Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirrect Virus


  • This topic is locked This topic is locked

#16
Norade

Norade

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
OTL logfile created on: 7/28/2011 1:34:09 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Jason\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.94 Gb Total Physical Memory | 3.72 Gb Available Physical Memory | 62.66% Memory free
11.87 Gb Paging File | 9.15 Gb Available in Paging File | 77.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 442.48 Gb Total Space | 177.96 Gb Free Space | 40.22% Space Free | Partition Type: NTFS
Drive D: | 22.98 Gb Total Space | 3.36 Gb Free Space | 14.60% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 90.25 Mb Free Space | 91.14% Space Free | Partition Type: FAT32
Drive G: | 465.76 Gb Total Space | 74.48 Gb Free Space | 15.99% Space Free | Partition Type: NTFS

Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/27 15:29:42 | 000,411,432 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/07/24 05:54:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Downloads\OTL.exe
PRC - [2011/06/22 18:07:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/05/03 08:43:14 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2011/04/11 17:54:13 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/04/03 02:45:16 | 000,032,849 | ---- | M] (MyWebSearch.com) -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
PRC - [2011/04/03 02:45:16 | 000,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE
PRC - [2011/03/27 13:18:05 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/01/20 02:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/09/28 15:54:58 | 000,155,648 | R--- | M] (Leithauser Research) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\stle.exe
PRC - [2010/06/01 11:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/02/08 17:48:24 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2009/12/30 13:22:02 | 000,623,368 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
PRC - [2009/12/29 15:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/07/06 10:54:14 | 000,024,576 | R--- | M] (Leithauser Research) -- C:\Windows\wslbtp.exe


========== Modules (SafeList) ==========

MOD - [2011/07/24 05:54:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Downloads\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/22 10:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/18 16:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2010/01/14 00:38:52 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/01/06 02:14:28 | 002,184,496 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/12/30 13:22:12 | 000,444,680 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2009/12/29 15:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/12/16 15:51:46 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 14:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe -- (AESTFilters)
SRV - [2011/07/27 15:29:42 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/03 02:45:16 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/08 17:48:24 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/01/06 01:53:54 | 001,791,280 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe -- (NIS)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 20:58:35 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/02/11 14:27:10 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/01/29 21:30:10 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2010/01/22 10:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/22 09:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/14 00:38:52 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/11 15:31:04 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/07 11:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/07 11:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/01/07 11:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/07 11:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/12/10 20:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/11/27 18:45:00 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/11/20 16:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/30 10:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/29 17:16:41 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/29 17:16:41 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/08/14 10:09:42 | 000,120,960 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbser.sys -- (qcusbser)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 14:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 14:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2010/12/18 04:03:58 | 000,025,280 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2010/01/27 16:48:30 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/02/11 13:33:48] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...m/home?AF=18875
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...F&PC=HPNTDF&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "Google.com"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.33
FF - prefs.js..extensions.enabledItems: [email protected]:10.0.42.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.0.4248
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://search.babylo...rc=toolbar2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jason\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Jason\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011/02/11 14:53:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin [2011/07/27 16:26:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/22 18:07:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/16 13:10:13 | 000,000,000 | ---D | M]

[2011/02/16 20:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2011/06/29 03:22:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\qvavx5z9.default\extensions
[2011/06/22 18:07:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\qvavx5z9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/26 05:28:19 | 000,000,000 | ---D | M] (Gears) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\qvavx5z9.default\extensions\[email protected]
[2011/03/26 05:28:19 | 000,000,000 | ---D | M] (AdobeReader) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\qvavx5z9.default\extensions\[email protected]
[2011/06/06 13:05:18 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\qvavx5z9.default\extensions\[email protected]
[2011/03/24 18:56:17 | 000,001,834 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\qvavx5z9.default\searchplugins\bing.xml
[2011/06/30 03:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/17 12:26:02 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/02/17 13:43:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/19 15:29:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/30 03:45:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/24 17:55:13 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QVAVX5Z9.DEFAULT\EXTENSIONS\[email protected]
[2011/06/22 18:07:35 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/09 21:46:45 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/25 22:31:32 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AdobeReader) - {ABBBDB99-FD20-4E38-A2DE-18D9BB2948CC} - C:\Users\Jason\AppData\Roaming\AdobeReader\IE\AdobeReader.dll (Adobe Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Gears) - {C526C1B5-6BD8-402E-B365-81DD4C97DB17} - C:\Users\Jason\AppData\Roaming\Gears\IE\Gears.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [rltstsp] C:\Windows\rltstsp.exe (Leithauser Research)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TorrentEasy] C:\Program Files (x86)\TorrentEasy\TorrentEasy.exe (Arlington Enterprise Ltd)
O4 - Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.162.111.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/28 04:22:43 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{FE27F890-6F21-422C-9FCA-EBC17DE5197D}
[2011/07/28 03:31:07 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{52EE34DE-B221-4F64-AB8B-D9DCF9DF708A}
[2011/07/27 15:33:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/27 15:30:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{AB6C7470-39B2-4016-B864-CA3FAB84EECE}
[2011/07/27 09:31:52 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{73812142-A44D-466D-8E65-9FB9C798EE72}
[2011/07/26 21:31:40 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{A996591D-8199-4912-8697-0FF7156485C2}
[2011/07/26 15:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/07/26 12:51:57 | 000,000,000 | ---D | C] -- C:\Users\Jason\riotsGamesLogs
[2011/07/26 09:31:16 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{1846086F-D13E-42EB-8ACC-B6E734C52EB8}
[2011/07/25 22:31:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/25 19:13:13 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{034C94B7-0D54-4877-BB25-E8F6D5ED62CB}
[2011/07/25 10:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2011/07/25 07:13:00 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{B8A2D46E-5919-4CCA-B02D-BE33C0C12756}
[2011/07/25 06:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2011/07/25 04:02:07 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{078A424E-50DD-4DD2-A2CB-3BBA50315840}
[2011/07/24 05:46:10 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{23760C01-DAB6-4595-B539-2850BA213B05}
[2011/07/24 05:12:28 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/07/24 05:07:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/24 05:06:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/23 19:58:56 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{19A8BE1E-69FD-47E7-AE3A-54C9CBBB00DE}
[2011/07/23 11:13:43 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Malwarebytes
[2011/07/23 11:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/23 11:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/23 11:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/07/23 11:13:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/07/23 02:25:57 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{746AFD2A-7587-4579-AEFC-C7CE8A72854E}
[2011/07/22 14:25:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{67151589-9B55-4726-8BA3-7AFDC8F4DE09}
[2011/07/22 02:25:34 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{824F5FC3-4171-43CC-8261-4C02636101F0}
[2011/07/21 14:25:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{5550DF0C-157B-4F2C-AF5C-B12D028D771A}
[2011/07/21 02:25:10 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{2676ACEC-ED42-46B6-956E-57F38F5019B1}
[2011/07/20 20:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TimeLock
[2011/07/20 20:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TimeLock
[2011/07/20 19:57:30 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/07/20 19:54:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\WINTT
[2011/07/20 19:32:02 | 000,000,000 | ---D | C] -- C:\lrstl
[2011/07/20 19:31:58 | 000,155,648 | R--- | C] (Leithauser Research) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\stle.exe
[2011/07/20 19:31:58 | 000,155,648 | ---- | C] (Leithauser Research) -- C:\Windows\bltslr.exe
[2011/07/20 19:31:58 | 000,077,824 | ---- | C] (Leithauser Research) -- C:\Windows\rltfd2b.exe
[2011/07/20 19:31:58 | 000,024,576 | R--- | C] (Leithauser Research) -- C:\Windows\wslbtp.exe
[2011/07/20 19:31:58 | 000,024,576 | R--- | C] (Leithauser Research) -- C:\Windows\rltstsp.exe
[2011/07/20 18:23:29 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Folder Lock 6
[2011/07/20 18:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Folder Lock 6
[2011/07/20 14:24:59 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{718DB9C5-C37C-4DE7-8DDD-906823CB49BE}
[2011/07/19 22:13:04 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{52DD5C87-5621-4BC1-9978-9391412B929A}
[2011/07/19 09:33:06 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{E3243C64-0C52-428B-8DC7-E6C2874A7F4A}
[2011/07/18 21:32:54 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{8431F1C7-943B-45DD-8920-9C37C4EBE6B3}
[2011/07/18 09:32:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{2A5B8543-0837-417A-BF6C-C8B7D2926A72}
[2011/07/17 21:32:31 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{596F0136-F7D2-4496-8056-B98D86529E6B}
[2011/07/17 09:32:19 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{73CC92E4-163E-49E6-B1B8-3A7682788A58}
[2011/07/16 23:51:29 | 000,000,000 | ---D | C] -- C:\Users\Jason\FrostWire
[2011/07/16 23:51:20 | 000,000,000 | ---D | C] -- C:\Users\Jason\.frostwire5
[2011/07/16 23:51:17 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
[2011/07/16 23:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FrostWire 5
[2011/07/16 23:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Limewire Plus+
[2011/07/16 23:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Limewire Plus+
[2011/07/16 21:32:07 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{88B269C0-0129-4CE7-B3D9-B3F009B70A80}
[2011/07/16 09:31:56 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{5378AA40-15D3-4C7B-B9AE-3348DB12EC0D}
[2011/07/15 21:31:43 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{1F184AFD-B073-4BBA-BE28-C32AEFF8E431}
[2011/07/15 09:31:32 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{B4012E65-F07A-4BD4-93A1-BB6D2A8F1935}
[2011/07/14 21:31:20 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{9B78B2F8-A63F-4ADD-BC03-BC11BD753707}
[2011/07/14 09:31:09 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{45F6159B-CD04-4B6E-A648-F15B5D4C94DB}
[2011/07/13 21:30:57 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{B3BE9302-D058-4F9E-884F-BE6FEE9A95D1}
[2011/07/13 21:01:02 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Research In Motion
[2011/07/13 21:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion
[2011/07/13 09:30:33 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{F069C106-AA84-45CD-9B10-65F24B16BEAB}
[2011/07/12 21:30:08 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{A434A1E1-48BE-4E9E-99F2-8FFA43EAEE96}
[2011/07/12 09:29:57 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{6277C8FD-139E-4AEB-B6AA-0E6B3758B879}
[2011/07/11 21:29:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{B45BAC17-1CC1-4548-82EB-1295A9BE2CD5}
[2011/07/11 11:48:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011/07/11 11:48:54 | 000,000,000 | ---D | C] -- C:\Fraps
[2011/07/11 09:29:33 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{B0CDCB0C-1C40-4D0C-A0EA-BA69AF560A7A}
[2011/07/10 14:19:02 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{F578E223-E0F8-438C-8F20-29009D2DB8F8}
[2011/07/10 02:18:51 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{794C369F-648B-4DC3-911A-D9F0E912B383}
[2011/07/09 14:18:39 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{0A2B6450-7F78-4C8C-9222-5094AD326A02}
[2011/07/09 02:18:27 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{7AB68BD3-5865-4947-A45D-625619880B97}
[2011/07/08 14:18:15 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{E569C9A4-6165-40C7-8BA9-B842FEDBC968}
[2011/07/08 02:12:13 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{CC9F9D9B-B07E-45FA-8BC3-8D1F7C8F3008}
[2011/07/07 05:22:23 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{BCA3E098-069F-49FA-8C60-6728E280A483}
[2011/07/06 17:22:11 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{9EF4E3BE-6139-45C5-AEDC-75287E4835CC}
[2011/07/06 05:22:00 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{E46BE13C-D6EB-4829-A7FA-757987B16C07}
[2011/07/05 17:21:48 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{811E42BA-34C4-4F3D-AF1E-1B334D9F7E86}
[2011/07/05 05:21:37 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{774232F5-F669-4605-A283-9B4E84584089}
[2011/07/04 17:21:25 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{8BB4E2B6-73D4-4161-A8B6-D5BB9C5BAFD3}
[2011/07/04 05:21:13 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{44B9C750-3CD9-4EF9-9D87-7998EAE65299}
[2011/07/03 17:21:02 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{CE2255F4-CA91-4862-BEAE-C3190C5DE039}
[2011/07/03 16:21:06 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\New folder
[2011/07/03 05:20:50 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{48B327BC-8B63-4E93-A1A7-46020D27C6B3}
[2011/07/02 17:18:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{35602D1C-0208-4D2E-86D4-E1366D10F63D}
[2011/07/02 05:18:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{FC762B5E-E484-49F3-A48F-C6EFF25110DA}
[2011/07/01 17:18:30 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{1F1B8768-7A5C-406B-9482-6271ECA89995}
[2011/07/01 05:18:18 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{BD6E039E-191D-4B97-9333-3CE97205496D}
[2011/06/30 17:18:07 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{C0938452-4AF7-4659-B2F4-7F74BCEFE622}
[2011/06/30 03:45:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/06/30 01:05:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{2204592D-1A40-4D0F-B350-30F41196DC77}
[2011/06/29 13:05:00 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{DB9C22E2-5921-482F-8401-70E85312585A}
[2011/06/29 01:04:35 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{256B26D2-CB25-4089-B29F-E4C6BAA1205D}

========== Files - Modified Within 30 Days ==========

[2011/07/28 13:36:45 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/28 13:36:45 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/28 13:29:18 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/28 13:29:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/28 13:29:08 | 484,855,807 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/28 13:24:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/25 22:31:32 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/07/24 05:43:17 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJason.job
[2011/07/22 18:32:40 | 000,003,364 | ---- | M] () -- C:\Users\Jason\.recently-used.xbel
[2011/07/20 20:32:16 | 000,000,931 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\TimeLock.lnk
[2011/07/20 20:02:11 | 000,000,068 | ---- | M] () -- C:\Windows\mlts.ini
[2011/07/20 19:54:53 | 000,000,071 | ---- | M] () -- C:\Windows\lrltsdi.dat
[2011/07/20 19:54:53 | 000,000,018 | ---- | M] () -- C:\Windows\SysWow64\LRPTLRI.DAT
[2011/07/20 19:54:52 | 000,000,071 | ---- | M] () -- C:\Windows\wptlsuid.dat
[2011/07/20 18:31:48 | 000,001,009 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Folder Lock 6.lnk
[2011/07/20 18:23:33 | 000,197,728 | ---- | M] () -- C:\Windows\WinVd32.sys
[2011/07/20 18:23:32 | 000,007,680 | ---- | M] () -- C:\Windows\SysWow64\WinFLsrv.exe
[2011/07/19 01:05:55 | 000,006,144 | ---- | M] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/18 02:05:09 | 000,010,900 | ---- | M] () -- C:\Users\Jason\Desktop\Food List.odt
[2011/07/18 02:04:45 | 000,008,967 | ---- | M] () -- C:\Users\Jason\Desktop\Budget.odt
[2011/07/18 01:58:26 | 000,013,028 | ---- | M] () -- C:\Users\Jason\Desktop\My Food Guide.odt
[2011/07/16 23:51:17 | 000,001,205 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.0.8.lnk
[2011/07/14 09:46:01 | 000,739,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/14 09:46:01 | 000,637,228 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/14 09:46:01 | 000,114,638 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/13 21:01:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01009.Wdf
[2011/07/13 03:21:42 | 000,402,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/10 08:47:38 | 000,001,431 | ---- | M] () -- C:\Users\Jason\desmume.ini
[2011/07/08 03:48:01 | 000,015,968 | ---- | M] () -- C:\Users\Jason\Documents\NHL Points.odt

========== Files Created - No Company Name ==========

[2011/07/22 18:32:40 | 000,003,364 | ---- | C] () -- C:\Users\Jason\.recently-used.xbel
[2011/07/20 20:32:16 | 000,000,931 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\TimeLock.lnk
[2011/07/20 20:01:56 | 000,000,068 | ---- | C] () -- C:\Windows\mlts.ini
[2011/07/20 19:54:53 | 000,000,071 | ---- | C] () -- C:\Windows\lrltsdi.dat
[2011/07/20 19:54:53 | 000,000,018 | ---- | C] () -- C:\Windows\SysWow64\LRPTLRI.DAT
[2011/07/20 19:54:52 | 000,000,071 | ---- | C] () -- C:\Windows\wptlsuid.dat
[2011/07/20 18:23:33 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys
[2011/07/20 18:23:32 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\WinFLsrv.exe
[2011/07/20 18:23:29 | 000,001,009 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Folder Lock 6.lnk
[2011/07/19 01:04:18 | 000,006,144 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/18 02:04:44 | 000,008,967 | ---- | C] () -- C:\Users\Jason\Desktop\Budget.odt
[2011/07/18 02:03:07 | 000,010,900 | ---- | C] () -- C:\Users\Jason\Desktop\Food List.odt
[2011/07/18 01:35:48 | 000,013,028 | ---- | C] () -- C:\Users\Jason\Desktop\My Food Guide.odt
[2011/07/16 23:51:17 | 000,001,205 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.0.8.lnk
[2011/07/13 21:01:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01009.Wdf
[2011/07/08 03:13:39 | 000,015,968 | ---- | C] () -- C:\Users\Jason\Documents\NHL Points.odt
[2011/06/18 23:44:43 | 000,000,093 | ---- | C] () -- C:\Users\Jason\AppData\Local\fusioncache.dat
[2011/06/18 23:43:10 | 000,747,718 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/17 20:20:54 | 000,000,600 | ---- | C] () -- C:\Users\Jason\AppData\Local\PUTTY.RND
[2011/06/10 20:24:03 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\drivers\GameNT.sys
[2011/05/12 22:27:31 | 000,000,216 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/04/15 07:23:22 | 000,007,597 | ---- | C] () -- C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
[2011/03/01 06:56:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/11 14:30:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/11 14:22:39 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/02/11 14:21:24 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2011/02/11 14:21:24 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/03/08 18:30:36 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/01/27 18:05:52 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/12/30 12:57:04 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApi.dll.hpsign
[2009/12/30 12:57:04 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPClback.dll.hpsign
[2009/12/30 00:36:24 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPPassFilter.dll.hpsign
[2009/12/30 00:36:24 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPCrProv.dll.hpsign
[2009/12/30 00:35:50 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApiUI.dll.hpsign
[2009/11/30 16:55:34 | 000,370,312 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2009/10/26 15:06:08 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2011/05/16 13:10:29 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\acccore
[2011/07/28 13:29:55 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\BitTorrent
[2011/02/16 21:19:11 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\DAEMON Tools Lite
[2011/02/11 15:55:54 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\DigitalPersona
[2011/06/17 20:54:54 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\FileZilla
[2011/03/26 05:28:19 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Gears
[2011/07/24 00:08:42 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\go
[2011/07/24 06:32:25 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\gtk-2.0
[2011/05/01 12:18:21 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ImgBurn
[2011/05/12 22:32:02 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Leadertech
[2011/02/16 20:09:29 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\LolClient
[2011/02/17 14:00:17 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\OpenOffice.org
[2011/05/30 19:04:40 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\PandoraRecovery
[2011/07/13 21:01:02 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Research In Motion
[2011/04/01 18:01:06 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\StreamTorrent
[2011/05/21 20:49:58 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\The Creative Assembly
[2011/03/23 23:40:26 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Unity
[2011/03/22 00:07:00 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\wargaming.net
[2011/05/04 15:15:09 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Windows Live Writer
[2011/07/20 19:54:53 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\WINTT
[2009/07/13 22:08:49 | 000,014,954 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#17
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

how is your system running ?

what are your current issues ?
  • 0

#18
Norade

Norade

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
It's running okay, the redirect is still there though.

Edited by Norade, 29 July 2011 - 12:36 AM.

  • 0

#19
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#20
Norade

Norade

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software
Run date: 2011-07-24 17:47:48
-----------------------------
17:47:48.935 OS Version: Windows x64 6.1.7600
17:47:48.936 Number of processors: 8 586 0x1E05
17:47:48.937 ComputerName: JASON-PC UserName: Jason
17:47:50.679 Initialize success
17:49:18.220 AVAST engine defs: 11072401
17:49:31.339 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:49:31.345 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
17:49:31.351 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
17:49:31.357 Disk 1 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
17:49:31.375 Disk 0 MBR read successfully
17:49:31.382 Disk 0 MBR scan
17:49:31.393 Disk 0 unknown MBR code
17:49:31.401 Service scanning
17:49:32.574 Modules scanning
17:49:32.580 Disk 0 trace - called modules:
17:49:32.608 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
17:49:32.614 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800663b060]
17:49:32.620 3 CLASSPNP.SYS[fffff88001af343f] -> nt!IofCallDriver -> [0xfffffa80064bdb10]
17:49:32.629 5 hpdskflt.sys[fffff88001a9a289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006303050]
17:49:34.951 AVAST engine scan C:\Windows
17:49:37.718 AVAST engine scan C:\Windows\system32
17:49:45.867 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Malware-gen
17:50:52.411 AVAST engine scan C:\Windows\system32\drivers
17:51:01.695 AVAST engine scan C:\Users\Jason
17:52:02.642 File: C:\Users\Jason\AppData\Local\Temp\Temp1_Software_time_lock_6_8_serials_key.zip\Software_time_lock_6_8_serials_key.exe **INFECTED** Win32:Trojan-gen
17:54:19.928 AVAST engine scan C:\ProgramData
17:57:59.547 Scan finished successfully
18:13:15.073 Disk 0 MBR has been saved successfully to "C:\Users\Jason\Downloads\MBR.dat"
18:13:15.082 The log file has been saved successfully to "C:\Users\Jason\Downloads\aswMBR.txt"


aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software
Run date: 2011-07-29 11:24:26
-----------------------------
11:24:26.744 OS Version: Windows x64 6.1.7600
11:24:26.744 Number of processors: 8 586 0x1E05
11:24:26.745 ComputerName: JASON-PC UserName: Jason
11:24:28.411 Initialize success
11:25:54.081 AVAST engine defs: 11072900
11:39:13.225 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:39:13.231 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
11:39:13.238 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
11:39:13.246 Disk 1 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
11:39:13.260 Disk 0 MBR read successfully
11:39:13.268 Disk 0 MBR scan
11:39:13.278 Disk 0 unknown MBR code
11:39:13.287 Service scanning
11:39:14.341 Modules scanning
11:39:14.352 Disk 0 trace - called modules:
11:39:14.385 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
11:39:14.397 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80083c2060]
11:39:14.408 3 CLASSPNP.SYS[fffff88001add43f] -> nt!IofCallDriver -> [0xfffffa80064c1b10]
11:39:14.427 5 hpdskflt.sys[fffff88001a84289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006323050]
11:39:16.053 AVAST engine scan C:\Windows
11:39:19.412 AVAST engine scan C:\Windows\system32
11:39:28.541 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Malware-gen
11:40:43.207 AVAST engine scan C:\Windows\system32\drivers
11:40:54.817 AVAST engine scan C:\Users\Jason
11:45:00.459 AVAST engine scan C:\ProgramData
11:49:14.468 Scan finished successfully
14:08:28.319 Disk 0 MBR has been saved successfully to "C:\Users\Jason\Downloads\MBR.dat"
14:08:28.326 The log file has been saved successfully to "C:\Users\Jason\Downloads\aswMBR.txt"
  • 0

#21
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\Windows\system32\consrv.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.
  • 0

#22
Norade

Norade

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ran the program, it seems to have fixed things. I can't find the log though.
  • 0

#23
Norade

Norade

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Nope, I was wrong. The redirect is still there.
  • 0

#24
Norade

Norade

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I also have something called STELP as well as another application that is listed as plts running as applications I can't shut down. They appear to be connected to a process that is called stle.exe
  • 0

#25
Norade

Norade

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I'm just going to do a clean install with my safe and secure data on my data drive. That should fix things.
  • 0

Advertisements


#26
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

let me know your final decision.
  • 0

#27
Norade

Norade

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Well the situation has gotten worse, I can't change my firewall settings. The redirect isn't going away and half the fixes I've tried just cause a crash on restart that requires a system restore. I think a fresh start with data I know is clean being saved to a non-primary drive is my best bet. If not I'll take the PC in and get a factory install under my warranty.
  • 0

#28
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Ok thanks for letting me know.

you can post again if you need any assistance.
  • 0

#29
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP