I have the redirect virus and I've been trying desperately to get rid of it. I've followed all instructions in the cleaning guide thread and the how to fix google redirects thread and nothing is showing up so I think at this point I need someone to take a look at my logs, if possible.
MBAM didn't find anything and TDSS found a suspicious file but the instructions were to skip it so that's what I did.
GMER said "C:\Windows\system32\config\systems: The process cannot access the file because it is being used by another process" and I clicked okay, then it seemed to run the scan anyway but nothing was reported.
I also ran TFC, Goored, OTM, and OTL.. so I guess I'll post my logs now? I read that it is preferable to post these as opposed to attaching them but if this post is too long I can edit it with attachments instead. By the way, I'm running Windows 7 64-bit.
OTM:
All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Krystine\Desktop\cmd.bat deleted successfully.
C:\Users\Krystine\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Krystine
->Temp folder emptied: 2014745 bytes
->Temporary Internet Files folder emptied: 59544 bytes
->Java cache emptied: 64601661 bytes
->FireFox cache emptied: 46095763 bytes
->Flash cache emptied: 4131 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 1185128 bytes
Total Files Cleaned = 109.00 mb
Restore point Set: OTM Restore Point
OTM by OldTimer - Version 3.1.15.0 log created on 08262010_161113
Files moved on Reboot...
C:\Users\Krystine\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
OTL:
OTL logfile created on: 8/26/2010 4:39:24 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Krystine\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 76.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.52 Gb Total Space | 277.02 Gb Free Space | 47.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KRYSTINE-PC
Current User Name: Krystine
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/26 16:35:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Krystine\Desktop\OTL.exe
PRC - [2010/07/21 08:01:34 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/07/16 08:30:20 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/16 08:30:17 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 08:29:53 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/10/30 07:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/07/13 21:14:42 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
========== Modules (SafeList) ==========
MOD - [2010/08/26 16:35:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Krystine\Desktop\OTL.exe
MOD - [2009/07/13 21:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/11/23 16:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 16:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/08/18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 21:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/21 08:01:34 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 08:30:17 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010/07/16 08:30:19 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/16 08:29:54 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/06/03 08:22:09 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/12/04 19:11:36 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/27 16:06:34 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009/08/18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 21:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 21:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 19:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 19:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/19 13:47:52 | 000,382,464 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7064.sys -- (rt70x64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 12:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/02/16 11:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/07 14:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 C6 69 02 E2 E7 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:2.6
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.2
FF - prefs.js..extensions.enabledItems: {241aae70-0022-11de-87af-0800200c9a66}:3.6.30.01.10
FF - prefs.js..extensions.enabledItems: {9f94fab0-58a2-11dd-ae16-0800200c9a66}:3.0.26
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/24 13:54:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/12 20:21:18 | 000,000,000 | ---D | M]
[2009/12/04 16:19:21 | 000,000,000 | ---D | M] -- C:\Users\Krystine\AppData\Roaming\Mozilla\Extensions
[2010/08/25 18:19:34 | 000,000,000 | ---D | M] -- C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions
[2010/03/25 22:46:11 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2010/03/25 22:47:45 | 000,000,000 | ---D | M] (AvantGarde Rosepetal) -- C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
[2010/04/16 17:02:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/08/21 18:50:11 | 000,000,000 | ---D | M] -- C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions\[email protected]
[2010/04/16 17:02:32 | 000,000,000 | ---D | M] -- C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions\[email protected]
[2010/03/25 22:47:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}\mozapps\extensions
[2010/08/25 18:19:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/30 12:42:41 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
O1 HOSTS File: ([2010/08/26 16:16:07 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [ZE18MW23GY] C:\Users\Krystine\AppData\Local\Temp\Ncz.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.234,93.188.161.234
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ==========
[2010/08/26 16:35:53 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Krystine\Desktop\OTL.exe
[2010/08/26 16:21:11 | 000,000,000 | ---D | C] -- C:\Users\Krystine\Desktop\GooredFix Backups
[2010/08/26 16:11:13 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/08/26 16:10:55 | 001,198,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Krystine\Desktop\TDSSKiller.exe
[2010/08/26 16:10:20 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Krystine\Desktop\GooredFix.exe
[2010/08/26 16:08:03 | 000,520,192 | ---- | C] (OldTimer Tools) -- C:\Users\Krystine\Desktop\OTM.exe
[2010/08/26 16:06:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/26 15:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2010/08/26 15:24:45 | 000,000,000 | ---D | C] -- C:\Users\Krystine\AppData\Roaming\Malwarebytes
[2010/08/26 15:24:44 | 000,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbam.sys
[2010/08/26 15:24:42 | 000,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/26 15:24:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/26 15:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/26 15:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/08/26 14:46:19 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/08/25 20:45:45 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010/08/23 17:42:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2010/08/12 20:32:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/08/12 20:22:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/08/12 20:22:25 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/08/12 20:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/08/12 20:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/08/12 20:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/08/12 20:16:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/08/08 21:17:37 | 000,000,000 | ---D | C] -- C:\Users\Krystine\Documents\moonshl2
[2010/08/08 21:17:37 | 000,000,000 | ---D | C] -- C:\Users\Krystine\Documents\moonmemo
[2010/08/08 20:39:21 | 000,000,000 | ---D | C] -- C:\Users\Krystine\Documents\eng
[2010/08/08 18:20:39 | 000,000,000 | ---D | C] -- C:\Users\Krystine\Documents\AAA DS
[2010/08/07 02:04:19 | 000,000,000 | ---D | C] -- C:\Users\Krystine\Documents\Heroes of Newerth
[2010/08/07 02:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Heroes of Newerth
[2010/07/16 08:30:19 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/06/15 15:01:01 | 000,000,000 | ---D | C] -- C:\Users\Krystine\AppData\Roaming\Facebook
[2010/04/16 17:53:56 | 001,117,491 | ---- | C] (DVD Shrink ) -- C:\Program Files (x86)\dvdshrink32setup.exe
[2009/12/16 16:47:12 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Krystine\AppData\Roaming\pcouffin.sys
[2009/12/04 17:24:58 | 003,139,840 | ---- | C] (WindSolutions) -- C:\Program Files\CopyTrans.exe
========== Files - Modified Within 90 Days ==========
[2010/08/26 16:37:28 | 007,864,320 | -HS- | M] () -- C:\Users\Krystine\NTUSER.DAT
[2010/08/26 16:35:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Krystine\Desktop\OTL.exe
[2010/08/26 16:25:28 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/26 16:25:28 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/26 16:23:16 | 000,717,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/26 16:23:16 | 000,618,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/26 16:23:16 | 000,104,340 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/26 16:21:36 | 000,013,180 | ---- | M] () -- C:\Users\Public\Documents\first goored.docx
[2010/08/26 16:19:41 | 000,013,631 | ---- | M] () -- C:\Users\Public\Documents\second OTM.docx
[2010/08/26 16:18:34 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/26 16:18:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/26 16:18:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/26 16:18:15 | 536,195,071 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/26 16:16:07 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/08/26 16:15:20 | 000,013,664 | ---- | M] () -- C:\Users\Public\Documents\first OTM.docx
[2010/08/26 16:11:53 | 002,321,762 | -H-- | M] () -- C:\Users\Krystine\AppData\Local\IconCache.db
[2010/08/26 16:10:20 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Krystine\Desktop\GooredFix.exe
[2010/08/26 16:08:03 | 000,520,192 | ---- | M] (OldTimer Tools) -- C:\Users\Krystine\Desktop\OTM.exe
[2010/08/26 15:24:44 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/26 08:18:13 | 063,903,826 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/08/23 19:40:44 | 000,000,834 | ---- | M] () -- C:\Users\Krystine\Desktop\PSX emulator.lnk
[2010/08/20 15:10:32 | 000,077,312 | ---- | M] () -- C:\Users\Krystine\Documents\Final Schedule 2010-11.doc
[2010/08/16 09:49:10 | 001,198,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Krystine\Desktop\TDSSKiller.exe
[2010/08/12 20:57:06 | 000,108,840 | ---- | M] () -- C:\Users\Krystine\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/12 20:55:26 | 000,415,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/12 20:28:51 | 000,000,540 | ---- | M] () -- C:\Windows\win.ini
[2010/08/11 20:58:19 | 000,032,768 | ---- | M] () -- C:\Users\Krystine\Documents\resume - old.doc
[2010/08/11 20:46:20 | 000,030,208 | ---- | M] () -- C:\Users\Krystine\Documents\cover letter outline.doc
[2010/07/16 08:30:19 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/07/16 08:30:19 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/07/16 08:29:54 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/07/14 17:01:57 | 000,079,360 | ---- | M] () -- C:\Users\Krystine\Documents\2010-11 timetable.doc
[2010/06/16 14:39:36 | 000,118,353 | ---- | M] () -- C:\Users\Krystine\Documents\sp.docx
[2010/06/03 08:22:09 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/06/02 16:01:42 | 000,012,382 | ---- | M] () -- C:\Users\Krystine\Documents\budget.docx
========== Files Created - No Company Name ==========
[2010/08/26 16:28:44 | 000,293,376 | ---- | C] () -- C:\Users\Krystine\Desktop\gmer.exe
[2010/08/26 16:21:35 | 000,013,180 | ---- | C] () -- C:\Users\Public\Documents\first goored.docx
[2010/08/26 16:19:39 | 000,013,631 | ---- | C] () -- C:\Users\Public\Documents\second OTM.docx
[2010/08/26 16:15:18 | 000,013,664 | ---- | C] () -- C:\Users\Public\Documents\first OTM.docx
[2010/08/26 16:06:08 | 000,001,960 | ---- | C] () -- C:\Users\Krystine\Desktop\NTREGOPT.LOC
[2010/08/26 16:06:07 | 000,163,328 | ---- | C] () -- C:\Users\Krystine\Desktop\ERDNT.E_E
[2010/08/26 16:06:07 | 000,157,696 | ---- | C] () -- C:\Users\Krystine\Desktop\ERUNT.EXE
[2010/08/26 16:06:07 | 000,140,288 | ---- | C] () -- C:\Users\Krystine\Desktop\NTREGOPT.EXE
[2010/08/26 16:06:07 | 000,038,912 | ---- | C] () -- C:\Users\Krystine\Desktop\AUTOBACK.EXE
[2010/08/26 16:06:07 | 000,005,417 | ---- | C] () -- C:\Users\Krystine\Desktop\LOC_GER.ZIP
[2010/08/26 16:06:07 | 000,004,090 | ---- | C] () -- C:\Users\Krystine\Desktop\ERUNT.LOC
[2010/08/26 16:06:07 | 000,003,275 | ---- | C] () -- C:\Users\Krystine\Desktop\ERDNTWIN.LOC
[2010/08/26 16:06:07 | 000,002,815 | ---- | C] () -- C:\Users\Krystine\Desktop\ERDNTDOS.LOC
[2010/08/26 15:24:44 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/23 19:40:44 | 000,000,834 | ---- | C] () -- C:\Users\Krystine\Desktop\PSX emulator.lnk
[2010/08/12 18:17:15 | 000,000,298 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/11 20:46:17 | 000,030,208 | ---- | C] () -- C:\Users\Krystine\Documents\cover letter outline.doc
[2010/07/14 19:50:57 | 000,077,312 | ---- | C] () -- C:\Users\Krystine\Documents\Final Schedule 2010-11.doc
[2010/06/30 03:20:12 | 000,079,360 | ---- | C] () -- C:\Users\Krystine\Documents\2010-11 timetable.doc
[2010/06/16 14:39:33 | 000,118,353 | ---- | C] () -- C:\Users\Krystine\Documents\sp.docx
[2009/12/16 16:47:49 | 000,001,041 | ---- | C] () -- C:\Users\Krystine\AppData\Roaming\vso_ts_preview.xml
[2009/12/16 16:47:21 | 000,000,033 | ---- | C] () -- C:\Users\Krystine\AppData\Roaming\pcouffin.log
[2009/12/16 16:47:12 | 000,099,384 | ---- | C] () -- C:\Users\Krystine\AppData\Roaming\inst.exe
[2009/12/16 16:47:12 | 000,007,859 | ---- | C] () -- C:\Users\Krystine\AppData\Roaming\pcouffin.cat
[2009/12/16 16:47:12 | 000,001,167 | ---- | C] () -- C:\Users\Krystine\AppData\Roaming\pcouffin.inf
[2009/12/15 20:55:10 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/11 01:19:40 | 000,001,169 | ---- | C] () -- C:\Program Files\Serail & Readme.bat
[2009/12/04 17:24:58 | 000,013,425 | ---- | C] () -- C:\Program Files\License Agreement.rtf
[2009/12/04 17:24:58 | 000,000,652 | ---- | C] () -- C:\Program Files\CopyTrans.ris
[2009/12/04 17:24:58 | 000,000,603 | ---- | C] () -- C:\Program Files\INSTALLATION_PROCEDURE.txt
[2009/12/04 15:36:36 | 000,000,017 | ---- | C] () -- C:\Users\Krystine\AppData\Local\resmon.resmoncfg
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2010/04/22 13:27:12 | 000,000,000 | ---D | M] -- C:\Users\Krystine\AppData\Roaming\BSD
[2009/12/06 01:49:39 | 000,000,000 | ---D | M] -- C:\Users\Krystine\AppData\Roaming\DAEMON Tools Lite
[2010/06/15 15:01:01 | 000,000,000 | ---D | M] -- C:\Users\Krystine\AppData\Roaming\Facebook
[2010/08/23 23:11:20 | 000,000,000 | ---D | M] -- C:\Users\Krystine\AppData\Roaming\uTorrent
[2009/12/16 21:30:58 | 000,000,000 | ---D | M] -- C:\Users\Krystine\AppData\Roaming\Vso
[2009/12/04 17:25:09 | 000,000,000 | ---D | M] -- C:\Users\Krystine\AppData\Roaming\WindSolutions
[2010/01/02 20:03:31 | 000,000,000 | ---D | M] -- C:\Users\Krystine\AppData\Roaming\WTouch
[2009/07/14 01:08:49 | 000,011,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/26 16:18:34 | 000,000,298 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/12/04 18:11:15 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/08/23 17:43:07 | 000,000,741 | ---- | M] () -- C:\deltaStartup.log
[2009/12/04 15:46:23 | 000,203,316 | RHS- | M] () -- C:\grldr
[2010/08/26 16:18:15 | 536,195,071 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/08/26 16:18:20 | 2146,586,623 | -HS- | M] () -- C:\pagefile.sys
[2010/08/26 16:23:22 | 000,061,762 | ---- | M] () -- C:\TDSSKiller.2.4.1.2_26.08.2010_16.21.46_log.txt
[2009/12/04 15:46:40 | 000,000,003 | RHS- | M] () -- C:\win7ldr
< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2004/07/26 03:16:40 | 001,117,491 | ---- | M] (DVD Shrink ) -- C:\Program Files (x86)\dvdshrink32setup.exe
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/12/04 15:18:34 | 000,000,221 | -HS- | M] () -- C:\Users\Krystine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2005/10/20 12:04:08 | 000,038,912 | ---- | M] () -- C:\Users\Krystine\Desktop\AUTOBACK.EXE
[2005/10/20 12:00:28 | 000,157,696 | ---- | M] () -- C:\Users\Krystine\Desktop\ERUNT.EXE
[2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Users\Krystine\Desktop\gmer.exe
[2010/08/26 16:10:20 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Krystine\Desktop\GooredFix.exe
[2005/10/20 12:03:08 | 000,140,288 | ---- | M] () -- C:\Users\Krystine\Desktop\NTREGOPT.EXE
[2010/08/26 16:35:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Krystine\Desktop\OTL.exe
[2010/08/26 16:08:03 | 000,520,192 | ---- | M] (OldTimer Tools) -- C:\Users\Krystine\Desktop\OTM.exe
[2010/08/16 09:49:10 | 001,198,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Krystine\Desktop\TDSSKiller.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2010/07/24 13:54:43 | 000,910,296 | ---- | M] (Mozilla Corporation) MD5=BACCDA841C689D1CBA941F478E8ED24B -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
OTL extras:
OTL Extras logfile created on: 8/26/2010 4:39:24 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Krystine\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 76.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.52 Gb Total Space | 277.02 Gb Free Space | 47.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KRYSTINE-PC
Current User Name: Krystine
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
"{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AFA3C5A9-959F-3A6F-9BDC-B20EA563DC23}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
"{CE04D80B-ECEA-3228-4901-78CF0E480CA4}" = ATI Catalyst Install Manager
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6
"{1C80931B-D271-A7E5-06D8-60C4D6DCCE69}" = Catalyst Control Center Graphics Previews Common
"{1FCA1E50-EB4B-1722-1605-721CECC3B6D7}" = Catalyst Control Center Graphics Light
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{382CC0FC-CC76-8BF1-D595-9172077A67AD}" = CCC Help Japanese
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4511950B-88F9-302E-77F2-C953EF8045F8}" = Catalyst Control Center HydraVision Full
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5E1DE2DE-71B7-5C37-A8D2-949C143C863D}" = Catalyst Control Center Graphics Previews Vista
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{72326BD4-7E8C-D36E-AC40-084595B034F6}" = CCC Help Korean
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8DC58529-0378-E6F7-2FC1-3CC62F4F01FF}" = CCC Help Thai
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{93F22EEC-DAD6-1D0D-E208-03FDA1B58F01}" = Catalyst Control Center InstallProxy
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9D608D83-6198-F009-1B50-3A55F937E305}" = CCC Help Chinese Standard
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AD0EE5BD-B8C0-9ACB-678A-C1AD9AC0BA60}" = ccc-core-static
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2580E5E-F617-EAE5-04B2-0C49FAC1E24F}" = Catalyst Control Center Graphics Full Existing
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BF24E54D-77C1-CDF8-054C-133FBB71EE90}" = Catalyst Control Center Graphics Full New
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C07A746C-E1A1-C0C3-A30C-EFB5ECE184C3}" = Catalyst Control Center Core Implementation
"{C2F9FF21-946D-8907-A45B-DF1414F43316}" = Catalyst Control Center Localization All
"{C9018568-C473-4BE3-49B0-D2DC974519C4}" = CCC Help Chinese Traditional
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6F8D4EB-19B5-F561-B3FA-39467F65943F}" = CCC Help English
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"HijackThis" = HijackThis 1.99.1
"hon" = Heroes of Newerth
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pen Tablet Driver" = Pen Tablet
"Soulseek2" = SoulSeek 157 NS 13e
"SpeedFan" = SpeedFan (remove only)
"uTorrent" = µTorrent
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/26/2010 2:33:53 PM | Computer Name = Krystine-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Reseting to Probing: 16 Krystine-PC.local.
AAAA FE80:0000:0000:0000:B8AE:5EC6:599B:792C
Error - 8/26/2010 2:34:25 PM | Computer Name = Krystine-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.25:5353 4 krystine-pc.local.
Addr 192.168.0.25
Error - 8/26/2010 2:34:25 PM | Computer Name = Krystine-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Reseting to Probing: 4 Krystine-PC.local.
Addr 192.168.0.15
Error - 8/26/2010 2:34:25 PM | Computer Name = Krystine-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.25:5353 4 krystine-pc.local.
Addr 192.168.0.25
Error - 8/26/2010 2:34:25 PM | Computer Name = Krystine-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Reseting to Probing: 16 Krystine-PC.local.
AAAA FE80:0000:0000:0000:B8AE:5EC6:599B:792C
Error - 8/26/2010 2:35:29 PM | Computer Name = Krystine-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.25:5353 4 krystine-pc.local.
Addr 192.168.0.25
Error - 8/26/2010 2:35:29 PM | Computer Name = Krystine-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Reseting to Probing: 4 Krystine-PC.local.
Addr 192.168.0.15
Error - 8/26/2010 2:35:29 PM | Computer Name = Krystine-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.25:5353 4 krystine-pc.local.
Addr 192.168.0.25
Error - 8/26/2010 2:35:29 PM | Computer Name = Krystine-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Reseting to Probing: 16 Krystine-PC.local.
AAAA FE80:0000:0000:0000:B8AE:5EC6:599B:792C
Error - 8/26/2010 3:17:29 PM | Computer Name = Krystine-PC | Source = Windows Search Service | ID = 1019
Description =
[ System Events ]
Error - 8/24/2010 8:45:56 PM | Computer Name = Krystine-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 8/24/2010 9:07:56 PM | Computer Name = Krystine-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 8/26/2010 3:19:33 PM | Computer Name = Krystine-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 8/26/2010 3:19:33 PM | Computer Name = Krystine-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 8/26/2010 4:11:13 PM | Computer Name = Krystine-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 8/26/2010 4:13:12 PM | Computer Name = Krystine-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 8/26/2010 4:13:12 PM | Computer Name = Krystine-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 8/26/2010 4:16:06 PM | Computer Name = Krystine-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 8/26/2010 4:18:22 PM | Computer Name = Krystine-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 8/26/2010 4:18:22 PM | Computer Name = Krystine-PC | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
Goored:
GooredFix by jpshortstuff (03.07.10.1)
Log created at 16:21 on 26/08/2010 (Krystine)
Firefox version 3.6.8 (en-US)
========== GooredScan ==========
========== GooredLog ==========
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [20:19 04/12/2009]
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [16:42 30/04/2010]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [23:27 15/12/2009]
C:\Users\Krystine\Application Data\Mozilla\Firefox\Profiles\y53eic8b.default\extensions\
[email protected] [22:50 21/08/2010]
[email protected] [21:02 16/04/2010]
{241aae70-0022-11de-87af-0800200c9a66} [02:46 26/03/2010]
{9f94fab0-58a2-11dd-ae16-0800200c9a66} [02:47 26/03/2010]
{AE93811A-5C9A-4d34-8462-F7B864FC4696} [21:02 16/04/2010]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(Key not found)
-=E.O.F=-
Thank you greatly for taking the time to look at this.