/22 17:21:35 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2011/04/22 17:21:24 | 000,739,068 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/20 07:45:15 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2011/04/20 07:35:11 | 000,035,934 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/04/20 07:31:12 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/04/20 07:31:01 | 000,024,353 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/01/04 13:28:18 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/13 20:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 17:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 17:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 15:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 14:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 12:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 12:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 03:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/02/05 16:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

< End of report >
i hope this helps,it didnt seem to generate a new Extra`s log though hope it didnt need too.




#10 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,235 posts

Posted 02 January 2012 - 09:03 AM

The results in the OTL log from the fix wasn't what I expected
Did you copy/paste Exactly what I had to the custom scan/fixes pane of Otl.exe?

Can you do the following:
Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

Click the START SCAN, when done
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#11 dirtybagtwb

dirtybagtwb

    Member

  • Members
  • PipPipPip
  • 75 posts

Posted 02 January 2012 - 02:22 PM

The results in the OTL log from the fix wasn't what I expected
Did you copy/paste Exactly what I had to the custom scan/fixes pane of Otl.exe?

Can you do the following:
Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

Click the START SCAN, when done
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply

as far as i can tell i pasted exactly what u had in the scan/fixes window,also in the 64 bit explorer i dont get redirected to the harmfull website i told u about in the begining of the post.







11:13:21.0214 0244 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
11:13:21.0869 0244 ============================================================
11:13:21.0869 0244 Current date / time: 2012/01/02 11:13:21.0869
11:13:21.0869 0244 SystemInfo:
11:13:21.0869 0244
11:13:21.0869 0244 OS Version: 6.1.7601 ServicePack: 1.0
11:13:21.0869 0244 Product type: Workstation
11:13:21.0869 0244 ComputerName: DIRTBAG-PC
11:13:21.0869 0244 UserName: Dirtbag
11:13:21.0869 0244 Windows directory: C:\Windows
11:13:21.0869 0244 System windows directory: C:\Windows
11:13:21.0869 0244 Running under WOW64
11:13:21.0869 0244 Processor architecture: Intel x64
11:13:21.0869 0244 Number of processors: 8
11:13:21.0869 0244 Page size: 0x1000
11:13:21.0869 0244 Boot type: Normal boot
11:13:21.0869 0244 ============================================================
11:13:22.0509 0244 Initialize success
11:14:18.0607 6096 ============================================================
11:14:18.0607 6096 Scan started
11:14:18.0607 6096 Mode: Manual;
11:14:18.0607 6096 ============================================================
11:14:19.0028 6096 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
11:14:19.0028 6096 1394ohci - ok
11:14:19.0043 6096 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:14:19.0059 6096 ACPI - ok
11:14:19.0059 6096 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:14:19.0059 6096 AcpiPmi - ok
11:14:19.0121 6096 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:14:19.0121 6096 adp94xx - ok
11:14:19.0137 6096 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:14:19.0137 6096 adpahci - ok
11:14:19.0153 6096 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:14:19.0153 6096 adpu320 - ok
11:14:19.0199 6096 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:14:19.0199 6096 AFD - ok
11:14:19.0215 6096 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:14:19.0215 6096 agp440 - ok
11:14:19.0231 6096 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:14:19.0231 6096 aliide - ok
11:14:19.0246 6096 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:14:19.0246 6096 amdide - ok
11:14:19.0246 6096 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:14:19.0246 6096 AmdK8 - ok
11:14:19.0262 6096 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
11:14:19.0262 6096 AmdPPM - ok
11:14:19.0277 6096 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:14:19.0277 6096 amdsata - ok
11:14:19.0293 6096 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:14:19.0293 6096 amdsbs - ok
11:14:19.0309 6096 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:14:19.0309 6096 amdxata - ok
11:14:19.0324 6096 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:14:19.0324 6096 AppID - ok
11:14:19.0340 6096 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:14:19.0340 6096 arc - ok
11:14:19.0355 6096 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:14:19.0355 6096 arcsas - ok
11:14:19.0387 6096 asmthub3 (e1e75921e9eb025009696d4837f531fb) C:\Windows\system32\DRIVERS\asmthub3.sys
11:14:19.0387 6096 asmthub3 - ok
11:14:19.0418 6096 asmtxhci (b0cf9ab16006b61634d4f955345ca5d2) C:\Windows\system32\DRIVERS\asmtxhci.sys
11:14:19.0433 6096 asmtxhci - ok
11:14:19.0433 6096 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:14:19.0449 6096 AsyncMac - ok
11:14:19.0449 6096 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:14:19.0449 6096 atapi - ok
11:14:19.0480 6096 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:14:19.0496 6096 b06bdrv - ok
11:14:19.0511 6096 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:14:19.0511 6096 b57nd60a - ok
11:14:19.0527 6096 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:14:19.0527 6096 Beep - ok
11:14:19.0558 6096 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:14:19.0558 6096 blbdrive - ok
11:14:19.0574 6096 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:14:19.0574 6096 bowser - ok
11:14:19.0589 6096 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:14:19.0589 6096 BrFiltLo - ok
11:14:19.0589 6096 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:14:19.0589 6096 BrFiltUp - ok
11:14:19.0605 6096 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:14:19.0621 6096 Brserid - ok
11:14:19.0621 6096 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:14:19.0621 6096 BrSerWdm - ok
11:14:19.0636 6096 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:14:19.0636 6096 BrUsbMdm - ok
11:14:19.0652 6096 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:14:19.0652 6096 BrUsbSer - ok
11:14:19.0652 6096 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:14:19.0667 6096 BTHMODEM - ok
11:14:19.0683 6096 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:14:19.0683 6096 cdfs - ok
11:14:19.0699 6096 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:14:19.0699 6096 cdrom - ok
11:14:19.0730 6096 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:14:19.0730 6096 circlass - ok
11:14:19.0745 6096 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:14:19.0745 6096 CLFS - ok
11:14:19.0761 6096 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
11:14:19.0761 6096 CmBatt - ok
11:14:19.0777 6096 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:14:19.0777 6096 cmdide - ok
11:14:19.0792 6096 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
11:14:19.0792 6096 CNG - ok
11:14:19.0808 6096 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
11:14:19.0808 6096 Compbatt - ok
11:14:19.0823 6096 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:14:19.0823 6096 CompositeBus - ok
11:14:19.0839 6096 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:14:19.0839 6096 crcdisk - ok
11:14:19.0870 6096 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:14:19.0870 6096 CSC - ok
11:14:19.0886 6096 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:14:19.0886 6096 DfsC - ok
11:14:19.0901 6096 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:14:19.0901 6096 discache - ok
11:14:19.0901 6096 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:14:19.0901 6096 Disk - ok
11:14:19.0917 6096 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
11:14:19.0917 6096 dmvsc - ok
11:14:19.0933 6096 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:14:19.0933 6096 drmkaud - ok
11:14:19.0964 6096 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:14:19.0964 6096 DXGKrnl - ok
11:14:19.0995 6096 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
11:14:19.0995 6096 E1G60 - ok
11:14:20.0057 6096 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:14:20.0104 6096 ebdrv - ok
11:14:20.0135 6096 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:14:20.0135 6096 elxstor - ok
11:14:20.0151 6096 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:14:20.0151 6096 ErrDev - ok
11:14:20.0151 6096 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:14:20.0151 6096 exfat - ok
11:14:20.0213 6096 F-Secure Gatekeeper (c898cf54315e594c33f915b053e2ec2b) C:\Program Files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsgk.sys
11:14:20.0213 6096 F-Secure Gatekeeper - ok
11:14:20.0245 6096 F-Secure HIPS (0923c7370d08aa0e167f24fdee24a333) C:\Program Files (x86)\GCI Security Guard\HIPS\drivers\fshs.sys
11:14:20.0245 6096 F-Secure HIPS - ok
11:14:20.0260 6096 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:14:20.0260 6096 fastfat - ok
11:14:20.0276 6096 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:14:20.0276 6096 fdc - ok
11:14:20.0291 6096 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:14:20.0291 6096 FileInfo - ok
11:14:20.0307 6096 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:14:20.0307 6096 Filetrace - ok
11:14:20.0307 6096 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:14:20.0323 6096 flpydisk - ok
11:14:20.0323 6096 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:14:20.0338 6096 FltMgr - ok
11:14:20.0354 6096 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:14:20.0354 6096 FsDepends - ok
11:14:20.0369 6096 FSES (06c487127857ca7dd0bb6051d454dd90) C:\Windows\system32\drivers\fses.sys
11:14:20.0369 6096 FSES - ok
11:14:20.0385 6096 FSFW (f68d7041a3a6f4707237891d476dd412) C:\Windows\system32\drivers\fsdfw.sys
11:14:20.0385 6096 FSFW - ok
11:14:20.0401 6096 fsvista (ca7903a77fe92a11045dab462574009f) C:\Program Files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsvista.sys
11:14:20.0416 6096 fsvista - ok
11:14:20.0416 6096 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:14:20.0416 6096 Fs_Rec - ok
11:14:20.0432 6096 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:14:20.0432 6096 fvevol - ok
11:14:20.0447 6096 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:14:20.0463 6096 gagp30kx - ok
11:14:20.0479 6096 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:14:20.0479 6096 hcw85cir - ok
11:14:20.0510 6096 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:14:20.0510 6096 HdAudAddService - ok
11:14:20.0525 6096 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:14:20.0525 6096 HDAudBus - ok
11:14:20.0525 6096 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:14:20.0525 6096 HidBatt - ok
11:14:20.0541 6096 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:14:20.0541 6096 HidBth - ok
11:14:20.0557 6096 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:14:20.0557 6096 HidIr - ok
11:14:20.0572 6096 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:14:20.0572 6096 HidUsb - ok
11:14:20.0588 6096 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:14:20.0588 6096 HpSAMD - ok
11:14:20.0603 6096 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:14:20.0619 6096 HTTP - ok
11:14:20.0635 6096 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:14:20.0635 6096 hwpolicy - ok
11:14:20.0650 6096 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:14:20.0650 6096 i8042prt - ok
11:14:20.0666 6096 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:14:20.0681 6096 iaStorV - ok
11:14:20.0697 6096 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:14:20.0697 6096 iirsp - ok
11:14:20.0744 6096 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
11:14:20.0775 6096 IntcAzAudAddService - ok
11:14:20.0806 6096 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:14:20.0806 6096 intelide - ok
11:14:20.0822 6096 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:14:20.0822 6096 intelppm - ok
11:14:20.0837 6096 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:14:20.0837 6096 IpFilterDriver - ok
11:14:20.0853 6096 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:14:20.0853 6096 IPMIDRV - ok
11:14:20.0869 6096 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:14:20.0869 6096 IPNAT - ok
11:14:20.0884 6096 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:14:20.0884 6096 IRENUM - ok
11:14:20.0900 6096 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:14:20.0900 6096 isapnp - ok
11:14:20.0915 6096 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:14:20.0915 6096 iScsiPrt - ok
11:14:20.0931 6096 JRAID (dbc83f59d9741734f9575da4e3345b2c) C:\Windows\system32\DRIVERS\jraid.sys
11:14:20.0931 6096 JRAID - ok
11:14:20.0947 6096 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:14:20.0947 6096 kbdclass - ok
11:14:20.0962 6096 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:14:20.0962 6096 kbdhid - ok
11:14:20.0978 6096 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
11:14:20.0978 6096 KSecDD - ok
11:14:20.0993 6096 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
11:14:20.0993 6096 KSecPkg - ok
11:14:21.0009 6096 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:14:21.0009 6096 ksthunk - ok
11:14:21.0040 6096 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:14:21.0040 6096 lltdio - ok
11:14:21.0056 6096 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:14:21.0056 6096 LSI_FC - ok
11:14:21.0071 6096 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:14:21.0071 6096 LSI_SAS - ok
11:14:21.0087 6096 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:14:21.0087 6096 LSI_SAS2 - ok
11:14:21.0103 6096 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:14:21.0103 6096 LSI_SCSI - ok
11:14:21.0118 6096 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:14:21.0118 6096 luafv - ok
11:14:21.0134 6096 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:14:21.0134 6096 megasas - ok
11:14:21.0149 6096 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:14:21.0165 6096 MegaSR - ok
11:14:21.0165 6096 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
11:14:21.0181 6096 MEIx64 - ok
11:14:21.0181 6096 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:14:21.0181 6096 Modem - ok
11:14:21.0196 6096 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:14:21.0196 6096 monitor - ok
11:14:21.0212 6096 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:14:21.0212 6096 mouclass - ok
11:14:21.0227 6096 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:14:21.0227 6096 mouhid - ok
11:14:21.0243 6096 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:14:21.0243 6096 mountmgr - ok
11:14:21.0259 6096 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:14:21.0259 6096 mpio - ok
11:14:21.0274 6096 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:14:21.0274 6096 mpsdrv - ok
11:14:21.0290 6096 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:14:21.0305 6096 MRxDAV - ok
11:14:21.0321 6096 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:14:21.0321 6096 mrxsmb - ok
11:14:21.0352 6096 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:14:21.0352 6096 mrxsmb10 - ok
11:14:21.0352 6096 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:14:21.0368 6096 mrxsmb20 - ok
11:14:21.0383 6096 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:14:21.0383 6096 msahci - ok
11:14:21.0399 6096 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:14:21.0399 6096 msdsm - ok
11:14:21.0415 6096 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:14:21.0415 6096 Msfs - ok
11:14:21.0430 6096 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:14:21.0430 6096 mshidkmdf - ok
11:14:21.0430 6096 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:14:21.0430 6096 msisadrv - ok
11:14:21.0446 6096 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:14:21.0446 6096 MSKSSRV - ok
11:14:21.0461 6096 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:14:21.0461 6096 MSPCLOCK - ok
11:14:21.0477 6096 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:14:21.0477 6096 MSPQM - ok
11:14:21.0493 6096 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:14:21.0493 6096 MsRPC - ok
11:14:21.0508 6096 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:14:21.0508 6096 mssmbios - ok
11:14:21.0524 6096 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:14:21.0524 6096 MSTEE - ok
11:14:21.0524 6096 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:14:21.0524 6096 MTConfig - ok
11:14:21.0539 6096 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:14:21.0539 6096 Mup - ok
11:14:21.0555 6096 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:14:21.0571 6096 NativeWifiP - ok
11:14:21.0586 6096 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:14:21.0602 6096 NDIS - ok
11:14:21.0617 6096 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:14:21.0617 6096 NdisCap - ok
11:14:21.0617 6096 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:14:21.0617 6096 NdisTapi - ok
11:14:21.0633 6096 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:14:21.0633 6096 Ndisuio - ok
11:14:21.0649 6096 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:14:21.0649 6096 NdisWan - ok
11:14:21.0664 6096 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:14:21.0664 6096 NDProxy - ok
11:14:21.0680 6096 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:14:21.0680 6096 NetBIOS - ok
11:14:21.0680 6096 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:14:21.0695 6096 NetBT - ok
11:14:21.0711 6096 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:14:21.0711 6096 nfrd960 - ok
11:14:21.0727 6096 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:14:21.0727 6096 Npfs - ok
11:14:21.0742 6096 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:14:21.0742 6096 nsiproxy - ok
11:14:21.0789 6096 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:14:21.0820 6096 Ntfs - ok
11:14:21.0836 6096 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:14:21.0836 6096 Null - ok
11:14:21.0867 6096 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
11:14:21.0867 6096 NVHDA - ok
11:14:22.0023 6096 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:14:22.0070 6096 nvlddmkm - ok
11:14:22.0195 6096 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:14:22.0195 6096 nvraid - ok
11:14:22.0210 6096 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:14:22.0226 6096 nvstor - ok
11:14:22.0257 6096 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:14:22.0257 6096 nv_agp - ok
11:14:22.0273 6096 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:14:22.0273 6096 ohci1394 - ok
11:14:22.0288 6096 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:14:22.0288 6096 Parport - ok
11:14:22.0304 6096 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:14:22.0304 6096 partmgr - ok
11:14:22.0319 6096 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:14:22.0319 6096 pci - ok
11:14:22.0319 6096 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:14:22.0319 6096 pciide - ok
11:14:22.0351 6096 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:14:22.0351 6096 pcmcia - ok
11:14:22.0351 6096 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:14:22.0351 6096 pcw - ok
11:14:22.0382 6096 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:14:22.0382 6096 PEAUTH - ok
11:14:22.0413 6096 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:14:22.0413 6096 PptpMiniport - ok
11:14:22.0429 6096 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:14:22.0429 6096 Processor - ok
11:14:22.0460 6096 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:14:22.0460 6096 Psched - ok
11:14:22.0491 6096 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
11:14:22.0491 6096 PxHlpa64 - ok
11:14:22.0522 6096 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:14:22.0538 6096 ql2300 - ok
11:14:22.0553 6096 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:14:22.0553 6096 ql40xx - ok
11:14:22.0569 6096 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:14:22.0569 6096 QWAVEdrv - ok
11:14:22.0585 6096 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:14:22.0585 6096 RasAcd - ok
11:14:22.0600 6096 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:14:22.0600 6096 RasAgileVpn - ok
11:14:22.0600 6096 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:14:22.0616 6096 Rasl2tp - ok
11:14:22.0616 6096 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:14:22.0616 6096 RasPppoe - ok
11:14:22.0631 6096 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:14:22.0631 6096 RasSstp - ok
11:14:22.0647 6096 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:14:22.0647 6096 rdbss - ok
11:14:22.0663 6096 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:14:22.0663 6096 rdpbus - ok
11:14:22.0678 6096 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:14:22.0678 6096 RDPCDD - ok
11:14:22.0694 6096 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:14:22.0694 6096 RDPDR - ok
11:14:22.0709 6096 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:14:22.0709 6096 RDPENCDD - ok
11:14:22.0725 6096 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:14:22.0725 6096 RDPREFMP - ok
11:14:22.0725 6096 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:14:22.0741 6096 RDPWD - ok
11:14:22.0787 6096 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:14:22.0819 6096 rdyboost - ok
11:14:22.0865 6096 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:14:22.0865 6096 rspndr - ok
11:14:22.0897 6096 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:14:22.0897 6096 RTL8167 - ok
11:14:22.0912 6096 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:14:22.0912 6096 s3cap - ok
11:14:22.0928 6096 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:14:22.0928 6096 sbp2port - ok
11:14:22.0959 6096 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:14:22.0959 6096 scfilter - ok
11:14:22.0975 6096 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:14:22.0975 6096 secdrv - ok
11:14:22.0990 6096 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:14:22.0990 6096 Serenum - ok
11:14:22.0990 6096 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:14:22.0990 6096 Serial - ok
11:14:23.0006 6096 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:14:23.0006 6096 sermouse - ok
11:14:23.0021 6096 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:14:23.0021 6096 sffdisk - ok
11:14:23.0021 6096 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:14:23.0021 6096 sffp_mmc - ok
11:14:23.0037 6096 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:14:23.0037 6096 sffp_sd - ok
11:14:23.0053 6096 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:14:23.0053 6096 sfloppy - ok
11:14:23.0053 6096 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:14:23.0053 6096 SiSRaid2 - ok
11:14:23.0068 6096 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:14:23.0068 6096 SiSRaid4 - ok
11:14:23.0099 6096 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:14:23.0099 6096 Smb - ok
11:14:23.0115 6096 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:14:23.0115 6096 spldr - ok
11:14:23.0146 6096 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:14:23.0146 6096 srv - ok
11:14:23.0162 6096 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:14:23.0162 6096 srv2 - ok
11:14:23.0193 6096 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:14:23.0193 6096 srvnet - ok
11:14:23.0224 6096 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:14:23.0224 6096 stexstor - ok
11:14:23.0240 6096 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
11:14:23.0240 6096 storflt - ok
11:14:23.0255 6096 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:14:23.0255 6096 storvsc - ok
11:14:23.0271 6096 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:14:23.0271 6096 swenum - ok
11:14:23.0318 6096 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:14:23.0365 6096 Tcpip - ok
11:14:23.0380 6096 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:14:23.0396 6096 TCPIP6 - ok
11:14:23.0411 6096 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:14:23.0411 6096 tcpipreg - ok
11:14:23.0411 6096 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:14:23.0411 6096 TDPIPE - ok
11:14:23.0427 6096 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:14:23.0427 6096 TDTCP - ok
11:14:23.0443 6096 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:14:23.0443 6096 tdx - ok
11:14:23.0443 6096 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
11:14:23.0443 6096 TermDD - ok
11:14:23.0458 6096 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:14:23.0458 6096 tssecsrv - ok
11:14:23.0474 6096 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:14:23.0474 6096 TsUsbFlt - ok
11:14:23.0489 6096 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:14:23.0489 6096 TsUsbGD - ok
11:14:23.0505 6096 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:14:23.0505 6096 tunnel - ok
11:14:23.0521 6096 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:14:23.0521 6096 uagp35 - ok
11:14:23.0536 6096 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:14:23.0536 6096 udfs - ok
11:14:23.0567 6096 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:14:23.0567 6096 uliagpkx - ok
11:14:23.0583 6096 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:14:23.0583 6096 umbus - ok
11:14:23.0599 6096 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:14:23.0599 6096 UmPass - ok
11:14:23.0630 6096 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
11:14:23.0630 6096 usbccgp - ok
11:14:23.0645 6096 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:14:23.0645 6096 usbcir - ok
11:14:23.0661 6096 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
11:14:23.0661 6096 usbehci - ok
11:14:23.0677 6096 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
11:14:23.0677 6096 usbhub - ok
11:14:23.0692 6096 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
11:14:23.0692 6096 usbohci - ok
11:14:23.0692 6096 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:14:23.0708 6096 usbprint - ok
11:14:23.0723 6096 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:14:23.0723 6096 USBSTOR - ok
11:14:23.0739 6096 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
11:14:23.0739 6096 usbuhci - ok
11:14:23.0755 6096 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:14:23.0755 6096 vdrvroot - ok
11:14:23.0770 6096 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:14:23.0770 6096 vga - ok
11:14:23.0786 6096 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:14:23.0786 6096 VgaSave - ok
11:14:23.0801 6096 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:14:23.0801 6096 vhdmp - ok
11:14:23.0801 6096 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:14:23.0801 6096 viaide - ok
11:14:23.0817 6096 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
11:14:23.0817 6096 vmbus - ok
11:14:23.0833 6096 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:14:23.0833 6096 VMBusHID - ok
11:14:23.0848 6096 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:14:23.0848 6096 volmgr - ok
11:14:23.0864 6096 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:14:23.0864 6096 volmgrx - ok
11:14:23.0879 6096 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:14:23.0895 6096 volsnap - ok
11:14:23.0911 6096 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:14:23.0911 6096 vsmraid - ok
11:14:23.0926 6096 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:14:23.0926 6096 vwifibus - ok
11:14:23.0942 6096 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:14:23.0942 6096 WacomPen - ok
11:14:23.0973 6096 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:14:23.0973 6096 WANARP - ok
11:14:23.0989 6096 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:14:23.0989 6096 Wanarpv6 - ok
11:14:24.0004 6096 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:14:24.0004 6096 Wd - ok
11:14:24.0020 6096 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:14:24.0035 6096 Wdf01000 - ok
11:14:24.0051 6096 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:14:24.0051 6096 WfpLwf - ok
11:14:24.0067 6096 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:14:24.0067 6096 WIMMount - ok
11:14:24.0113 6096 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:14:24.0113 6096 WinUsb - ok
11:14:24.0113 6096 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:14:24.0113 6096 WmiAcpi - ok
11:14:24.0145 6096 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:14:24.0145 6096 ws2ifsl - ok
11:14:24.0176 6096 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:14:24.0176 6096 WudfPf - ok
11:14:24.0207 6096 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:14:24.0207 6096 WUDFRd - ok
11:14:24.0238 6096 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
11:14:24.0238 6096 yukonw7 - ok
11:14:24.0254 6096 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:14:24.0301 6096 \Device\Harddisk0\DR0 - ok
11:14:24.0301 6096 Boot (0x1200) (20d7125dad0193b5ff7c2961e3e3c181) \Device\Harddisk0\DR0\Partition0
11:14:24.0301 6096 \Device\Harddisk0\DR0\Partition0 - ok
11:14:24.0316 6096 Boot (0x1200) (e843d4ab45387d69d12d7bc691c94b35) \Device\Harddisk0\DR0\Partition1
11:14:24.0316 6096 \Device\Harddisk0\DR0\Partition1 - ok
11:14:24.0316 6096 ============================================================
11:14:24.0316 6096 Scan finished
11:14:24.0316 6096 ============================================================
11:14:24.0909 5864 Detected object count: 0
11:14:24.0909 5864 Actual detected object count: 0
11:18:52.0523 4448 Deinitialize success
here is the first log.. i will post the others as soon as its done running...and it didnt prompt me to reboot when i ran as administrator.





here is the other log u requested as well...although i didnt see where i could change the AV scan to none and it prompted me to download virus definitions which i declined because u didnt ask me to
also on completion of the following download F-secure prompted me not to run because of the possible threat to my PC.

aswMBR version 0.9.9.1124 Copyrightę 2011 AVAST Software
Run date: 2012-01-02 11:24:56
-----------------------------
11:24:56.769 OS Version: Windows x64 6.1.7601 Service Pack 1
11:24:56.769 Number of processors: 8 586 0x2A07
11:24:56.769 ComputerName: DIRTBAG-PC UserName: Dirtbag
11:24:58.079 Initialize success
11:25:44.979 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:25:44.979 Disk 0 Vendor: WDC_WD1002FAEX-007BA0 05.01D05 Size: 953869MB BusType: 11
11:25:44.994 Disk 0 MBR read successfully
11:25:44.994 Disk 0 MBR scan
11:25:44.994 Disk 0 Windows 7 default MBR code
11:25:44.994 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:25:44.994 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
11:25:45.010 Service scanning
11:25:45.899 Modules scanning
11:25:45.899 Scan finished successfully
11:25:55.025 Disk 0 MBR has been saved successfully to "C:\Users\Dirtbag\Desktop\MBR.dat"
11:25:55.025 The log file has been saved successfully to "C:\Users\Dirtbag\Desktop\aswMBR.txt"

#12 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,235 posts

Posted 02 January 2012 - 06:33 PM

Can you do the following
As you have had luck with IE 64bit
Delete twb.com on desktop
Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click on OTL.exe to run it
  • Right click on OTL.exe and choose to "Run as Administrator"

  • Under the Custom Scans/Fixes box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
    and ensure to copy Everything from :Files right to the end bracket of [EmptyTemp]

    :Files
    ipconfig /flushdns /c
    :Commands
    [resethosts]
    [EmptyFlash]
    [EmptyTemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please

In addition
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, you will be prompted to Decline or use Trial version>>>Select DECLINE
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If anything is found, make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#13 dirtybagtwb

dirtybagtwb

    Member

  • Members
  • PipPipPip
  • 75 posts

Posted 02 January 2012 - 07:32 PM

Can you do the following
As you have had luck with IE 64bit
Delete twb.com on desktop
Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click on OTL.exe to run it
  • Right click on OTL.exe and choose to "Run as Administrator"

  • Under the Custom Scans/Fixes box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
    and ensure to copy Everything from :Files right to the end bracket of [EmptyTemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please

In addition
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, you will be prompted to Decline or use Trial version>>>Select DECLINE
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If anything is found, make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


here is the log u requested however OTL didnt prompt me to scan after reboot

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dirtbag\Desktop\cmd.bat deleted successfully.
C:\Users\Dirtbag\Desktop\cmd.txt deleted successfully.
File\Folder :Commands not found.
File\Folder [resethosts] not found.
File\Folder [EmptyFlash] not found.
File\Folder [EmptyTemp] not found.

OTL by OldTimer - Version 3.2.31.0 log created on 01022012_162520

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

here is the Malware log.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.02.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dirtbag :: DIRTBAG-PC [administrator]

1/2/2012 4:34:46 PM
mbam-log-2012-01-02 (16-34-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202333
Time elapsed: 2 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
also i wasnt sure if u wanted the full logs from after the OTL fix so i included them just in case sorry if i misunderstood.

OTL logfile created on: 1/2/2012 4:22:13 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dirtbag\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.06 Gb Available Physical Memory | 75.91% Memory free
15.96 Gb Paging File | 13.81 Gb Available in Paging File | 86.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 814.04 Gb Free Space | 87.40% Space Free | Partition Type: NTFS

Computer Name: DIRTBAG-PC | User Name: Dirtbag | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/02 16:19:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dirtbag\Desktop\OTL.exe
PRC - [2011/12/02 12:09:58 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/08 20:47:49 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsav32.exe
PRC - [2011/09/08 19:28:36 | 001,008,296 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fssm32.exe
PRC - [2011/09/08 19:28:36 | 000,512,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/23 15:06:03 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\ORSP Client\fsorsp.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/26 21:11:49 | 000,867,080 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011/01/07 17:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/11/18 07:08:32 | 000,201,128 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSM32.EXE
PRC - [2009/11/18 07:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSMA32.EXE
PRC - [2009/11/18 07:08:32 | 000,090,536 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSHDLL32.EXE
PRC - [2009/11/18 07:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32st.exe
PRC - [2009/09/06 05:13:22 | 043,230,560 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 8.0\PhotoshopElementsEditor.exe
PRC - [2009/09/06 04:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2009/11/18 07:08:42 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSPC\fspcfsm.eng
MOD - [2009/11/18 07:07:10 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\strres.eng
MOD - [2009/11/18 07:07:02 | 000,553,384 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\gres.dll
MOD - [2009/11/18 07:06:54 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\fsavures.eng
MOD - [2009/11/18 07:06:52 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\flyerres.eng
MOD - [2009/11/18 07:06:40 | 000,090,536 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\aboutres.dll
MOD - [2009/11/18 07:06:36 | 000,442,792 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\about.dll
MOD - [2009/09/06 05:09:46 | 004,774,240 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 8.0\authplay.dll
MOD - [2009/09/06 04:55:08 | 000,071,008 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 8.0\OperaMgr.dll
MOD - [2009/09/06 04:45:40 | 000,430,432 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 8.0\AdobeXMP.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 16:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 16:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/12/08 18:03:17 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/23 15:06:03 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/26 21:11:49 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/07 17:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/11/18 07:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\GCI Security Guard\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/11/18 07:07:30 | 000,846,248 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/11/18 07:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/09/06 04:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 12:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/22 17:57:44 | 000,050,384 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2011/03/10 21:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 21:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/28 10:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/08 16:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/12/08 16:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/20 18:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 18:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 18:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 18:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 14:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/10/19 14:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/05/19 20:03:11 | 000,105,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/11/18 07:07:30 | 000,094,024 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2009/07/13 16:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 16:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 16:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 11:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 11:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 11:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 11:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 11:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/16 01:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2011/09/08 19:29:22 | 000,198,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/11/18 07:08:18 | 000,059,784 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\GCI Security Guard\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/11/18 07:06:22 | 000,016,768 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009/07/13 16:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Dirtbag\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\GCI Security Guard\NRS\[email protected] [2011/12/07 15:57:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/02 12:10:05 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 12:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\GCI Security Guard\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\GCI Security Guard\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\GCI Security Guard\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\GCI Security Guard\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.165.131.12 209.165.131.13 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{789799E2-36E5-4239-976F-F680D938537A}: DhcpNameServer = 209.165.131.12 209.165.131.13 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/02 16:19:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dirtbag\Desktop\OTL.exe
[2012/01/02 11:23:17 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Users\Dirtbag\Desktop\aswMBR.exe
[2012/01/02 09:28:40 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Local\SWTOR
[2012/01/02 09:28:40 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\Documents\HeroBlade Logs
[2012/01/01 23:52:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/01 12:16:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/01/01 12:16:39 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/31 13:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/12/29 18:51:56 | 002,560,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2011/12/28 15:20:58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/26 22:18:04 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Roaming\Firestorm
[2011/12/26 22:18:02 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Local\Firestorm
[2011/12/26 22:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm-Release
[2011/12/26 22:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firestorm-Release
[2011/12/26 22:11:21 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Local\SecondLife
[2011/12/26 17:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2011/12/26 17:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/12/26 17:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2011/12/14 23:29:58 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/14 23:29:58 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/14 23:29:57 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/14 23:29:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/14 23:29:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/14 23:29:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/14 23:29:56 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/14 23:29:56 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/14 23:29:56 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/14 23:29:56 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/14 23:29:56 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/14 20:23:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 20:23:23 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 20:23:23 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/09/25 16:56:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2010/02/03 20:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll

========== Files - Modified Within 30 Days ==========

[2012/01/02 16:19:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dirtbag\Desktop\OTL.exe
[2012/01/02 15:40:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/02 11:23:19 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Users\Dirtbag\Desktop\aswMBR.exe
[2012/01/02 09:12:20 | 000,025,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 09:12:20 | 000,025,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 09:08:02 | 000,725,056 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/02 09:08:02 | 000,622,250 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/02 09:08:02 | 000,106,740 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/02 09:02:07 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/02 09:01:17 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2012/01/02 09:01:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/02 09:01:11 | 2132,865,023 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/01 12:16:39 | 000,002,985 | ---- | M] () -- C:\Users\Dirtbag\Desktop\HiJackThis.lnk
[2011/12/29 22:12:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/12/29 18:43:30 | 547,740,408 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/26 22:17:59 | 000,001,315 | ---- | M] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2011/12/26 17:28:05 | 000,001,453 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/12/15 19:57:49 | 000,271,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/12 20:19:47 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\Phoenix Viewer.lnk
[2011/12/07 15:49:05 | 000,005,120 | ---- | M] () -- C:\Users\Dirtbag\AppData\Local\Databases.db

========== Files Created - No Company Name ==========

[2012/01/01 23:16:06 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\Scheduled scanning task.job
[2012/01/01 12:16:39 | 000,002,985 | ---- | C] () -- C:\Users\Dirtbag\Desktop\HiJackThis.lnk
[2011/12/29 22:12:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/12/28 15:20:57 | 547,740,408 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/26 22:17:59 | 000,001,315 | ---- | C] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2011/12/26 17:28:05 | 000,001,453 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/08/31 13:29:00 | 004,023,808 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011/07/18 20:24:45 | 000,005,120 | ---- | C] () -- C:\Users\Dirtbag\AppData\Local\Databases.db
[2011/07/12 15:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/06/17 05:26:10 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/17 05:17:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/22 17:21:35 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2011/04/22 17:21:24 | 000,739,068 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/20 07:45:15 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2011/04/20 07:35:11 | 000,035,934 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/04/20 07:31:12 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/04/20 07:31:01 | 000,024,353 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/01/04 13:28:18 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/13 20:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 17:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 17:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 15:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 14:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 12:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 12:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 03:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/02/05 16:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

========== Custom Scans ==========


< >

< End of report >
i hope this helps.








#14 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,235 posts

Posted 02 January 2012 - 08:06 PM

The OTL script is finishing successfully
Can you do the following please:
Please download TFC by Old Timer and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Save any unsaved work. TFC will close ALL open programs including your browser!
Right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately.

Let me know if your still having problems later please

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#15 dirtybagtwb

dirtybagtwb

    Member

  • Members
  • PipPipPip
  • 75 posts

Posted 03 January 2012 - 02:54 AM

The OTL script is finishing successfully
Can you do the following please:
Please download TFC by Old Timer and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Save any unsaved work. TFC will close ALL open programs including your browser!
Right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately.

Let me know if your still having problems later please



well.. as a whole it seems to run better, but when im not using IE 64 bit it still redirects me to a harmfull website,but thanks for trying anyway.

#16 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,235 posts

Posted 03 January 2012 - 08:26 AM

If you start IE with Addons disabled, do you still have problems?
Click the Start button>>Programs>>>Accessories>>System Tools, and then click Internet Explorer (No Add-ons).

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#17 dirtybagtwb

dirtybagtwb

    Member

  • Members
  • PipPipPip
  • 75 posts

Posted 03 January 2012 - 10:12 PM

If you start IE with Addons disabled, do you still have problems?
Click the Start button>>Programs>>>Accessories>>System Tools, and then click Internet Explorer (No Add-ons).


ah ha .. that seemed to do it,and it seems to run a bit faster too.i thought i had all add-ons disabled already guess i was wrong.here is a list of my add-ons if it helps
Name Shockwave Flash Object
Publisher Adobe Systems Incorporated
Status Enabled
File date ‎Wednesday, ‎November ‎23, ‎2011, ‏‎8:12 PM
Version 11.1.102.55

Name Adobe PDF Link Helper
Publisher Adobe Systems, Incorporated
Status Disabled
File date ‎Monday, ‎September ‎05, ‎2011, ‏‎9:04 AM
Version 10.1.1.33

Name Browsing Protection Toolbar
Publisher F-Secure Corporation
Status Enabled
File date ‎Wednesday, ‎December ‎07, ‎2011, ‏‎3:57 PM
Version 1.10.5656.0
Load time 0.00 s

Name Browsing Protection Class
Publisher F-Secure Corporation
Status Enabled
File date ‎Wednesday, ‎December ‎07, ‎2011, ‏‎3:57 PM
Version 1.10.5656.0
Load time 0.01 s
Navigation time 0.08 s

Name Windows Live Toolbar
Publisher Microsoft Corporation
Status Disabled
File date ‎Friday, ‎April ‎16, ‎2010, ‏‎7:55 PM
Version 14.0.8117.416

Name Search Helper
Publisher Microsoft Corporation
Status Enabled
File date ‎Wednesday, ‎January ‎14, ‎2009, ‏‎4:49 PM
Version 1.2.118.0
Load time 0.01 s
Navigation time 0.01 s

Name Windows Live Sign-in Helper
Publisher Microsoft Corporation
Status Disabled
File date ‎Thursday, ‎January ‎22, ‎2009, ‏‎2:41 PM
Version 5.0.818.5
Load time (0.00 s)
Navigation time (0.00 s)

Name Windows Live Toolbar BHO
Publisher Microsoft Corporation
Status Disabled
File date ‎Friday, ‎April ‎16, ‎2010, ‏‎7:55 PM
Version 14.0.8117.416
Load time (0.17 s)
Navigation time (0.00 s)

Name Blog This in Windows Live Writer
Publisher Not Available
Status Enabled

Name RealPlayer Download and Record Plugin for Internet Explorer
Publisher RealNetworks, Inc.
Status Enabled
File date ‎Friday, ‎December ‎02, ‎2011, ‏‎12:10 PM
Version 15.0.0.198
Load time 0.04 s
Navigation time 0.00 s

Name Java™ Plug-In 2 SSV Helper
Publisher Sun Microsystems, Inc.
Status Enabled
File date ‎Tuesday, ‎October ‎18, ‎2011, ‏‎6:05 PM
Version 6.0.290.11
Load time 0.06 s






#18 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,235 posts

Posted 03 January 2012 - 10:43 PM

Can you disable the 2 addons related to FSecure and then restart your browser

Does that work for you?

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#19 dirtybagtwb

dirtybagtwb

    Member

  • Members
  • PipPipPip
  • 75 posts

Posted 04 January 2012 - 02:48 AM

Can you disable the 2 addons related to FSecure and then restart your browser

Does that work for you?

the result is the same...still redirects me to that harmfull website.

#20 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,235 posts

Posted 04 January 2012 - 09:20 AM

AV has been blocking a website during my internet browsing that doesnt allow me to access certain websites here is the website in question http://banners.ero-a...g.com/banad...


OK, well that's a good thing
Can you let me know Exactly what is happening

So in IE6 64bit, no redirection?
IE with no addons>> No redirection?

Redirection to where? the link you posted takes me nowhere

I have a feeling this is more a warning from your protection software

Can you try installing Mozilla Firefox, any redirection?
When installing don't make it default, unless you prefer to
http://www.mozilla.o...irefox/all.html

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users