Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Search engine redirects


  • This topic is locked This topic is locked

#1
Sustentacular

Sustentacular

    New Member

  • Member
  • Pip
  • 5 posts
A few days ago, while on the computer, I got a message that an unauthorized change was made to Windows. I ran Avast and MBAM and discovered a trojan of some sort and had those programs clean it up. Well, I thought that fixed it since I got no more messages about unauthorized changes, until I tried to use a search engine and got redirected all over the place. Avast couldn't detect anything and neither could MBAM until I updated it. Rather than try to remove them again and cause more problems, I came here and tried out the google redirect guide, but tdss killer couldn't find anything to fix. I figure I'd better ask now for help before I turn my computer into a pile of useless junk. Please help! Here's what MBAM found:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7787

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

9/24/2011 7:33:33 AM
mbam-log-2011-09-24 (07-33-28).txt

Scan type: Quick scan
Objects scanned: 181401
Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> No action taken.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Value: (default) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Kat \AppData\Local\av.exe" /START "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements


#2
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello Sustentacular and welcome to GeeksToGo :)

I'm Homburg and I'm going to help you fix your problem.

Note that I'm currently in training and my posts have to be approved by an expert before I reply.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • Please do not try to fix anything without being asked
  • Please continue to follow my instructions until I tell you your machine is clean. Absence of symptoms does not mean that everything is clear.
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.

Please do the following:


Step 1:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


Step 2:

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Step 3:

Please remember to post:
OTL scan log
OTL extras log
asw Scan log

Homburg
  • 0

#3
Sustentacular

Sustentacular

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Homburg, here's the OTL logs. Unfortunately when I tried aswMBR.exe, it bluescreened saying "driver irql not less or equal" and rebooted, so no log for that one.

OTL:

OTL logfile created on: 9/27/2011 2:35:00 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Kat \Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 44.51% Memory free
7.70 Gb Paging File | 5.42 Gb Available in Paging File | 70.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.65 Gb Total Space | 286.05 Gb Free Space | 63.20% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 2.04 Gb Free Space | 15.56% Space Free | Partition Type: NTFS

Computer Name: KAT-PC | User Name: Kat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/27 14:33:29 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Kat \Desktop\OTL.exe
PRC - [2011/09/24 07:36:58 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/11 18:29:11 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011/03/11 18:28:53 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/10/07 07:46:02 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\DNA\btdna.exe
PRC - [2009/01/09 19:12:30 | 001,901,280 | ---- | M] (Cisco Systems, Inc) -- C:\Program Files (x86)\Cisco Systems\Clean Access Agent\CCAAgent.exe
PRC - [2008/12/25 16:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 16:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/02 22:28:22 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/11/28 21:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/24 07:36:57 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/10 06:28:23 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/21 14:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/20 13:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 13:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 13:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2008/12/25 16:41:24 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/09/15 10:13:38 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\richvideops.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2008/12/10 10:04:58 | 000,935,424 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/10/15 07:39:52 | 000,279,040 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_5730ce9f\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/10/15 07:39:50 | 000,089,088 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_5730ce9f\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 19:25:40 | 000,023,040 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 15:11:30 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/03/11 18:29:11 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/03/11 18:28:53 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/12/02 22:28:22 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 16:38:18 | 000,601,944 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 16:38:16 | 000,301,912 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 16:36:41 | 000,058,200 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 16:36:41 | 000,042,328 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 16:36:30 | 000,065,368 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 16:36:14 | 000,024,408 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/10/21 16:11:04 | 000,097,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/19 20:24:34 | 000,074,960 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/02/06 23:04:02 | 000,312,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/02/06 23:04:01 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/17 16:34:22 | 001,526,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/12/10 11:31:26 | 004,993,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/11/10 16:26:30 | 000,184,832 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/10/15 07:39:54 | 000,465,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/07/21 05:53:04 | 000,145,496 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/06/23 07:54:02 | 000,099,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/23 07:54:02 | 000,091,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/06/23 07:54:02 | 000,019,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/05/28 17:54:18 | 000,026,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/04/28 01:25:06 | 000,016,400 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/03/31 05:36:18 | 000,195,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/03/27 15:10:56 | 000,026,984 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 15:10:14 | 000,040,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 18:59:32 | 001,252,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/24 08:24:24 | 000,060,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 22:46:52 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2007/06/20 20:57:36 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/11/28 21:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/04/17 14:18:27] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 30 B6 F8 0D 16 31 41 40 B9 A2 CF 08 02 41 B4 86 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 30 B6 F8 0D 16 31 41 40 B9 A2 CF 08 02 41 B4 86 [binary data]

IE - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 30 B6 F8 0D 16 31 41 40 B9 A2 CF 08 02 41 B4 86 [binary data]
IE - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:2.22.5

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/24 07:36:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/10 06:29:52 | 000,000,000 | ---D | M]

[2010/11/18 23:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kat \AppData\Roaming\Mozilla\Extensions
[2010/11/18 23:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kat \AppData\Roaming\Mozilla\Extensions\MediaCoder-Setup-Wizard
[2011/09/24 07:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kat \AppData\Roaming\Mozilla\Firefox\Profiles\abyjtrcm.default\extensions
[2010/05/09 10:57:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kat \AppData\Roaming\Mozilla\Firefox\Profiles\abyjtrcm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/24 07:37:16 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Kat \AppData\Roaming\Mozilla\Firefox\Profiles\abyjtrcm.default\extensions\[email protected]
[2011/05/01 20:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/06 17:32:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/20 00:45:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/09/24 07:36:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/10/28 21:24:32 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files (x86)\mozilla firefox\plugins\NPTURNMED.dll
[2011/09/24 07:36:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/24 00:19:45 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{693D1A46-98CA-45EC-A086-75F86574466F}: DhcpNameServer = 168.94.0.14 168.94.0.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D42046B5-1558-4494-8FF0-539C8096E615}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\MysteriousWaves2.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\MysteriousWaves2.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/27 14:33:23 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Kat \Desktop\OTL.exe
[2011/09/27 14:31:37 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Kat \Desktop\aswMBR.exe
[2011/09/24 00:55:09 | 000,000,000 | ---D | C] -- C:\Users\Kat \Desktop\tdsskiller
[2011/09/24 00:53:28 | 000,000,000 | ---D | C] -- C:\Users\Kat \Desktop\GooredFix Backups
[2011/09/24 00:10:15 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/09/24 00:07:29 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Kat \Desktop\GooredFix.exe
[2011/09/24 00:07:00 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\Kat \Desktop\OTM.exe
[2011/09/10 06:29:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2011/09/27 14:33:29 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Kat \Desktop\OTL.exe
[2011/09/27 14:31:53 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Kat \Desktop\aswMBR.exe
[2011/09/27 12:47:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/27 09:13:17 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 09:13:17 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/24 00:56:51 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/24 00:56:51 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/24 00:56:51 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/24 00:56:33 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/09/24 00:49:41 | 4024,258,560 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/24 00:48:52 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/09/24 00:08:03 | 001,528,215 | ---- | M] () -- C:\Users\Kat \Desktop\tdsskiller.zip
[2011/09/24 00:07:30 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Kat \Desktop\GooredFix.exe
[2011/09/24 00:07:05 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\Kat \Desktop\OTM.exe
[2011/09/10 06:44:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/09/10 06:29:52 | 000,001,877 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/06 16:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/09/06 16:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/06 16:45:17 | 000,254,400 | ---- | M] () -- C:\Windows\SysNative\aswBoot.exe
[2011/09/06 16:38:18 | 000,601,944 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/09/06 16:38:16 | 000,301,912 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/09/06 16:36:41 | 000,058,200 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/09/06 16:36:41 | 000,042,328 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/09/06 16:36:30 | 000,065,368 | ---- | M] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/09/06 16:36:14 | 000,024,408 | ---- | M] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/08/31 23:33:38 | 001,075,118 | ---- | M] () -- C:\Users\Kat \Documents\Little Sister.pdf
[2011/08/31 17:10:10 | 000,079,872 | ---- | M] () -- C:\Users\Kat \Documents\Okami-Amaterasu.pdf
[2011/08/31 17:08:19 | 000,048,396 | ---- | M] () -- C:\Users\Kat \Documents\Okami.pdf
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/09/24 00:07:52 | 001,528,215 | ---- | C] () -- C:\Users\Kat \Desktop\tdsskiller.zip
[2011/08/31 23:33:38 | 001,075,118 | ---- | C] () -- C:\Users\Kat \Documents\Little Sister.pdf
[2011/08/31 17:10:10 | 000,079,872 | ---- | C] () -- C:\Users\Kat \Documents\Okami-Amaterasu.pdf
[2011/08/31 17:08:19 | 000,048,396 | ---- | C] () -- C:\Users\Kat \Documents\Okami.pdf
[2011/04/17 03:31:11 | 000,000,680 | ---- | C] () -- C:\Users\Kat \AppData\Local\d3d9caps.dat
[2011/03/10 12:38:41 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/10 12:38:39 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/03/10 12:38:39 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/04/09 19:01:33 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\ptime.dat
[2010/03/01 00:31:49 | 000,010,066 | -HS- | C] () -- C:\Users\Kat \AppData\Local\0Mp8n7BDj1d
[2010/01/26 19:58:40 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2009/12/29 06:25:09 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/27 14:17:31 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/06/22 18:24:56 | 000,083,968 | ---- | C] () -- C:\Users\Kat \AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/17 17:12:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/03/07 05:48:39 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/03/07 05:48:39 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/03/07 04:41:40 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/12/10 09:28:16 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003/01/29 20:39:40 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\dcfft2.dll

========== LOP Check ==========

[2009/11/27 19:30:11 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\Any Video Converter
[2011/06/24 04:08:32 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\BitTorrent
[2010/11/19 00:56:11 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\Broad Intelligence
[2009/06/05 14:00:47 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\CiscoCAA
[2011/09/27 14:37:26 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\DNA
[2010/05/15 08:52:40 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\EurekaLog
[2010/11/19 01:11:29 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\foobar2000
[2011/03/06 19:45:11 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\MotioninJoy
[2011/07/24 23:14:15 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\muvee Technologies
[2010/02/20 11:53:15 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\PlayFirst
[2010/05/08 21:12:37 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\RiffTrax
[2010/04/10 21:46:05 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\Tams11
[2011/01/20 15:17:26 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\The Longest Journey
[2011/01/15 16:52:09 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\The Longest Journey Demo
[2011/03/06 14:25:20 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\Ubisoft
[2011/09/24 00:48:52 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >


< MD5 for: EXPLORER.EXE >
[2009/03/07 06:26:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2009/03/07 06:26:06 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe
[2009/03/07 06:26:06 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009/03/07 06:26:07 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009/03/07 06:26:06 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/03/07 06:26:07 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2009/03/07 06:26:06 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe
[2009/03/07 06:26:06 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009/03/07 06:26:06 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009/03/07 06:26:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] () MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/24 07:36:54 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/24 07:36:54 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/24 07:36:54 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/09/24 07:36:58 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/09/24 07:36:58 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/24 07:36:58 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2008/01/20 22:49:18 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2008/01/20 22:49:18 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2008/01/20 22:49:18 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Users\Kat \AppData\Local\av.exe" /START "C:\Program Files (x86)\Internet Explorer\iexplore.exe"

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2008/01/20 22:48:18 | 000,084,992 | ---- | M] ()
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2008/01/20 22:48:18 | 000,084,992 | ---- | M] ()
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2008/01/20 22:48:18 | 000,084,992 | ---- | M] ()
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2010/12/20 11:42:20 | 000,634,648 | ---- | M] (Microsoft Corporation)

< End of report >

Extras:

OTL Extras logfile created on: 9/27/2011 2:35:00 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Kat \Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 44.51% Memory free
7.70 Gb Paging File | 5.42 Gb Available in Paging File | 70.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.65 Gb Total Space | 286.05 Gb Free Space | 63.20% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 2.04 Gb Free Space | 15.56% Space Free | Partition Type: NTFS

Computer Name: KAT-PC | User Name: Kat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2087814565-1624744861-2481495965-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04ABD882-B1D0-4CD7-AFE5-1215B015A392}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\farcry2.exe |
"{04F351AF-31FC-4C1B-A09D-F93E1B28BD1D}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{0CAE5FC4-2CEF-42D8-B98B-E5512879DD63}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0CF617FE-7E05-479E-8D6B-F7601E554F6B}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{135D3016-C02D-43ED-8A61-1D69816B61CD}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{139F10C3-3CF5-4A1A-B4D6-2AEB301EDCEA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the longest journey\game.exe |
"{14EB5014-D738-4D10-8A2E-F6EB500FDD98}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{16198324-87D7-4931-861E-D5B65E0FE4AF}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{17611712-CDB6-4C8A-875C-C36056FA5C97}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{1935EDFA-AF02-4B19-BEDA-036F35EC3087}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{1C4648B2-F064-4249-A83B-BFA9AD927E5D}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{1D3CB0D3-EDF3-4183-A72A-1A012D11DC25}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{1D89530C-FD9E-4FEC-9614-9E19C7550E71}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1FB9F4DE-8350-4A53-A69B-3605051C6BDE}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{20EEE6B0-E8F2-4AB7-BA99-06736C1B70CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe |
"{21D62755-FD7E-4C40-A606-54776A5AB619}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{2251638C-70A6-47A4-9E76-A2D44A8127EF}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{2876004C-81AC-4EE5-BB72-35980B532D21}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{2C61ECFD-6F7E-4B37-A449-1B11F294A991}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2E9C2CB6-03C1-45BE-9DB6-F3A683FD7F27}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{324A697A-6F9D-441D-9CED-D3DE777E1E1E}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{3353F790-5C1E-47BF-A637-46D2F5D59D4E}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{345B9560-AF66-4D0C-B3D1-BACDB0EF85C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{3601A0DA-11EC-4C80-8153-3A548FC429E8}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{38D41994-191A-4EDB-BBEC-6B69BD9BCEC7}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{3951C982-D95B-4A22-B2F8-7DCD7914CE96}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{39D4C38D-4778-4AEC-93BE-8F22146D54D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe |
"{3C08A460-2444-4462-979B-CEAE4FE718B0}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{3F4C8400-1D86-495B-A3E4-647892629218}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{4CCF2772-56CA-4E32-8810-9B30A15DA9F9}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{4D4485BD-08A7-4180-9FEB-BF91ED5170C7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{4D4C8CF7-98BA-4D5C-A1D0-97F1D88E5AA3}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{563E30E7-2D57-4091-987D-BF7911F349EB}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{5ABF0090-6A94-4B30-8B20-F29A14C822D1}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{5C8D8079-ECD9-4D0B-A303-1419D73BF3E4}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{5D3B037D-1EA7-4C8E-BEE4-5A0672CCC1B0}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{69C4D4FE-B137-4022-B2F5-5C3754643C4B}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{6ACCB049-D3B8-4098-BFD7-FB1B773278DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of juarez - bound in blood\cojbibgame_x86.exe |
"{6B44406D-0482-4A0F-9D92-7B04FEA10D36}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe |
"{6C50DC09-502F-47AC-82D6-2FF351C1A7CE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{6EE424F4-638C-4E3C-8C78-555203B403DE}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{72E80EAB-12A1-4719-BB9A-869EC6748D55}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\farcry2.exe |
"{7844CE44-F351-4AAE-97D6-D1F9C1220D0E}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{79122230-822E-4651-BDFF-183CB7DBB6FF}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{7BA10EF4-7CD7-484D-80AB-40029C7CF274}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{7C4E7C13-900E-4559-89D1-266038B2B21C}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{7D80FF84-1005-45C9-BCC7-625C711B36D4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dreamfall the longest journey\dreamfall.exe |
"{7DAA4105-427D-400A-BB33-2A632DD26760}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{7FD2CBD5-263B-4DB3-A820-6420F94D304D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{82FC3030-B519-4378-8440-4C537C3D547B}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{863B76CB-7DDC-4864-A2D2-A41ED41F5F66}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{8C91665C-8D72-4D10-92BE-96D9D5E9B5E8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8E4A5E29-4EF3-43D3-B261-A605967B097E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{8E8B2B49-1541-4831-8841-A287B6F26760}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{90D9A962-D3F0-426C-B649-CDFF1D9852EA}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{9127CAD2-6FA9-496D-9914-A1387092887B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{91E575AE-6B0E-418F-949D-964A550A8AA6}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{94F6187E-7671-49FC-9D0F-F3DAA8CF7AD4}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{977C54FC-42E1-4FE5-B15C-915A526B1E3C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{998315F4-6E8C-44CB-BAE3-405B8B5D020E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{99979CCA-9FD6-41A8-8A82-E3A9D447A8C5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{99C76B42-F5B3-4FE0-8315-AF3CAD1AF285}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{9DC0BFD2-22FA-493E-A4B8-D0F06B9C41D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2editor.exe |
"{9F9FB023-CF2E-4195-9204-AE119BB27BCD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{A191FB54-6242-4DFC-8BA4-BF96FB013E80}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{B073181C-7270-4E48-8531-C44EC43B9BCF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{B4260A7F-5834-4E7D-B341-6CE6A4DE5A2E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of juarez - bound in blood\cojbibgame_x86.exe |
"{B591185F-3886-4B1D-B50B-FDEFD14A1ED8}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{BBEFFB64-B8F9-437B-9023-CC00392E02F3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BFCFD626-35A5-417C-8352-0F1569AC6D75}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{C1ECD105-2BBE-4A4E-9CCF-CCEB8220A5E2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{C23C290E-0469-49ED-9919-6B01F4DA595D}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{C600F85E-FD75-4E49-8CE3-AE7B8BA5FD4E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C848017D-8E1F-49B1-A80F-528789A1F633}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{CA097389-AEDA-48B8-BF95-4F398563F38E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{CB5B51D2-EAF1-4025-ADA8-BA00C1812DAB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{D13B6F98-5CA4-423B-88BC-9A73159974B8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D5F55532-13DB-4893-A5D9-D28532017CB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dreamfall the longest journey\dreamfall.exe |
"{DA25716D-8178-40D4-AF04-238D8342DBFE}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{DC7A3664-14CB-4304-8547-F15163192E12}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{DE86D8FF-C84E-4EFF-8313-0AA9739C93A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the longest journey\game.exe |
"{DFE4518B-4D41-4940-A131-3923363CCBDF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{E323853C-A5F5-427E-9D06-F564CB766831}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{E9AB0EEB-4A0A-429C-9B62-926549280795}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe |
"{EAE8A95E-F430-4E72-8F13-6AA9B0C6F31D}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{EDAD50F0-DB35-41BE-98D5-665E1128F0A4}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{EE8C8FAF-58F0-4E7B-89AC-7702986F9B62}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{EEF022C4-E146-4651-8A2D-70A295F492A7}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{EFC8C6B8-8E67-469E-84A3-190623946BC0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2editor.exe |
"{F31EB184-E968-4ADA-A8A3-913454C89897}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{F4E82FDF-75BD-42F6-8301-1E9E90F1BA81}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{FBB7062E-12F0-4330-BE34-BE1876079A8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{FD4B04EF-1954-43A7-B75F-3AEA6D9D4E24}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"TCP Query User{58EB0669-AD26-44AC-AA88-7CB5CC37C9E5}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{AF4363E6-882C-48C4-8E8E-0BC49000510C}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0001
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{B87BB2A8-5921-9B18-BBB5-D9A42F9CD3E1}" = ccc-utility64
"{C6CFAF5A-12F9-485E-EAD7-7FA1D3E5B943}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002471C5-6F62-D6CD-D6E5-A0F20F079B8B}" = Catalyst Control Center Localization Polish
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{03819281-0870-65EE-24B0-A7DEDE9F796A}" = Catalyst Control Center Localization Chinese Traditional
"{04010300-6D72-4D54-8686-91D884A27B5C}" = Cisco Clean Access Agent
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04F66470-CEA7-BF9A-1885-8E1A3474825A}" = CCC Help Danish
"{08062F2F-926A-D7EC-57E9-AB97AA0D7FDA}" = CCC Help Finnish
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0CAB8CDF-232E-F28F-A017-B388F41FACCB}" = CCC Help Portuguese
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{150FE68F-EE0C-4867-150A-D74FECBB8448}" = Catalyst Control Center Graphics Light
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{2680244D-0FBA-4856-EBE3-9D67E61EB46F}" = Catalyst Control Center Localization Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 23
"{2BDFE775-48C0-3E1C-895C-DACC33CC52F0}" = Catalyst Control Center Localization Greek
"{2DAD2930-DFC1-AD0F-E63D-B3E95451CD68}" = CCC Help Greek
"{2F59397E-50B1-3CA6-2F8C-03773D40BE3B}" = Catalyst Control Center Graphics Full New
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{35CC44E6-5916-89DC-16B6-7ADE609211CE}" = Catalyst Control Center Localization Finnish
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3A9C19FE-D61C-50DA-6FAF-7FB941B538A0}" = Catalyst Control Center Localization French
"{3BAB23A6-5272-F52D-1AF0-29419F1362B4}" = Catalyst Control Center Localization Italian
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{445F6483-40DC-61B5-849D-35274D96DBA3}" = Catalyst Control Center Localization Czech
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A239818-F5F7-7AE8-9FD3-08F435ED88D0}" = Skins
"{4C17CE6E-4838-819F-01BE-7EEE6181914A}" = Catalyst Control Center Localization Norwegian
"{4C4EA31F-AE29-2517-5E92-3EFB1FD7B896}" = CCC Help Hungarian
"{527CF1CA-D98B-504D-833B-69DA9A8A5AD6}" = CCC Help Czech
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5B99A0A7-0B21-2CD6-474D-8D67177BD4D6}" = Catalyst Control Center Localization Dutch
"{5CFE0191-1ECE-7BD5-8AEF-069ED59A01BB}" = Catalyst Control Center Localization Korean
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6244BAF3-F26D-A695-1EF6-D9A3C0A6DAA1}" = Catalyst Control Center Graphics Previews Common
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{6570A194-A52D-9F23-EA48-90D7C6F20BE9}" = Catalyst Control Center Localization Swedish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{666F0B45-78DA-FAA3-AB14-43CAEEA3D475}" = Catalyst Control Center Localization Russian
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66B6555E-07BF-3FCB-191F-BCD75650F1F2}" = CCC Help Italian
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{67F6A6BA-E225-4BF5-8E7C-BB4AE25EDCBC}" = Catalyst Control Center InstallProxy
"{69E1907C-E9EA-7A5A-79ED-47FF2B5BFDFB}" = Catalyst Control Center Localization Danish
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{75D0438A-55FB-DD38-0745-5D370179CAC7}" = CCC Help French
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{793C0C7E-7977-C9B5-B427-FDF95F2D1636}" = Catalyst Control Center Localization Hungarian
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{7CA1269D-86E6-91A8-DD66-9CF6838821BF}" = Catalyst Control Center Localization Portuguese
"{812C53D9-39EC-0511-04E4-5430A4747FB5}" = CCC Help German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{A1940302-F0F9-132F-C521-A5D0E24FAC1D}" = CCC Help Thai
"{A2315CF8-E14F-FA46-B1F1-20E0E5483ADB}" = Catalyst Control Center Localization Thai
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A8411EDB-6A00-8D1A-584B-7A932F44A0C9}" = CCC Help Japanese
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC5CD4CF-3802-623E-AD97-D188785EF411}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B9275904-9237-94A3-2144-E3D6A62B57E9}" = CCC Help Turkish
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C48EB957-0CCB-D590-AB3F-B3F8A14ECC2F}" = Catalyst Control Center Graphics Full Existing
"{C4B3A7F9-5CD8-4608-B623-689CA3604A08}" = RiffTrax DVD Player
"{C4CF43CE-94AE-498E-9EB1-C804E05CB3CA}" = HP User Guides 0125
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBA7FD59-19A7-5724-5646-CF307326CC18}" = Catalyst Control Center Core Implementation
"{CC7A4274-E6F2-2351-DA6A-07AB73896609}" = CCC Help Norwegian
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CD7D2C01-F3C8-4127-325D-49853FCCDB62}" = Catalyst Control Center Localization German
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D1E7EA15-5F96-728C-AF32-E1CFF8F9CE44}" = CCC Help Swedish
"{D47419B2-62BD-6B53-A96F-7E2F6F3D50C0}" = Catalyst Control Center Localization Turkish
"{D62C79B5-44E0-DEC0-AF01-6A1404E093E9}" = CCC Help Spanish
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E12F2B78-CF64-2438-391F-3D3411A6E193}" = CCC Help English
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5C3A144-0F9B-8F3E-F1A3-2BB7B26014A6}" = ccc-core-static
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E8B11A27-5CA6-748E-0F68-159CCF789DF3}" = CCC Help Dutch
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{ED65A382-3F80-D5A8-CCE0-DAB59D85CA91}" = CCC Help Russian
"{EDBB71B2-3C17-4EA5-ED91-E2EA5C2305CF}" = CCC Help Korean
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F250EA7A-F117-2CCE-03E7-BB62C2BF476C}" = Catalyst Control Center Graphics Previews Vista
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F38CC586-4703-CE3C-F466-D7821E87926A}" = Catalyst Control Center Localization Chinese Standard
"{F62F62BD-E5C5-56E3-6CF6-00407B743E32}" = CCC Help Chinese Traditional
"{FAF7448B-7AB8-8C58-745E-1551CB481C3D}" = CCC Help Chinese Standard
"{FDE3DBB7-AA79-AA91-ABE9-3696883FAB20}" = Catalyst Control Center Localization Japanese
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 2.7.9
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DS-Monkey Audio Source" = DS-Monkey Audio Source 1.00
"EKS Crocotile" = EKS Crocotile
"EKS Descartes Enigma" = EKS Descartes Enigma
"EKS Inspector Lestrade" = EKS Inspector Lestrade
"EKS Knarly Combs" = EKS Knarly Combs
"EKS Knarly Gridlock" = EKS Knarly Gridlock
"EKS Knarly Hexes" = EKS Knarly Hexes
"EKS Mrs. Hudson" = EKS Mrs. Hudson
"ERUNT_is1" = ERUNT 1.1j
"foobar2000" = foobar2000 v1.1.1
"HandAndFoot_is1" = Hand And Foot 1.0.8.7
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP.MediaSmartSlingPlayer_is1" = HP MediaSmart SlingPlayer
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"LunaPix_is1" = LunaPix demo version 0.900
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"Parchisi_is1" = Parchisi 1.0.14.11
"PunkBusterSvc" = PunkBuster Services
"RiffTrax DVD Player" = RiffTrax DVD Player
"SlitherQuest_is1" = SlitherQuest demo version 0.910
"Snerks_is1" = Snerks 1.2.0.0
"Steam App 15100" = Assassin's Creed
"Steam App 15120" = Tom Clancy's Rainbow Six: Vegas 2
"Steam App 19900" = Far Cry 2
"Steam App 21980" = Call of Juarez: Bound in Blood
"Steam App 6300" = Dreamfall: The Longest Journey
"Steam App 6310" = The Longest Journey
"Tams11 Software Gaming Lobby_is1" = Tams11 Software Gaming Lobby 1.7.8.15
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WildTangent hp Master Uninstall" = My HP Games

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2087814565-1624744861-2481495965-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/15/2011 3:52:25 AM | Computer Name = Kat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/15/2011 3:52:25 AM | Computer Name = Kat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1123

Error - 9/15/2011 3:52:25 AM | Computer Name = Kat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1123

Error - 9/15/2011 4:07:53 AM | Computer Name = Kat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/15/2011 4:07:53 AM | Computer Name = Kat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 929298

Error - 9/15/2011 4:07:53 AM | Computer Name = Kat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 929298

Error - 9/15/2011 4:07:54 AM | Computer Name = Kat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/15/2011 4:07:54 AM | Computer Name = Kat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 930515

Error - 9/15/2011 4:07:54 AM | Computer Name = Kat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 930515

Error - 9/15/2011 4:07:56 AM | Computer Name = Kat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ System Events ]
Error - 9/23/2011 10:21:27 PM | Computer Name = Kat-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 9/23/2011 10:24:26 PM | Computer Name = Kat-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 9/24/2011 12:13:00 AM | Computer Name = Kat-PC | Source = HTTP | ID = 15016
Description =

Error - 9/24/2011 12:17:40 AM | Computer Name = Kat-PC | Source = HTTP | ID = 15016
Description =

Error - 9/24/2011 12:22:01 AM | Computer Name = Kat-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FB103C&REV_00\4&2a995034&0&0028)
disappeared from the system without first being prepared for removal.

Error - 9/24/2011 12:22:01 AM | Computer Name = Kat-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FB103C&REV_00\4&2a995034&0&0228)
disappeared from the system without first being prepared for removal.

Error - 9/24/2011 12:22:01 AM | Computer Name = Kat-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FB103C&REV_00\4&2a995034&0&0328)
disappeared from the system without first being prepared for removal.

Error - 9/24/2011 12:22:01 AM | Computer Name = Kat-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FB103C&REV_00\4&2a995034&0&0428)
disappeared from the system without first being prepared for removal.

Error - 9/24/2011 12:23:29 AM | Computer Name = Kat-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 9/24/2011 12:50:05 AM | Computer Name = Kat-PC | Source = HTTP | ID = 15016
Description =


< End of report >
  • 0

#4
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello,

Can you please do the following:


Step 1:

Please post the TDSSkiller report that was generated when you ran it, you should be able to find it at usually C:\ folder in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".

Are you getting redirects in both Firefox and Internet Explorer?


Step 2:

Run OTLPosted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 30 B6 F8 0D 16 31 41 40 B9 A2 CF 08 02 41 B4 86 [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 30 B6 F8 0D 16 31 41 40 B9 A2 CF 08 02 41 B4 86 [binary data]
    IE - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 30 B6 F8 0D 16 31 41 40 B9 A2 CF 08 02 41 B4 86 [binary data]
    O3 - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    
    :Services
    
    :Reg
    [HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the fix log
  • Open OTL again
  • Select All users
  • Click the Quick Scan button. Post the log it produces in your next reply.


Step 3:

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.


Step 4:

Please remember to post:

TDSSkiller report
OTL fix log
New OTL QuickScan log
MBRcheck report
Are redirects in both IE and Firefox?


Homburg
  • 0

#5
Sustentacular

Sustentacular

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ok, so before I ran any of those fixes or scans, I checked IE to see if there were redirects, and there were none! Then on a whim, I checked Firefox to see if it was still having the problem, and I couldn't get any search engine redirects there either. I could have sworn it was still redirecting when I first posted, but now I'm not so sure. At any rate, there's still all the crap that these scans are finding that I need to safely remove. Here's all the logs you requested. I have the one for GooredFix too if you need that one.

OTL fix:
All processes killed
========== OTL ==========
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2087814565-1624744861-2481495965-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kat \Desktop\cmd.bat deleted successfully.
C:\Users\Kat \Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kat
->Temp folder emptied: 19565322 bytes
->Temporary Internet Files folder emptied: 19701826 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 187422615 bytes
->Flash cache emptied: 1434 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1049404 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 52663 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 217.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Kat
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 09282011_211257

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGDP14PZ\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGDP14PZ\right[1].gif scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGDP14PZ\View[1].aspx scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7GW6EYQG\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7GW6EYQG\embeded[1].htm scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7GW6EYQG\globe16[1].png scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7GW6EYQG\windows_update16[1].png scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56XQEXV1\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56XQEXV1\main[1].css scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56XQEXV1\RequiredFieldsNS[1].js scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56XQEXV1\SecurityBadge_16x16[1].gif scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1106DUQW\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1106DUQW\SurveyScriptsNS[1].js scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1106DUQW\white_gradient[1].png scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...


OTL scan:
OTL logfile created on: 9/28/2011 9:45:26 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Kat \Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 63.53% Memory free
7.68 Gb Paging File | 6.07 Gb Available in Paging File | 79.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.65 Gb Total Space | 285.30 Gb Free Space | 63.03% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 2.04 Gb Free Space | 15.56% Space Free | Partition Type: NTFS

Computer Name: KAT-PC | User Name: Kat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/27 14:33:29 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Kat \Desktop\OTL.exe
PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/11 18:29:11 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011/03/11 18:28:53 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/10/07 07:46:02 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\DNA\btdna.exe
PRC - [2009/01/09 19:12:30 | 001,901,280 | ---- | M] (Cisco Systems, Inc) -- C:\Program Files (x86)\Cisco Systems\Clean Access Agent\CCAAgent.exe
PRC - [2008/12/25 16:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 16:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/02 22:28:22 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/11/28 21:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/21 14:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/20 13:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 13:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 13:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2008/12/25 16:41:24 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2008/12/10 10:04:58 | 000,935,424 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/10/15 07:39:52 | 000,279,040 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_5730ce9f\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/10/15 07:39:50 | 000,089,088 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_5730ce9f\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 19:25:40 | 000,023,040 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 15:11:30 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/03/11 18:29:11 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/03/11 18:28:53 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/12/02 22:28:22 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 16:38:18 | 000,601,944 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 16:38:16 | 000,301,912 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 16:36:41 | 000,058,200 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 16:36:41 | 000,042,328 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 16:36:30 | 000,065,368 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 16:36:14 | 000,024,408 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/10/21 16:11:04 | 000,097,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/19 20:24:34 | 000,074,960 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/02/06 23:04:02 | 000,312,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/02/06 23:04:01 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/17 16:34:22 | 001,526,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/12/10 11:31:26 | 004,993,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/11/10 16:26:30 | 000,184,832 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/10/15 07:39:54 | 000,465,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/07/21 05:53:04 | 000,145,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/06/23 07:54:02 | 000,099,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/23 07:54:02 | 000,091,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/06/23 07:54:02 | 000,019,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/05/28 17:54:18 | 000,026,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/04/28 01:25:06 | 000,016,400 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/03/31 05:36:18 | 000,195,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/03/27 15:10:56 | 000,026,984 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 15:10:14 | 000,040,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 18:59:32 | 001,252,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/24 08:24:24 | 000,060,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 22:46:52 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2007/06/20 20:57:36 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/11/28 21:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/04/17 14:18:27] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =

IE - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:2.22.5

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/24 07:36:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/10 06:29:52 | 000,000,000 | ---D | M]

[2010/11/18 23:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kat \AppData\Roaming\Mozilla\Extensions
[2010/11/18 23:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kat \AppData\Roaming\Mozilla\Extensions\MediaCoder-Setup-Wizard
[2011/09/24 07:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kat \AppData\Roaming\Mozilla\Firefox\Profiles\abyjtrcm.default\extensions
[2010/05/09 10:57:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kat \AppData\Roaming\Mozilla\Firefox\Profiles\abyjtrcm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/24 07:37:16 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Kat \AppData\Roaming\Mozilla\Firefox\Profiles\abyjtrcm.default\extensions\[email protected]
[2011/05/01 20:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/06 17:32:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/20 00:45:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/09/24 07:36:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/10/28 21:24:32 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files (x86)\mozilla firefox\plugins\NPTURNMED.dll
[2011/09/24 07:36:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/24 00:19:45 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{693D1A46-98CA-45EC-A086-75F86574466F}: DhcpNameServer = 168.94.0.14 168.94.0.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D42046B5-1558-4494-8FF0-539C8096E615}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\MysteriousWaves2.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\MysteriousWaves2.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2087814565-1624744861-2481495965-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/09/28 21:12:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/27 14:51:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/09/27 14:33:23 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Kat \Desktop\OTL.exe
[2011/09/27 14:31:37 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Kat \Desktop\aswMBR.exe
[2011/09/24 00:55:09 | 000,000,000 | ---D | C] -- C:\Users\Kat \Desktop\tdsskiller
[2011/09/24 00:53:28 | 000,000,000 | ---D | C] -- C:\Users\Kat \Desktop\GooredFix Backups
[2011/09/24 00:10:15 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/09/24 00:07:29 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Kat \Desktop\GooredFix.exe
[2011/09/24 00:07:00 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\Kat \Desktop\OTM.exe
[2011/09/10 06:29:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2011/09/28 21:22:39 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/28 21:22:39 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/28 21:22:39 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/28 21:15:51 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/28 21:15:51 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/28 21:15:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/28 21:15:30 | 4024,258,560 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/28 21:14:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/09/28 19:56:49 | 000,080,384 | ---- | M] () -- C:\Users\Kat \Desktop\MBRCheck.exe
[2011/09/27 15:00:21 | 459,041,915 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/27 14:33:29 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Kat \Desktop\OTL.exe
[2011/09/27 14:31:53 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Kat \Desktop\aswMBR.exe
[2011/09/24 00:08:03 | 001,528,215 | ---- | M] () -- C:\Users\Kat \Desktop\tdsskiller.zip
[2011/09/24 00:07:30 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Kat \Desktop\GooredFix.exe
[2011/09/24 00:07:05 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\Kat \Desktop\OTM.exe
[2011/09/10 06:44:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/09/10 06:29:52 | 000,001,877 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/06 16:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/09/06 16:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/06 16:45:17 | 000,254,400 | ---- | M] () -- C:\Windows\SysNative\aswBoot.exe
[2011/09/06 16:38:18 | 000,601,944 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/09/06 16:38:16 | 000,301,912 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/09/06 16:36:41 | 000,058,200 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/09/06 16:36:41 | 000,042,328 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/09/06 16:36:30 | 000,065,368 | ---- | M] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/09/06 16:36:14 | 000,024,408 | ---- | M] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/08/31 23:33:38 | 001,075,118 | ---- | M] () -- C:\Users\Kat \Documents\Little Sister.pdf
[2011/08/31 17:10:10 | 000,079,872 | ---- | M] () -- C:\Users\Kat \Documents\Okami-Amaterasu.pdf
[2011/08/31 17:08:19 | 000,048,396 | ---- | M] () -- C:\Users\Kat \Documents\Okami.pdf
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/09/28 19:56:46 | 000,080,384 | ---- | C] () -- C:\Users\Kat \Desktop\MBRCheck.exe
[2011/09/27 14:51:09 | 459,041,915 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/24 00:07:52 | 001,528,215 | ---- | C] () -- C:\Users\Kat \Desktop\tdsskiller.zip
[2011/08/31 23:33:38 | 001,075,118 | ---- | C] () -- C:\Users\Kat \Documents\Little Sister.pdf
[2011/08/31 17:10:10 | 000,079,872 | ---- | C] () -- C:\Users\Kat \Documents\Okami-Amaterasu.pdf
[2011/08/31 17:08:19 | 000,048,396 | ---- | C] () -- C:\Users\Kat \Documents\Okami.pdf
[2011/04/17 03:31:11 | 000,000,680 | ---- | C] () -- C:\Users\Kat \AppData\Local\d3d9caps.dat
[2011/03/10 12:38:41 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/10 12:38:39 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/03/10 12:38:39 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/04/09 19:01:33 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\ptime.dat
[2010/03/01 00:31:49 | 000,010,066 | -HS- | C] () -- C:\Users\Kat \AppData\Local\0Mp8n7BDj1d
[2010/01/26 19:58:40 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2009/12/29 06:25:09 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/27 14:17:31 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/06/22 18:24:56 | 000,083,968 | ---- | C] () -- C:\Users\Kat \AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/17 17:12:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/03/07 05:48:39 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/03/07 05:48:39 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/03/07 04:41:40 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/12/10 09:28:16 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003/01/29 20:39:40 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\dcfft2.dll

========== LOP Check ==========

[2009/11/27 19:30:11 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\Any Video Converter
[2011/06/24 04:08:32 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\BitTorrent
[2010/11/19 00:56:11 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\Broad Intelligence
[2009/06/05 14:00:47 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\CiscoCAA
[2011/09/28 21:46:09 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\DNA
[2010/05/15 08:52:40 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\EurekaLog
[2010/11/19 01:11:29 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\foobar2000
[2011/03/06 19:45:11 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\MotioninJoy
[2011/07/24 23:14:15 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\muvee Technologies
[2010/02/20 11:53:15 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\PlayFirst
[2010/05/08 21:12:37 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\RiffTrax
[2010/04/10 21:46:05 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\Tams11
[2011/01/20 15:17:26 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\The Longest Journey
[2011/01/15 16:52:09 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\The Longest Journey Demo
[2011/03/06 14:25:20 | 000,000,000 | ---D | M] -- C:\Users\Kat \AppData\Roaming\Ubisoft
[2011/09/28 21:14:40 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


TDSSKiller:

00:55:40.0917 4752 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
00:55:41.0588 4752 ============================================================
00:55:41.0588 4752 Current date / time: 2011/09/24 00:55:41.0588
00:55:41.0588 4752 SystemInfo:
00:55:41.0588 4752
00:55:41.0588 4752 OS Version: 6.0.6001 ServicePack: 1.0
00:55:41.0588 4752 Product type: Workstation
00:55:41.0588 4752 ComputerName: KAT-PC
00:55:41.0588 4752 UserName: Kat
00:55:41.0588 4752 Windows directory: C:\Windows
00:55:41.0588 4752 System windows directory: C:\Windows
00:55:41.0588 4752 Running under WOW64
00:55:41.0588 4752 Processor architecture: Intel x64
00:55:41.0588 4752 Number of processors: 2
00:55:41.0588 4752 Page size: 0x1000
00:55:41.0588 4752 Boot type: Normal boot
00:55:41.0588 4752 ============================================================
00:55:43.0631 4752 Initialize success
00:55:48.0920 3824 ============================================================
00:55:48.0920 3824 Scan started
00:55:48.0920 3824 Mode: Manual;
00:55:48.0920 3824 ============================================================
00:55:49.0903 3824 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
00:55:49.0903 3824 Accelerometer - ok
00:55:49.0965 3824 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
00:55:49.0996 3824 ACPI - ok
00:55:50.0027 3824 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
00:55:50.0043 3824 adp94xx - ok
00:55:50.0074 3824 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
00:55:50.0105 3824 adpahci - ok
00:55:50.0121 3824 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
00:55:50.0121 3824 adpu160m - ok
00:55:50.0152 3824 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
00:55:50.0152 3824 adpu320 - ok
00:55:50.0246 3824 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys
00:55:50.0261 3824 AFD - ok
00:55:50.0339 3824 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
00:55:50.0386 3824 AgereSoftModem - ok
00:55:50.0433 3824 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
00:55:50.0433 3824 agp440 - ok
00:55:50.0480 3824 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
00:55:50.0480 3824 aic78xx - ok
00:55:50.0511 3824 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
00:55:50.0511 3824 aliide - ok
00:55:50.0527 3824 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
00:55:50.0527 3824 amdide - ok
00:55:50.0558 3824 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
00:55:50.0558 3824 AmdK8 - ok
00:55:50.0605 3824 ApfiltrService (69d882157e5e4d17d32e30182f945046) C:\Windows\system32\DRIVERS\Apfiltr.sys
00:55:50.0605 3824 ApfiltrService - ok
00:55:50.0698 3824 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
00:55:50.0698 3824 arc - ok
00:55:50.0729 3824 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
00:55:50.0729 3824 arcsas - ok
00:55:50.0792 3824 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
00:55:50.0792 3824 aswFsBlk - ok
00:55:50.0854 3824 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
00:55:50.0854 3824 aswMonFlt - ok
00:55:50.0963 3824 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
00:55:50.0963 3824 aswRdr - ok
00:55:51.0307 3824 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
00:55:51.0307 3824 aswSnx - ok
00:55:51.0385 3824 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
00:55:51.0385 3824 aswSP - ok
00:55:51.0416 3824 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
00:55:51.0416 3824 aswTdi - ok
00:55:51.0463 3824 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
00:55:51.0463 3824 AsyncMac - ok
00:55:51.0494 3824 atapi (aca311fac841a06e4a7ef9a0f1c195f8) C:\Windows\system32\drivers\atapi.sys
00:55:51.0494 3824 atapi - ok
00:55:51.0634 3824 atikmdag (a4379447148ee55330768cc491ee999e) C:\Windows\system32\DRIVERS\atikmdag.sys
00:55:51.0728 3824 atikmdag - ok
00:55:51.0759 3824 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
00:55:51.0759 3824 AtiPcie - ok
00:55:51.0821 3824 atksgt (09149d03629a44f4773e621c432d1d89) C:\Windows\system32\DRIVERS\atksgt.sys
00:55:51.0821 3824 atksgt - ok
00:55:51.0977 3824 BCM43XX (f509c4fd2eba6af4fd8794aeb6f3efb7) C:\Windows\system32\DRIVERS\bcmwl664.sys
00:55:51.0993 3824 BCM43XX - ok
00:55:52.0071 3824 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
00:55:52.0071 3824 blbdrive - ok
00:55:52.0102 3824 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
00:55:52.0118 3824 bowser - ok
00:55:52.0165 3824 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
00:55:52.0165 3824 BrFiltLo - ok
00:55:52.0196 3824 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
00:55:52.0196 3824 BrFiltUp - ok
00:55:52.0227 3824 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
00:55:52.0243 3824 Brserid - ok
00:55:52.0258 3824 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
00:55:52.0258 3824 BrSerWdm - ok
00:55:52.0289 3824 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
00:55:52.0289 3824 BrUsbMdm - ok
00:55:52.0321 3824 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
00:55:52.0321 3824 BrUsbSer - ok
00:55:52.0367 3824 BthEnum (471ff09330a53177bbe9fd6ddf8a8259) C:\Windows\system32\DRIVERS\BthEnum.sys
00:55:52.0367 3824 BthEnum - ok
00:55:52.0430 3824 BTHMODEM (752fc84a394ca712d51dd9bd53f58e73) C:\Windows\system32\DRIVERS\bthmodem.sys
00:55:52.0430 3824 BTHMODEM - ok
00:55:52.0461 3824 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
00:55:52.0461 3824 BthPan - ok
00:55:52.0539 3824 BTHPORT (7d104f22c04a76f0d2f96f789ac07fcb) C:\Windows\system32\Drivers\BTHport.sys
00:55:52.0617 3824 BTHPORT - ok
00:55:52.0648 3824 BTHUSB (d9324f0c142267961ce900bfc3798bb1) C:\Windows\system32\Drivers\BTHUSB.sys
00:55:52.0664 3824 BTHUSB - ok
00:55:52.0726 3824 btwaudio (0c5d9c8b412be72c4535ec67a24c01db) C:\Windows\system32\drivers\btwaudio.sys
00:55:52.0726 3824 btwaudio - ok
00:55:52.0757 3824 btwavdt (df18e4291c43bed05b1d0c2d5c0e96d6) C:\Windows\system32\drivers\btwavdt.sys
00:55:52.0757 3824 btwavdt - ok
00:55:52.0789 3824 btwrchid (637a44c54520a9958e2e5e3ee9e26c4a) C:\Windows\system32\DRIVERS\btwrchid.sys
00:55:52.0789 3824 btwrchid - ok
00:55:52.0820 3824 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
00:55:52.0820 3824 cdfs - ok
00:55:52.0867 3824 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
00:55:52.0867 3824 cdrom - ok
00:55:52.0898 3824 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
00:55:52.0898 3824 circlass - ok
00:55:52.0945 3824 CLFS (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys
00:55:52.0960 3824 CLFS - ok
00:55:53.0069 3824 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
00:55:53.0069 3824 CmBatt - ok
00:55:53.0101 3824 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
00:55:53.0101 3824 cmdide - ok
00:55:53.0116 3824 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
00:55:53.0116 3824 Compbatt - ok
00:55:53.0147 3824 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
00:55:53.0147 3824 crcdisk - ok
00:55:53.0194 3824 CrystalSysInfo - ok
00:55:53.0257 3824 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys
00:55:53.0272 3824 DfsC - ok
00:55:53.0319 3824 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
00:55:53.0319 3824 disk - ok
00:55:53.0397 3824 dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
00:55:53.0397 3824 dot4 - ok
00:55:53.0413 3824 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
00:55:53.0413 3824 Dot4Print - ok
00:55:53.0428 3824 Dot4Scan (8b73ca3010d7c5c5cb939686c637e5d1) C:\Windows\system32\DRIVERS\Dot4Scan.sys
00:55:53.0428 3824 Dot4Scan - ok
00:55:53.0459 3824 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
00:55:53.0459 3824 dot4usb - ok
00:55:53.0506 3824 drmkaud (97dc2a789c1be458976507846a1a8ced) C:\Windows\system32\drivers\drmkaud.sys
00:55:53.0506 3824 drmkaud - ok
00:55:53.0553 3824 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
00:55:53.0600 3824 DXGKrnl - ok
00:55:53.0631 3824 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
00:55:53.0631 3824 E1G60 - ok
00:55:53.0662 3824 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
00:55:53.0678 3824 Ecache - ok
00:55:53.0709 3824 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
00:55:53.0725 3824 elxstor - ok
00:55:53.0771 3824 enecir (3a70dc8951b995c73a22b9a23210833e) C:\Windows\system32\DRIVERS\enecir.sys
00:55:53.0787 3824 enecir - ok
00:55:53.0803 3824 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
00:55:53.0803 3824 ErrDev - ok
00:55:53.0849 3824 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
00:55:53.0865 3824 exfat - ok
00:55:53.0927 3824 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
00:55:53.0927 3824 fastfat - ok
00:55:53.0974 3824 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
00:55:53.0974 3824 fdc - ok
00:55:54.0005 3824 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
00:55:54.0005 3824 FileInfo - ok
00:55:54.0068 3824 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
00:55:54.0068 3824 Filetrace - ok
00:55:54.0083 3824 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:55:54.0099 3824 flpydisk - ok
00:55:54.0130 3824 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
00:55:54.0146 3824 FltMgr - ok
00:55:54.0161 3824 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
00:55:54.0161 3824 Fs_Rec - ok
00:55:54.0177 3824 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
00:55:54.0193 3824 gagp30kx - ok
00:55:54.0239 3824 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:55:54.0239 3824 GEARAspiWDM - ok
00:55:54.0271 3824 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
00:55:54.0286 3824 HdAudAddService - ok
00:55:54.0302 3824 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:55:54.0302 3824 HDAudBus - ok
00:55:54.0333 3824 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
00:55:54.0333 3824 HidBth - ok
00:55:54.0380 3824 HidIr (1d4e03e5c5ba4c3679c38cb6b4c60d5f) C:\Windows\system32\DRIVERS\hidir.sys
00:55:54.0380 3824 HidIr - ok
00:55:54.0442 3824 HidUsb (59a7b5e13356c20d67983868242167c5) C:\Windows\system32\DRIVERS\hidusb.sys
00:55:54.0442 3824 HidUsb - ok
00:55:54.0505 3824 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
00:55:54.0505 3824 HpCISSs - ok
00:55:54.0536 3824 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
00:55:54.0536 3824 hpdskflt - ok
00:55:54.0567 3824 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
00:55:54.0567 3824 HpqKbFiltr - ok
00:55:54.0645 3824 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
00:55:54.0692 3824 HTTP - ok
00:55:54.0739 3824 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
00:55:54.0739 3824 i2omp - ok
00:55:54.0785 3824 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
00:55:54.0785 3824 i8042prt - ok
00:55:54.0832 3824 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
00:55:54.0848 3824 iaStorV - ok
00:55:54.0879 3824 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
00:55:54.0895 3824 iirsp - ok
00:55:54.0926 3824 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
00:55:54.0926 3824 intelide - ok
00:55:54.0957 3824 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
00:55:54.0973 3824 intelppm - ok
00:55:55.0035 3824 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:55:55.0035 3824 IpFilterDriver - ok
00:55:55.0051 3824 IpInIp - ok
00:55:55.0082 3824 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
00:55:55.0097 3824 IPMIDRV - ok
00:55:55.0129 3824 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
00:55:55.0144 3824 IPNAT - ok
00:55:55.0222 3824 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
00:55:55.0222 3824 IRENUM - ok
00:55:55.0269 3824 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
00:55:55.0269 3824 isapnp - ok
00:55:55.0300 3824 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
00:55:55.0300 3824 iScsiPrt - ok
00:55:55.0331 3824 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
00:55:55.0331 3824 iteatapi - ok
00:55:55.0378 3824 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
00:55:55.0378 3824 iteraid - ok
00:55:55.0425 3824 JMCR (15371306d1adbbf35e475c8da516a956) C:\Windows\system32\DRIVERS\jmcr.sys
00:55:55.0425 3824 JMCR - ok
00:55:55.0456 3824 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
00:55:55.0456 3824 kbdclass - ok
00:55:55.0503 3824 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
00:55:55.0503 3824 kbdhid - ok
00:55:55.0565 3824 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
00:55:55.0597 3824 KSecDD - ok
00:55:55.0628 3824 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
00:55:55.0628 3824 ksthunk - ok
00:55:55.0737 3824 lirsgt (5ea407821bb3104c31a705175ab4f309) C:\Windows\system32\DRIVERS\lirsgt.sys
00:55:55.0737 3824 lirsgt - ok
00:55:55.0784 3824 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
00:55:55.0784 3824 lltdio - ok
00:55:55.0831 3824 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
00:55:55.0831 3824 LSI_FC - ok
00:55:55.0877 3824 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
00:55:55.0877 3824 LSI_SAS - ok
00:55:55.0909 3824 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
00:55:55.0924 3824 LSI_SCSI - ok
00:55:55.0940 3824 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
00:55:55.0940 3824 luafv - ok
00:55:55.0971 3824 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
00:55:55.0987 3824 megasas - ok
00:55:56.0018 3824 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
00:55:56.0033 3824 MegaSR - ok
00:55:56.0065 3824 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
00:55:56.0065 3824 Modem - ok
00:55:56.0080 3824 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
00:55:56.0080 3824 monitor - ok
00:55:56.0189 3824 MotioninJoyXFilter (16f9f464da6e02a020bce626c56a1797) C:\Windows\system32\DRIVERS\MijXfilt.sys
00:55:56.0189 3824 MotioninJoyXFilter - ok
00:55:56.0221 3824 motmodem (940f4da752e28e6c4b1090d21aeb7b80) C:\Windows\system32\DRIVERS\motmodem.sys
00:55:56.0221 3824 motmodem - ok
00:55:56.0252 3824 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
00:55:56.0252 3824 mouclass - ok
00:55:56.0283 3824 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
00:55:56.0299 3824 mouhid - ok
00:55:56.0314 3824 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
00:55:56.0314 3824 MountMgr - ok
00:55:56.0345 3824 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
00:55:56.0345 3824 mpio - ok
00:55:56.0361 3824 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
00:55:56.0377 3824 mpsdrv - ok
00:55:56.0392 3824 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
00:55:56.0392 3824 Mraid35x - ok
00:55:56.0423 3824 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
00:55:56.0423 3824 MRxDAV - ok
00:55:56.0455 3824 mrxsmb (937512d4321b4f5218ad5a0aebf2b5cc) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:55:56.0470 3824 mrxsmb - ok
00:55:56.0486 3824 mrxsmb10 (152b673b3984356390e7baa4199f1114) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:55:56.0486 3824 mrxsmb10 - ok
00:55:56.0501 3824 mrxsmb20 (65e45c26ba6fd66cd2889913f73823ef) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:55:56.0501 3824 mrxsmb20 - ok
00:55:56.0533 3824 msahci (9ac2055e4f5d8eb3c2ba6bd17aaf7719) C:\Windows\system32\drivers\msahci.sys
00:55:56.0533 3824 msahci - ok
00:55:56.0548 3824 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
00:55:56.0548 3824 msdsm - ok
00:55:56.0595 3824 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
00:55:56.0595 3824 Msfs - ok
00:55:56.0626 3824 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
00:55:56.0626 3824 msisadrv - ok
00:55:56.0657 3824 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
00:55:56.0673 3824 MSKSSRV - ok
00:55:56.0689 3824 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
00:55:56.0689 3824 MSPCLOCK - ok
00:55:56.0720 3824 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
00:55:56.0720 3824 MSPQM - ok
00:55:56.0751 3824 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
00:55:56.0767 3824 MsRPC - ok
00:55:56.0782 3824 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
00:55:56.0782 3824 mssmbios - ok
00:55:56.0798 3824 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
00:55:56.0798 3824 MSTEE - ok
00:55:56.0813 3824 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
00:55:56.0813 3824 Mup - ok
00:55:56.0860 3824 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
00:55:56.0860 3824 NativeWifiP - ok
00:55:56.0923 3824 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
00:55:56.0954 3824 NDIS - ok
00:55:56.0985 3824 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
00:55:56.0985 3824 NdisTapi - ok
00:55:57.0016 3824 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
00:55:57.0016 3824 Ndisuio - ok
00:55:57.0047 3824 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
00:55:57.0047 3824 NdisWan - ok
00:55:57.0063 3824 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
00:55:57.0079 3824 NDProxy - ok
00:55:57.0094 3824 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
00:55:57.0094 3824 NetBIOS - ok
00:55:57.0125 3824 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
00:55:57.0125 3824 netbt - ok
00:55:57.0219 3824 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
00:55:57.0297 3824 NETw3v64 - ok
00:55:57.0313 3824 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
00:55:57.0313 3824 nfrd960 - ok
00:55:57.0344 3824 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
00:55:57.0344 3824 Npfs - ok
00:55:57.0359 3824 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
00:55:57.0359 3824 nsiproxy - ok
00:55:57.0422 3824 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
00:55:57.0469 3824 Ntfs - ok
00:55:57.0484 3824 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
00:55:57.0484 3824 Null - ok
00:55:57.0515 3824 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
00:55:57.0515 3824 nvraid - ok
00:55:57.0531 3824 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
00:55:57.0531 3824 nvstor - ok
00:55:57.0562 3824 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
00:55:57.0578 3824 nv_agp - ok
00:55:57.0593 3824 NwlnkFlt - ok
00:55:57.0593 3824 NwlnkFwd - ok
00:55:57.0640 3824 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
00:55:57.0640 3824 ohci1394 - ok
00:55:57.0687 3824 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
00:55:57.0687 3824 Parport - ok
00:55:57.0718 3824 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
00:55:57.0718 3824 partmgr - ok
00:55:57.0781 3824 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
00:55:57.0781 3824 pci - ok
00:55:57.0827 3824 pciide (2c548d4e90bfc26fefdd5dbfc7a93e1e) C:\Windows\system32\drivers\pciide.sys
00:55:57.0827 3824 pciide - ok
00:55:57.0874 3824 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
00:55:57.0874 3824 pcmcia - ok
00:55:57.0921 3824 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
00:55:57.0952 3824 PEAUTH - ok
00:55:58.0077 3824 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
00:55:58.0077 3824 PptpMiniport - ok
00:55:58.0093 3824 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
00:55:58.0093 3824 Processor - ok
00:55:58.0171 3824 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
00:55:58.0171 3824 PSched - ok
00:55:58.0217 3824 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
00:55:58.0249 3824 ql2300 - ok
00:55:58.0264 3824 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
00:55:58.0264 3824 ql40xx - ok
00:55:58.0295 3824 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
00:55:58.0295 3824 QWAVEdrv - ok
00:55:58.0311 3824 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
00:55:58.0311 3824 RasAcd - ok
00:55:58.0342 3824 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:55:58.0342 3824 Rasl2tp - ok
00:55:58.0373 3824 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
00:55:58.0373 3824 RasPppoe - ok
00:55:58.0405 3824 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
00:55:58.0405 3824 RasSstp - ok
00:55:58.0420 3824 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
00:55:58.0436 3824 rdbss - ok
00:55:58.0436 3824 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:55:58.0451 3824 RDPCDD - ok
00:55:58.0483 3824 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
00:55:58.0483 3824 rdpdr - ok
00:55:58.0498 3824 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
00:55:58.0498 3824 RDPENCDD - ok
00:55:58.0545 3824 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
00:55:58.0561 3824 RDPWD - ok
00:55:58.0639 3824 RFCOMM (72c35598ba591abddc37fce7d26fe1c4) C:\Windows\system32\DRIVERS\rfcomm.sys
00:55:58.0654 3824 RFCOMM - ok
00:55:58.0717 3824 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
00:55:58.0717 3824 rspndr - ok
00:55:58.0763 3824 RTL8169 (390482953c63e81bae52f20386394421) C:\Windows\system32\DRIVERS\Rtlh64.sys
00:55:58.0779 3824 RTL8169 - ok
00:55:58.0810 3824 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
00:55:58.0810 3824 sbp2port - ok
00:55:58.0857 3824 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
00:55:58.0857 3824 sdbus - ok
00:55:58.0888 3824 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:55:58.0888 3824 secdrv - ok
00:55:58.0935 3824 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
00:55:58.0951 3824 Serenum - ok
00:55:58.0982 3824 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
00:55:58.0982 3824 Serial - ok
00:55:59.0013 3824 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
00:55:59.0029 3824 sermouse - ok
00:55:59.0075 3824 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
00:55:59.0075 3824 sffdisk - ok
00:55:59.0107 3824 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
00:55:59.0107 3824 sffp_mmc - ok
00:55:59.0138 3824 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
00:55:59.0138 3824 sffp_sd - ok
00:55:59.0169 3824 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
00:55:59.0169 3824 sfloppy - ok
00:55:59.0200 3824 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
00:55:59.0200 3824 SiSRaid2 - ok
00:55:59.0231 3824 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
00:55:59.0231 3824 SiSRaid4 - ok
00:55:59.0263 3824 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
00:55:59.0263 3824 Smb - ok
00:55:59.0294 3824 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
00:55:59.0294 3824 spldr - ok
00:55:59.0356 3824 srv (3d86e3d5621173fb559c0f1034a36250) C:\Windows\system32\DRIVERS\srv.sys
00:55:59.0356 3824 srv - ok
00:55:59.0372 3824 srv2 (b21de35d27be9a836ac28484b7c7b3ee) C:\Windows\system32\DRIVERS\srv2.sys
00:55:59.0387 3824 srv2 - ok
00:55:59.0403 3824 srvnet (8b34ba2793b9eaeddca5f2c2a758dd2c) C:\Windows\system32\DRIVERS\srvnet.sys
00:55:59.0419 3824 srvnet - ok
00:55:59.0512 3824 STHDA (e01797a54f8a61512b7e590fde6d1988) C:\Windows\system32\DRIVERS\stwrt64.sys
00:55:59.0528 3824 STHDA - ok
00:55:59.0590 3824 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
00:55:59.0590 3824 StillCam - ok
00:55:59.0621 3824 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
00:55:59.0621 3824 swenum - ok
00:55:59.0653 3824 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
00:55:59.0653 3824 Symc8xx - ok
00:55:59.0699 3824 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
00:55:59.0699 3824 Sym_hi - ok
00:55:59.0731 3824 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
00:55:59.0731 3824 Sym_u3 - ok
00:55:59.0840 3824 Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
00:55:59.0871 3824 Tcpip - ok
00:55:59.0933 3824 Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
00:55:59.0933 3824 Tcpip6 - ok
00:55:59.0980 3824 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
00:55:59.0980 3824 tcpipreg - ok
00:56:00.0011 3824 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
00:56:00.0011 3824 TDPIPE - ok
00:56:00.0043 3824 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
00:56:00.0043 3824 TDTCP - ok
00:56:00.0089 3824 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
00:56:00.0089 3824 tdx - ok
00:56:00.0121 3824 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
00:56:00.0121 3824 TermDD - ok
00:56:00.0183 3824 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:56:00.0199 3824 tssecsrv - ok
00:56:00.0230 3824 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
00:56:00.0230 3824 tunmp - ok
00:56:00.0277 3824 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
00:56:00.0277 3824 tunnel - ok
00:56:00.0308 3824 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
00:56:00.0308 3824 uagp35 - ok
00:56:00.0355 3824 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
00:56:00.0370 3824 udfs - ok
00:56:00.0417 3824 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
00:56:00.0433 3824 uliagpkx - ok
00:56:00.0448 3824 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
00:56:00.0464 3824 uliahci - ok
00:56:00.0479 3824 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
00:56:00.0479 3824 UlSata - ok
00:56:00.0495 3824 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
00:56:00.0511 3824 ulsata2 - ok
00:56:00.0526 3824 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
00:56:00.0526 3824 umbus - ok
00:56:00.0573 3824 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
00:56:00.0573 3824 USBAAPL64 - ok
00:56:00.0620 3824 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
00:56:00.0620 3824 usbccgp - ok
00:56:00.0651 3824 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
00:56:00.0667 3824 usbcir - ok
00:56:00.0682 3824 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
00:56:00.0682 3824 usbehci - ok
00:56:00.0729 3824 usbfilter (8fec71666aba7114f9cab9e56065ec80) C:\Windows\system32\DRIVERS\usbfilter.sys
00:56:00.0729 3824 usbfilter - ok
00:56:00.0760 3824 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
00:56:00.0760 3824 usbhub - ok
00:56:00.0807 3824 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
00:56:00.0823 3824 usbohci - ok
00:56:00.0854 3824 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
00:56:00.0854 3824 usbprint - ok
00:56:00.0901 3824 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:56:00.0901 3824 USBSTOR - ok
00:56:00.0932 3824 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
00:56:00.0932 3824 usbuhci - ok
00:56:00.0979 3824 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
00:56:00.0979 3824 usbvideo - ok
00:56:01.0041 3824 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
00:56:01.0041 3824 vga - ok
00:56:01.0072 3824 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
00:56:01.0072 3824 VgaSave - ok
00:56:01.0103 3824 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
00:56:01.0103 3824 viaide - ok
00:56:01.0135 3824 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
00:56:01.0135 3824 volmgr - ok
00:56:01.0197 3824 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
00:56:01.0228 3824 volmgrx - ok
00:56:01.0259 3824 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
00:56:01.0291 3824 volsnap - ok
00:56:01.0322 3824 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
00:56:01.0322 3824 vsmraid - ok
00:56:01.0384 3824 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
00:56:01.0384 3824 WacomPen - ok
00:56:01.0431 3824 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
00:56:01.0447 3824 Wanarp - ok
00:56:01.0447 3824 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
00:56:01.0462 3824 Wanarpv6 - ok
00:56:01.0509 3824 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
00:56:01.0509 3824 Wd - ok
00:56:01.0603 3824 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:56:01.0634 3824 Wdf01000 - ok
00:56:01.0712 3824 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:56:01.0712 3824 WmiAcpi - ok
00:56:01.0805 3824 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
00:56:01.0821 3824 WpdUsb - ok
00:56:01.0868 3824 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
00:56:01.0868 3824 ws2ifsl - ok
00:56:01.0915 3824 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:56:01.0915 3824 WUDFRd - ok
00:56:01.0993 3824 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
00:56:01.0993 3824 xusb21 - ok
00:56:02.0039 3824 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
00:56:02.0055 3824 yukonx64 - ok
00:56:02.0242 3824 {55662437-DA8C-40c0-AADA-2C816A897A49} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
00:56:02.0258 3824 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
00:56:02.0351 3824 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
00:56:02.0367 3824 \Device\Harddisk0\DR0 - ok
00:56:02.0383 3824 Boot (0x1200) (0a175482f1d60cfbe0cf922c0c0ea6eb) \Device\Harddisk0\DR0\Partition0
00:56:02.0398 3824 \Device\Harddisk0\DR0\Partition0 - ok
00:56:02.0445 3824 Boot (0x1200) (1e104ae31464e94aaf25e18b1b99632e) \Device\Harddisk0\DR0\Partition1
00:56:02.0445 3824 \Device\Harddisk0\DR0\Partition1 - ok
00:56:02.0445 3824 ============================================================
00:56:02.0445 3824 Scan finished
00:56:02.0445 3824 ============================================================
00:56:02.0476 4252 Detected object count: 0
00:56:02.0476 4252 Actual detected object count: 0
00:56:25.0517 1424 Deinitialize success


MBRCheck:
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Compal
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv4 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 203):
0x02A5F000 \SystemRoot\system32\ntoskrnl.exe
0x02A19000 \SystemRoot\system32\hal.dll
0x0060B000 \SystemRoot\system32\kdcom.dll
0x00615000 \SystemRoot\system32\PSHED.dll
0x00629000 \SystemRoot\system32\CLFS.SYS
0x00686000 \SystemRoot\system32\CI.dll
0x00738000 \SystemRoot\system32\drivers\Wdf01000.sys
0x007DC000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x0080C000 \SystemRoot\system32\drivers\acpi.sys
0x00862000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0086B000 \SystemRoot\system32\drivers\msisadrv.sys
0x00875000 \SystemRoot\system32\drivers\pci.sys
0x008A5000 \SystemRoot\system32\drivers\isapnp.sys
0x008AE000 \SystemRoot\system32\drivers\mpio.sys
0x008D0000 \SystemRoot\System32\drivers\partmgr.sys
0x008E5000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x008E9000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x008F5000 \SystemRoot\system32\drivers\volmgr.sys
0x00909000 \SystemRoot\System32\drivers\volmgrx.sys
0x0096F000 \SystemRoot\system32\drivers\intelide.sys
0x00977000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00987000 \SystemRoot\system32\drivers\pciide.sys
0x0098E000 \SystemRoot\system32\drivers\aliide.sys
0x00995000 \SystemRoot\system32\drivers\amdide.sys
0x0099C000 \SystemRoot\system32\drivers\cmdide.sys
0x009A4000 \SystemRoot\System32\drivers\mountmgr.sys
0x009B7000 \SystemRoot\system32\drivers\msdsm.sys
0x009D5000 \SystemRoot\system32\drivers\nvraid.sys
0x00A08000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00A34000 \SystemRoot\system32\drivers\viaide.sys
0x00A3C000 \SystemRoot\system32\drivers\iastorv.sys
0x00B03000 \SystemRoot\system32\drivers\atapi.sys
0x00B0B000 \SystemRoot\system32\drivers\ataport.SYS
0x00B2F000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x00B4D000 \SystemRoot\system32\drivers\storport.sys
0x00BAA000 \SystemRoot\system32\drivers\msahci.sys
0x00BB4000 \SystemRoot\system32\drivers\hpcisss.sys
0x00C0A000 \SystemRoot\system32\drivers\adp94xx.sys
0x00C83000 \SystemRoot\system32\drivers\adpahci.sys
0x00CD9000 \SystemRoot\system32\drivers\adpu160m.sys
0x00CFA000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x00D28000 \SystemRoot\system32\drivers\adpu320.sys
0x00D57000 \SystemRoot\system32\drivers\djsvs.sys
0x00D6F000 \SystemRoot\system32\drivers\arc.sys
0x00D88000 \SystemRoot\system32\drivers\arcsas.sys
0x00E0F000 \SystemRoot\system32\drivers\elxstor.sys
0x00EB2000 \SystemRoot\system32\drivers\i2omp.sys
0x00EBD000 \SystemRoot\system32\drivers\iirsp.sys
0x00ECE000 \SystemRoot\system32\drivers\iteatapi.sys
0x00EDB000 \SystemRoot\system32\drivers\iteraid.sys
0x00EE8000 \SystemRoot\system32\drivers\lsi_fc.sys
0x00F06000 \SystemRoot\system32\drivers\lsi_sas.sys
0x00F22000 \SystemRoot\system32\drivers\megasas.sys
0x00F2E000 \SystemRoot\system32\drivers\megasr.sys
0x00E00000 \SystemRoot\system32\drivers\mraid35x.sys
0x00DA1000 \SystemRoot\system32\drivers\nfrd960.sys
0x00DB1000 \SystemRoot\system32\drivers\nvstor.sys
0x01003000 \SystemRoot\system32\drivers\ql2300.sys
0x01155000 \SystemRoot\system32\drivers\ql40xx.sys
0x011B3000 \SystemRoot\system32\drivers\sisraid2.sys
0x011C1000 \SystemRoot\system32\drivers\sisraid4.sys
0x011D7000 \SystemRoot\system32\drivers\symc8xx.sys
0x011E5000 \SystemRoot\system32\drivers\sym_hi.sys
0x011F2000 \SystemRoot\system32\drivers\sym_u3.sys
0x01201000 \SystemRoot\system32\drivers\uliahci.sys
0x0124A000 \SystemRoot\system32\drivers\ulsata.sys
0x01279000 \SystemRoot\system32\drivers\ulsata2.sys
0x012BB000 \SystemRoot\system32\drivers\vsmraid.sys
0x012E2000 \SystemRoot\system32\drivers\fltmgr.sys
0x01328000 \SystemRoot\system32\drivers\fileinfo.sys
0x0133C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01403000 \SystemRoot\system32\drivers\ndis.sys
0x0160D000 \SystemRoot\system32\drivers\msrpc.sys
0x0165D000 \SystemRoot\system32\drivers\NETIO.SYS
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x01977000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A02000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01B86000 \SystemRoot\system32\drivers\wd.sys
0x01B8E000 \SystemRoot\system32\drivers\volsnap.sys
0x01BD2000 \SystemRoot\System32\Drivers\spldr.sys
0x01BDA000 \SystemRoot\system32\drivers\sbp2port.sys
0x019A3000 \SystemRoot\System32\Drivers\mup.sys
0x019B5000 \SystemRoot\System32\drivers\ecache.sys
0x01BF3000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x019E1000 \SystemRoot\system32\drivers\disk.sys
0x019F5000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x016B5000 \SystemRoot\system32\drivers\crcdisk.sys
0x016E3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x016F0000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x016F9000 \SystemRoot\system32\DRIVERS\processr.sys
0x12C0C000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x132BF000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x1339E000 \SystemRoot\System32\drivers\watchdog.sys
0x133AD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x12A0C000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x12B84000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x12BB5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x12BD1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x12BDE000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0170C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x12BE9000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x12BF3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x133E7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x01752000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x12A00000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x01768000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x01776000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x12C00000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x12BF5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x017AA000 \SystemRoot\system32\DRIVERS\enecir.sys
0x017C6000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x017D2000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x133F8000 \SystemRoot\system32\DRIVERS\serscan.sys
0x12BFA000 \SystemRoot\system32\drivers\ksthunk.sys
0x015C6000 \SystemRoot\system32\drivers\ks.sys
0x013C3000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x017DB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x00DC1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x017E8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x00BC2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x00DE4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x1340E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x1342C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x13444000 \SystemRoot\system32\DRIVERS\termdd.sys
0x13456000 \SystemRoot\system32\DRIVERS\swenum.sys
0x13458000 \SystemRoot\system32\DRIVERS\circlass.sys
0x13469000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x13474000 \SystemRoot\system32\DRIVERS\umbus.sys
0x13484000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x134CB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x134DF000 \SystemRoot\system32\drivers\HdAudio.sys
0x13528000 \SystemRoot\system32\drivers\portcls.sys
0x13563000 \SystemRoot\system32\drivers\drmk.sys
0x13586000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x14806000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x14942000 \SystemRoot\system32\drivers\modem.sys
0x14951000 \SystemRoot\system32\DRIVERS\hidir.sys
0x1495C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x1496E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x14976000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x14980000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x14A0E000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x14AA6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x14AB0000 \SystemRoot\System32\Drivers\Null.SYS
0x14AB9000 \SystemRoot\System32\drivers\vga.sys
0x14AC7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x14AEC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x14AF5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x14AFE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x14B1A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x14B23000 \SystemRoot\System32\Drivers\Msfs.SYS
0x14B2E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x14B3F000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x14B48000 \SystemRoot\system32\DRIVERS\tdx.sys
0x14B65000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x14B77000 \SystemRoot\System32\DRIVERS\netbt.sys
0x14BBB000 \SystemRoot\system32\DRIVERS\smb.sys
0x1498B000 \SystemRoot\system32\drivers\afd.sys
0x14BD6000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x14C09000 \SystemRoot\system32\DRIVERS\pacer.sys
0x14C27000 \SystemRoot\system32\DRIVERS\netbios.sys
0x14C36000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x14C51000 \SystemRoot\System32\Drivers\usbvideo.sys
0x14C7B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x14CC9000 \SystemRoot\system32\drivers\nsiproxy.sys
0x14CD5000 \SystemRoot\System32\Drivers\dfsc.sys
0x14CF2000 \SystemRoot\System32\Drivers\aswSP.SYS
0x14D42000 \SystemRoot\system32\DRIVERS\MijXfilt.sys
0x14D5E000 \SystemRoot\system32\DRIVERS\xusb21.sys
0x14D6F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x14D7D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x14D89000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x14D93000 \SystemRoot\System32\drivers\Dxapi.sys
0x14D9F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004F0000 \SystemRoot\System32\TSDDD.dll
0x00640000 \SystemRoot\System32\cdd.dll
0x14DB2000 \SystemRoot\system32\drivers\luafv.sys
0x15E04000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x15E3E000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x15E47000 \SystemRoot\system32\drivers\spsys.sys
0x15EE1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x15EF5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x15F29000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x15F34000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x15F4C000 \SystemRoot\system32\drivers\HTTP.sys
0x14DD4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x016BF000 \SystemRoot\system32\DRIVERS\bowser.sys
0x14BE3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x16E09000 \SystemRoot\system32\drivers\mrxdav.sys
0x16E30000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x16E59000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x16EA2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x16EC1000 \SystemRoot\System32\DRIVERS\srv2.sys
0x16EF3000 \SystemRoot\System32\DRIVERS\srv.sys
0x16F89000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x16FA5000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x15FEB000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x17E05000 \SystemRoot\system32\drivers\peauth.sys
0x17EBB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x17EC6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x17ED5000 \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
0x77BF0000 \Windows\System32\ntdll.dll

Processes (total 84):
0 System Idle Process
4 System
544 C:\Windows\System32\smss.exe
612 csrss.exe
668 C:\Windows\System32\wininit.exe
688 csrss.exe
724 C:\Windows\System32\services.exe
736 C:\Windows\System32\lsass.exe
744 C:\Windows\System32\lsm.exe
864 C:\Windows\System32\winlogon.exe
936 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
336 C:\Windows\System32\svchost.exe
468 C:\Windows\System32\Ati2evxx.exe
556 C:\Windows\System32\svchost.exe
604 C:\Windows\System32\svchost.exe
716 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5730ce9f\stacsv64.exe
1180 C:\Windows\System32\audiodg.exe
1348 C:\Windows\System32\SLsvc.exe
1368 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\Ati2evxx.exe
1476 C:\Windows\System32\hpservice.exe
1544 C:\Windows\System32\svchost.exe
1688 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1720 C:\Windows\System32\wlanext.exe
1808 C:\Windows\System32\dwm.exe
1868 C:\Windows\explorer.exe
2056 C:\Windows\System32\spoolsv.exe
2080 C:\Windows\System32\svchost.exe
2092 C:\Windows\System32\taskeng.exe
2212 C:\Windows\System32\taskeng.exe
2404 C:\Windows\notepad.exe
2500 C:\Program Files\Apoint2K\Apoint.exe
2508 C:\Program Files\IDT\WDM\sttray64.exe
2516 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2524 C:\Program Files\Windows Defender\MSASCui.exe
2560 C:\Program Files\Apoint2K\ApMsgFwd.exe
2568 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
2644 C:\Program Files (x86)\DNA\btdna.exe
2672 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2720 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
2728 C:\Program Files\Apoint2K\ApntEx.exe
2744 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
2752 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
2816 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5730ce9f\AESTSr64.exe
2832 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2880 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2896 C:\Windows\System32\agr64svc.exe
2912 C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
2920 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2932 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2948 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2988 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3024 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3032 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2316 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1256 C:\Program Files (x86)\Cisco Systems\Clean Access Agent\CCAAgent.exe
3148 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
3180 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3224 C:\Windows\System32\svchost.exe
3260 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
3484 C:\Windows\SysWOW64\PnkBstrA.exe
3556 C:\Windows\SysWOW64\PnkBstrB.exe
3580 C:\Windows\System32\svchost.exe
3620 C:\Program Files (x86)\SMINST\BLService.exe
3664 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
3696 C:\Windows\System32\svchost.exe
3752 C:\Windows\System32\svchost.exe
3800 C:\Windows\System32\SearchIndexer.exe
3996 C:\Program Files\iPod\bin\iPodService.exe
4084 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
3736 WmiPrvSE.exe
4344 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4432 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
4460 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
2768 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4764 C:\Windows\System32\wuauclt.exe
2788 C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
3940 C:\Windows\System32\notepad.exe
4960 C:\Windows\notepad.exe
2812 C:\Windows\System32\SearchProtocolHost.exe
1556 C:\Windows\System32\SearchFilterHost.exe
1320 C:\Users\Kat \Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`29700000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000BEVT-60ZAT1, Rev: 02.01A02

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6DF26AE7D6663DFFFF5602BEDE5BE4683120D56C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#6
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello,

It's looking good so far. I'd like to do another check on your MBR, can you please do the following:


Step 1:


Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Enter Y and press Enter.

The following dialog will be presented:

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:


Enter 1 and press Enter

The following dialog will be presented:

Please select the MBR code to write to this drive:


Enter 0 and press Enter

Type mbrdump when asked for the filename and press enter.

Type -1 and then press enter and then press enter again to exit the program.

This will have saved a copy of your MBR to the desktop which is where you should have the MBRcheck program.


Step 2:

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Click the browse button next to the "Suspicious files to scan" box on the top of the page and browse to the following file on your desktop :

    • mbrdump
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button which is at the bottom of the page. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


Step 3:


Delete the copy of MalwareBytes that you have and download a fresh copy.

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediantly.


Step 4:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Please remember to post:

Virscan report for your mbrdump
MalwareBytes scan report
E-Set online scan report
Have you experienced any more redirects?


Homburg
  • 0

#7
Sustentacular

Sustentacular

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Well, when I got to step 2 and tried to upload the file to virscan, it said "Error: returned status code 403 Forbidden" and just stopped there. Not sure what's causing that, but I suppose it might be a problem on their end, since the site was down when I first tried your link. I'll try again in the morning, but if it still doesn't work, should I just go ahead with steps 3 and 4, or use something else first? Also, search engine redirects are still gone.
  • 0

#8
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
I've just tried the Virscan site and it worked ok for me. Can you try it again as maybe it was too busy.

If it still doesn't work then try this alternative online checker Jotti online file scanner :)
  • 0

#9
Sustentacular

Sustentacular

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OK Jotti worked. Eset didn't make a folder anywhere on my computer, but I listed what it found and cleaned. I kept the window open in case you want me to post something else from the scan. Here's everything.

Jotti


Jotti's malware scan
Filename: mbrdump
Status: Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Sun 2 Oct 2011 03:23:39 (CET) Permalink



--------------------------------------------------------------------------------
Additional info
File size: 512 bytes
Filetype: x86 boot sector
MD5: 0b381068d1c7cc26578d1fd7f84ea873
SHA1: e705719a241955cbff21f922f13c029be1858124

MBAM:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7838

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

10/1/2011 9:37:08 PM
mbam-log-2011-10-01 (21-37-08).txt

Scan type: Quick scan
Objects scanned: 184435
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Kat \AppData\Local\av.exe" /START "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESET:
C:\Users\Kat \Desktop\GooredFix Backups\C\Users\Kat Fowler\Application Data\Mozilla\Firefox\Profiles\abyjtrcm.default\extensions\{af907a3c-dee6-47fc-affd-ba3c413dccec}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
  • 0

#10
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

Your PC is now clean :)

First we'll remove the tools that we've used then look at preventing getting infected again. It's important to remove the tools as it also removes the malware that we currently have quarantined.

Please do the following:

Reset SR Points/Clean up with OTL:
  • Double-click OTL to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Commands
    [ClearAllRestorePoints]
  • Return to OTL, right-click in the Custom Scans/Fixes window and choose Paste.
  • Then click the Run Fix button.
  • Let the program run unhindered. When finished click on OK and close the log that appears.
  • Note: I do not need to review the log produced.
  • Now close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.

The above process will flush old System Restore Points and create a new clean one.


Next

Please delete aswMBR and any remaining logs from your desktop.

Windows Updates.
It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. I recommend that you set Windows to check, download and install your updates automatically.

Click Start
Select Control Panel
Click on Automatic (recommended)
Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
Click Apply then OK.


JAVA updates.
As with Windows, Java also needs to be regularly updated to fix security vulnerabilities. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

Click Start
Select Control Panel
Select Add or Remove Programs
Remove all Java updates except the latest one you have just installed.


To learn more about how to protect yourself while on the internet you might like to read this GeeksToGo article. This covers some of the safety measures that I've included and also some more.

Happy surfing and stay safe :yes:

Homburg.
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP