Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Search redirector [Solved]

Started by HBrian , Dec 11 2011 09:14 PM

This topic is locked

#1
HBrian

Posted 11 December 2011 - 09:14 PM

Member

Member
25 posts

I have a computer from a friend that I am trying to clean up and update. I've ran Malwarebytes twice and it has picked up and removed many items but I have found that there is still a search redirector on the system somewhere. Tried searching from Yahoo and Google with both redirecting to sites not related to the search. Below is the OTL Log file.

OTL Log:

OTL logfile created on: 12/11/2011 9:03:35 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bre Dior'\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 61.43% Memory free
5.86 Gb Paging File | 4.67 Gb Available in Paging File | 79.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 216.47 Gb Total Space | 171.70 Gb Free Space | 79.32% Space Free | Partition Type: NTFS
Drive D: | 16.12 Gb Total Space | 2.31 Gb Free Space | 14.33% Space Free | Partition Type: NTFS
Drive E: | 359.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1001.97 Mb Total Space | 525.31 Mb Free Space | 52.43% Space Free | Partition Type: FAT

Computer Name: BREDIOR-HP | User Name: Bre Dior' | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/11 21:00:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bre Dior'\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/03/07 11:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
PRC - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/07/13 19:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE

========== Modules (No Company Name) ==========

MOD - [2010/03/24 20:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/18 17:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/04/19 19:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/10 20:48:56 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/07/10 20:48:56 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/04/22 19:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/22 19:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/05 13:57:00 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/04 21:06:00 | 001,093,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.facebook....home.php?ref=hp
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxy.kodak.com:81/proxy.pac

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\2.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Bre Dior'\AppData\Local\RewardsArcade\498\Firefox

Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 208.67.220.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9E69046-4B35-4ED2-BFB6-2CF003180388}: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B21D2D2A-90C7-4CCE-8331-B69205661D3F}: DhcpNameServer = 208.67.222.222 208.67.220.220 208.67.220.222
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/02 21:31:27 | 000,000,102 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{22840f30-63c2-11e0-8892-60eb69258f0a}\Shell - "" = AutoRun
O33 - MountPoints2\{22840f30-63c2-11e0-8892-60eb69258f0a}\Shell\AutoRun\command - "" = F:\KODAK_Software_Downloader.exe
O33 - MountPoints2\{3a5ca054-1028-11e0-8943-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3a5ca054-1028-11e0-8943-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CDStart.exe -- [2008/02/26 08:50:39 | 000,608,608 | R--- | M] (Symantec Corporation)
O33 - MountPoints2\{3a5ca054-1028-11e0-8943-806e6f6e6963}\Shell\Install\Command - "" = E:\Stub.exe -- [2008/02/19 17:03:53 | 000,778,080 | R--- | M] (Symantec Corporation)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/11 21:02:49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bre Dior'\Desktop\OTL.exe
[2011/12/11 20:56:20 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/12/10 18:20:33 | 000,000,000 | ---D | C] -- C:\Users\Bre Dior'\AppData\Roaming\Malwarebytes
[2011/12/10 18:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/10 18:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/10 18:16:35 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/10 18:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/01 21:50:05 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/12/01 00:05:22 | 000,000,000 | ---D | C] -- C:\Users\Bre Dior'\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab PDF Converter
[2011/12/01 00:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FoxTabPDFConverter

========== Files - Modified Within 30 Days ==========

[2011/12/11 21:06:54 | 000,714,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/11 21:06:54 | 000,615,804 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/11 21:06:54 | 000,103,888 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/11 21:00:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bre Dior'\Desktop\OTL.exe
[2011/12/11 20:59:42 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/11 20:59:42 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/11 20:56:20 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/12/11 20:52:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/11 20:52:07 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/11 20:24:20 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At42.job
[2011/12/11 20:24:20 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At41.job
[2011/12/11 19:24:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At40.job
[2011/12/11 19:24:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At39.job
[2011/12/11 18:40:55 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At38.job
[2011/12/11 18:40:55 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At37.job
[2011/12/11 17:39:24 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At36.job
[2011/12/11 17:39:24 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At35.job
[2011/12/11 16:24:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At34.job
[2011/12/11 16:24:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At33.job
[2011/12/11 15:27:12 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At32.job
[2011/12/11 15:27:12 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/12/11 15:27:12 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At28.job
[2011/12/11 15:27:12 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At26.job
[2011/12/11 15:27:12 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/12/11 15:27:12 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/12/11 15:27:12 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At31.job
[2011/12/11 15:27:12 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At29.job
[2011/12/11 15:27:12 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At27.job
[2011/12/11 15:27:12 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At25.job
[2011/12/11 15:27:12 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/12/11 15:27:12 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/12/11 09:35:20 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/12/11 09:35:20 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/12/11 08:54:04 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/12/11 08:54:04 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/12/11 08:54:04 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At48.job
[2011/12/11 08:54:04 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/12/11 08:54:04 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/12/11 08:54:04 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/12/11 08:54:04 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/12/11 08:54:04 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/12/11 08:54:04 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/12/11 08:54:04 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/12/11 08:54:04 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/12/11 08:54:04 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/12/11 08:54:04 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/12/11 08:54:04 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At47.job
[2011/12/11 08:54:04 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/12/11 08:54:04 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/12/11 08:54:04 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/12/11 08:54:04 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/12/11 08:54:04 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/12/11 08:54:04 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/12/10 22:36:43 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At46.job
[2011/12/10 22:36:43 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At44.job
[2011/12/10 22:36:43 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At45.job
[2011/12/10 22:36:43 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At43.job
[2011/12/10 18:16:56 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/10 18:13:34 | 000,008,688 | -HS- | M] () -- C:\Users\Bre Dior'\AppData\Local\thpwtr4o4qpo2lss2vcx6x360v1o
[2011/12/10 18:13:34 | 000,008,688 | -HS- | M] () -- C:\ProgramData\thpwtr4o4qpo2lss2vcx6x360v1o
[2011/12/01 23:05:10 | 000,000,000 | ---- | M] () -- C:\ProgramData\5hU7l3T3.dat
[2011/11/28 19:18:55 | 000,126,951 | ---- | M] () -- C:\Users\Bre Dior'\Documents\BRe!.jpg
[2011/11/28 18:38:10 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBre Dior'.job

========== Files Created - No Company Name ==========

[2011/12/10 18:16:56 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/01 23:05:10 | 000,000,000 | ---- | C] () -- C:\ProgramData\5hU7l3T3.dat
[2011/12/01 23:05:09 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/12/01 23:05:09 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/12/01 23:05:09 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At47.job
[2011/12/01 23:05:08 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/12/01 23:05:08 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At45.job
[2011/12/01 23:05:08 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At43.job
[2011/12/01 23:05:07 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/12/01 23:05:07 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/12/01 23:05:07 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/12/01 23:05:07 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At41.job
[2011/12/01 23:05:07 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At39.job
[2011/12/01 23:05:07 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At37.job
[2011/12/01 23:05:06 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/12/01 23:05:06 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/12/01 23:05:06 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/12/01 23:05:06 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/12/01 23:05:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At35.job
[2011/12/01 23:05:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At33.job
[2011/12/01 23:05:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At31.job
[2011/12/01 23:05:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At29.job
[2011/12/01 23:05:05 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/12/01 23:05:05 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/12/01 23:05:05 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/12/01 23:05:05 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/12/01 23:05:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At27.job
[2011/12/01 23:05:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At25.job
[2011/12/01 23:05:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At23.job
[2011/12/01 23:05:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At21.job
[2011/12/01 23:05:04 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/12/01 23:05:04 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/12/01 23:05:04 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/12/01 23:05:04 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/12/01 23:05:04 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/12/01 23:05:04 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/12/01 23:05:04 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At19.job
[2011/12/01 23:05:04 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At17.job
[2011/12/01 23:05:04 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At15.job
[2011/12/01 23:05:04 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At13.job
[2011/12/01 23:05:04 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At11.job
[2011/12/01 23:05:03 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/12/01 23:05:03 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/12/01 23:05:03 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/12/01 23:05:03 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/12/01 23:05:03 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011/12/01 23:05:03 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011/12/01 23:05:03 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/12/01 23:05:03 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/12/01 23:05:03 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/12/01 21:49:35 | 000,008,688 | -HS- | C] () -- C:\Users\Bre Dior'\AppData\Local\thpwtr4o4qpo2lss2vcx6x360v1o
[2011/12/01 21:49:35 | 000,008,688 | -HS- | C] () -- C:\ProgramData\thpwtr4o4qpo2lss2vcx6x360v1o
[2011/12/01 00:05:28 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/11/28 19:18:54 | 000,126,951 | ---- | C] () -- C:\Users\Bre Dior'\Documents\BRe!.jpg
[2011/05/30 16:27:10 | 000,001,854 | ---- | C] () -- C:\Users\Bre Dior'\AppData\Roaming\GhostObjGAFix.xml
[2011/02/03 17:08:05 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/27 17:09:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/10 23:06:40 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/07/08 02:29:39 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/07/08 02:25:45 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/07/08 02:25:45 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/08 02:25:44 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/07/08 02:25:44 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/07/08 02:25:44 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/07/08 02:25:24 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/07/08 02:25:24 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 15:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/12/11 15:29:33 | 000,000,000 | ---D | M] -- C:\Users\Bre Dior'\AppData\Roaming\FrostWire
[2011/01/02 16:17:39 | 000,000,000 | ---D | M] -- C:\Users\Bre Dior'\AppData\Roaming\PlayFirst
[2011/02/11 16:43:58 | 000,000,000 | ---D | M] -- C:\Users\Bre Dior'\AppData\Roaming\SoftGrid Client
[2010/12/26 02:02:34 | 000,000,000 | ---D | M] -- C:\Users\Bre Dior'\AppData\Roaming\Tific
[2011/02/03 17:10:19 | 000,000,000 | ---D | M] -- C:\Users\Bre Dior'\AppData\Roaming\TP
[2011/12/11 08:54:04 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/12/11 08:54:04 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011/12/11 08:54:04 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2011/12/11 08:54:04 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2011/12/11 08:54:04 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2011/12/11 08:54:04 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2011/12/11 08:54:04 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2011/12/11 08:54:04 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2011/12/11 08:54:04 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2011/12/11 08:54:04 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2011/12/11 09:35:20 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2011/12/11 08:54:04 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/12/11 09:35:20 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2011/12/11 15:27:12 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2011/12/11 15:27:12 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2011/12/11 15:27:12 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2011/12/11 15:27:12 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2011/12/11 15:27:12 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2011/12/11 15:27:12 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2011/12/11 15:27:12 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2011/12/11 15:27:12 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2011/12/11 15:27:12 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2011/12/11 08:54:04 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/12/11 15:27:12 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2011/12/11 15:27:12 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2011/12/11 15:27:12 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2011/12/11 16:24:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2011/12/11 16:24:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2011/12/11 17:39:24 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2011/12/11 17:39:24 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2011/12/11 18:40:55 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2011/12/11 18:40:55 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2011/12/11 19:24:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2011/12/11 08:54:04 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011/12/11 19:24:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2011/12/11 20:24:20 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2011/12/11 20:24:20 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2011/12/10 22:36:43 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2011/12/10 22:36:43 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2011/12/10 22:36:43 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2011/12/10 22:36:43 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2011/12/11 08:54:04 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2011/12/11 08:54:04 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2011/12/11 08:54:04 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011/12/11 08:54:04 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2011/12/11 08:54:04 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2011/12/11 08:54:04 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011/12/11 08:54:04 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2009/07/13 23:08:49 | 000,016,898 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#2
maliprog

Posted 12 December 2011 - 02:05 AM

Trusted Helper

Malware Removal
6,172 posts

Hello HBrian and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
Absence of symptoms does not always mean the computer is clean
Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
Please DO NOT run any scans or fix on your own without my direction.
Please read all of my response through at least once before attempting to follow the procedures described.
If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
You must reply within 3 days or your topic will be closed

Step 1

NOTE: You have very nasty infection! I would strongly advice you to backup all your important data from your system before you begin with the fix.

This malware tends to disable you whole system and let you with nothing. Please backup your date.

Step 2

Do the following:

Click on the Start button and then choose Control Panel.
Click on the System and Security link.

Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
In the Administrative Tools window, double-click on the Computer Management icon.
When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

To print screen please download ClickShoot.exe on your desktop
Run the program and when you are ready press [Print Screen] button on your keyboard
Post ClickShoot_HHMMSS.jpg it creates here for me.

Step 3

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 4

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.

Extract the zip file to its own folder.
Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
Click Start scan to start scanning.
If infection is detected, the default setting for "action" should be Cure
- (If suspicious file is detected please click on it and change it to Skip).
Click Continue button
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 5

Please don't forget to include these items in your reply:

Screen shoot
Combofix log
TDSSKiller log

It would be helpful if you could post each log in separate post

#3
HBrian

Posted 12 December 2011 - 08:47 PM

Member

Topic Starter
Member
25 posts

Screenshot

Attached Thumbnails

#4
HBrian

Posted 12 December 2011 - 09:04 PM

Member

Topic Starter
Member
25 posts

Combofix

Attached Files

ComboFix.txt 11.82KB 93 downloads

#5
HBrian

Posted 12 December 2011 - 09:11 PM

Member

Topic Starter
Member
25 posts

TDSSKiler log:

21:06:41.0257 3608 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
21:06:42.0786 3608 ============================================================
21:06:42.0786 3608 Current date / time: 2011/12/12 21:06:42.0786
21:06:42.0786 3608 SystemInfo:
21:06:42.0786 3608
21:06:42.0786 3608 OS Version: 6.1.7600 ServicePack: 0.0
21:06:42.0786 3608 Product type: Workstation
21:06:42.0786 3608 ComputerName: BREDIOR-HP
21:06:42.0786 3608 UserName: Bre Dior'
21:06:42.0786 3608 Windows directory: C:\Windows
21:06:42.0786 3608 System windows directory: C:\Windows
21:06:42.0786 3608 Running under WOW64
21:06:42.0786 3608 Processor architecture: Intel x64
21:06:42.0786 3608 Number of processors: 1
21:06:42.0786 3608 Page size: 0x1000
21:06:42.0786 3608 Boot type: Normal boot
21:06:42.0786 3608 ============================================================
21:06:43.0176 3608 Initialize success
21:06:47.0419 3924 ============================================================
21:06:47.0419 3924 Scan started
21:06:47.0419 3924 Mode: Manual;
21:06:47.0419 3924 ============================================================
21:06:47.0840 3924 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:06:47.0840 3924 1394ohci - ok
21:06:47.0902 3924 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:06:47.0918 3924 ACPI - ok
21:06:48.0027 3924 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:06:48.0027 3924 AcpiPmi - ok
21:06:48.0105 3924 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:06:48.0121 3924 adp94xx - ok
21:06:48.0230 3924 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:06:48.0246 3924 adpahci - ok
21:06:48.0308 3924 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:06:48.0308 3924 adpu320 - ok
21:06:48.0464 3924 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
21:06:48.0464 3924 AFD - ok
21:06:48.0589 3924 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:06:48.0604 3924 agp440 - ok
21:06:48.0745 3924 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:06:48.0745 3924 aliide - ok
21:06:48.0792 3924 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:06:48.0792 3924 amdide - ok
21:06:48.0854 3924 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:06:48.0854 3924 AmdK8 - ok
21:06:48.0948 3924 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:06:48.0948 3924 AmdPPM - ok
21:06:48.0994 3924 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys
21:06:49.0010 3924 amdsata - ok
21:06:49.0119 3924 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:06:49.0135 3924 amdsbs - ok
21:06:49.0197 3924 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys
21:06:49.0197 3924 amdxata - ok
21:06:49.0306 3924 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:06:49.0306 3924 AppID - ok
21:06:49.0494 3924 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:06:49.0494 3924 arc - ok
21:06:49.0556 3924 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:06:49.0556 3924 arcsas - ok
21:06:49.0712 3924 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
21:06:49.0712 3924 aswFsBlk - ok
21:06:49.0774 3924 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
21:06:49.0774 3924 aswMonFlt - ok
21:06:49.0884 3924 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
21:06:49.0884 3924 aswRdr - ok
21:06:49.0930 3924 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
21:06:49.0930 3924 aswSnx - ok
21:06:50.0055 3924 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
21:06:50.0071 3924 aswSP - ok
21:06:50.0102 3924 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
21:06:50.0102 3924 aswTdi - ok
21:06:50.0242 3924 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:06:50.0242 3924 AsyncMac - ok
21:06:50.0305 3924 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:06:50.0305 3924 atapi - ok
21:06:50.0476 3924 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:06:50.0476 3924 b06bdrv - ok
21:06:50.0617 3924 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:06:50.0617 3924 b57nd60a - ok
21:06:50.0664 3924 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:06:50.0664 3924 Beep - ok
21:06:50.0788 3924 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:06:50.0788 3924 blbdrive - ok
21:06:50.0835 3924 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
21:06:50.0835 3924 bowser - ok
21:06:50.0851 3924 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:06:50.0851 3924 BrFiltLo - ok
21:06:50.0960 3924 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:06:50.0960 3924 BrFiltUp - ok
21:06:50.0991 3924 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:06:51.0007 3924 Brserid - ok
21:06:51.0038 3924 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:06:51.0038 3924 BrSerWdm - ok
21:06:51.0147 3924 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:06:51.0147 3924 BrUsbMdm - ok
21:06:51.0163 3924 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:06:51.0178 3924 BrUsbSer - ok
21:06:51.0210 3924 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:06:51.0210 3924 BTHMODEM - ok
21:06:51.0350 3924 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:06:51.0350 3924 cdfs - ok
21:06:51.0412 3924 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:06:51.0412 3924 cdrom - ok
21:06:51.0568 3924 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:06:51.0568 3924 circlass - ok
21:06:51.0631 3924 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:06:51.0631 3924 CLFS - ok
21:06:51.0756 3924 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:06:51.0771 3924 CmBatt - ok
21:06:51.0787 3924 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:06:51.0787 3924 cmdide - ok
21:06:51.0834 3924 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
21:06:51.0834 3924 CNG - ok
21:06:51.0958 3924 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:06:51.0974 3924 Compbatt - ok
21:06:52.0005 3924 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:06:52.0005 3924 CompositeBus - ok
21:06:52.0130 3924 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:06:52.0130 3924 crcdisk - ok
21:06:52.0333 3924 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
21:06:52.0333 3924 DfsC - ok
21:06:52.0364 3924 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:06:52.0364 3924 discache - ok
21:06:52.0489 3924 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:06:52.0489 3924 Disk - ok
21:06:52.0567 3924 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:06:52.0567 3924 drmkaud - ok
21:06:52.0692 3924 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
21:06:52.0707 3924 DXGKrnl - ok
21:06:52.0894 3924 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:06:52.0926 3924 ebdrv - ok
21:06:53.0097 3924 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:06:53.0113 3924 elxstor - ok
21:06:53.0222 3924 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:06:53.0222 3924 ErrDev - ok
21:06:53.0284 3924 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:06:53.0284 3924 exfat - ok
21:06:53.0409 3924 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:06:53.0409 3924 fastfat - ok
21:06:53.0456 3924 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:06:53.0456 3924 fdc - ok
21:06:53.0581 3924 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:06:53.0581 3924 FileInfo - ok
21:06:53.0612 3924 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:06:53.0612 3924 Filetrace - ok
21:06:53.0643 3924 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:06:53.0643 3924 flpydisk - ok
21:06:53.0768 3924 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:06:53.0768 3924 FltMgr - ok
21:06:53.0815 3924 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:06:53.0815 3924 FsDepends - ok
21:06:53.0846 3924 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:06:53.0846 3924 Fs_Rec - ok
21:06:53.0971 3924 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
21:06:53.0971 3924 fvevol - ok
21:06:54.0018 3924 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:06:54.0018 3924 gagp30kx - ok
21:06:54.0174 3924 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:06:54.0174 3924 hcw85cir - ok
21:06:54.0205 3924 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:06:54.0205 3924 HdAudAddService - ok
21:06:54.0236 3924 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:06:54.0236 3924 HDAudBus - ok
21:06:54.0361 3924 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:06:54.0361 3924 HidBatt - ok
21:06:54.0392 3924 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:06:54.0392 3924 HidBth - ok
21:06:54.0408 3924 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:06:54.0408 3924 HidIr - ok
21:06:54.0548 3924 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:06:54.0548 3924 HidUsb - ok
21:06:54.0735 3924 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:06:54.0735 3924 HpSAMD - ok
21:06:54.0782 3924 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:06:54.0782 3924 HTTP - ok
21:06:54.0891 3924 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:06:54.0891 3924 hwpolicy - ok
21:06:54.0922 3924 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:06:54.0922 3924 i8042prt - ok
21:06:55.0016 3924 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
21:06:55.0016 3924 iaStor - ok
21:06:55.0110 3924 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
21:06:55.0125 3924 iaStorV - ok
21:06:55.0390 3924 igfx (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:06:55.0562 3924 igfx - ok
21:06:55.0780 3924 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:06:55.0780 3924 iirsp - ok
21:06:55.0890 3924 IntcAzAudAddService (b88e24bd77a0ce2cffee2facf1151be0) C:\Windows\system32\drivers\RTKVHD64.sys
21:06:55.0905 3924 IntcAzAudAddService - ok
21:06:56.0014 3924 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:06:56.0014 3924 intelide - ok
21:06:56.0061 3924 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:06:56.0061 3924 intelppm - ok
21:06:56.0170 3924 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:06:56.0186 3924 IpFilterDriver - ok
21:06:56.0217 3924 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:06:56.0217 3924 IPMIDRV - ok
21:06:56.0342 3924 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:06:56.0358 3924 IPNAT - ok
21:06:56.0389 3924 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:06:56.0389 3924 IRENUM - ok
21:06:56.0420 3924 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:06:56.0420 3924 isapnp - ok
21:06:56.0529 3924 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:06:56.0529 3924 iScsiPrt - ok
21:06:56.0592 3924 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:06:56.0592 3924 kbdclass - ok
21:06:56.0716 3924 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:06:56.0716 3924 kbdhid - ok
21:06:56.0748 3924 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
21:06:56.0763 3924 KSecDD - ok
21:06:56.0794 3924 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
21:06:56.0794 3924 KSecPkg - ok
21:06:56.0904 3924 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:06:56.0904 3924 ksthunk - ok
21:06:57.0060 3924 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:06:57.0060 3924 lltdio - ok
21:06:57.0122 3924 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:06:57.0122 3924 LSI_FC - ok
21:06:57.0247 3924 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:06:57.0247 3924 LSI_SAS - ok
21:06:57.0294 3924 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:06:57.0294 3924 LSI_SAS2 - ok
21:06:57.0403 3924 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:06:57.0403 3924 LSI_SCSI - ok
21:06:57.0434 3924 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:06:57.0434 3924 luafv - ok
21:06:57.0574 3924 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:06:57.0574 3924 megasas - ok
21:06:57.0621 3924 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:06:57.0621 3924 MegaSR - ok
21:06:57.0746 3924 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:06:57.0746 3924 Modem - ok
21:06:57.0793 3924 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:06:57.0793 3924 monitor - ok
21:06:57.0855 3924 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:06:57.0855 3924 mouclass - ok
21:06:57.0949 3924 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:06:57.0949 3924 mouhid - ok
21:06:57.0996 3924 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:06:58.0011 3924 mountmgr - ok
21:06:58.0027 3924 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:06:58.0042 3924 mpio - ok
21:06:58.0105 3924 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:06:58.0105 3924 mpsdrv - ok
21:06:58.0183 3924 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:06:58.0183 3924 MRxDAV - ok
21:06:58.0230 3924 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:06:58.0230 3924 mrxsmb - ok
21:06:58.0292 3924 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:06:58.0292 3924 mrxsmb10 - ok
21:06:58.0354 3924 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:06:58.0354 3924 mrxsmb20 - ok
21:06:58.0386 3924 msahci (5e939cf91ea4a841dbafe4627e0292bb) C:\Windows\system32\DRIVERS\msahci.sys
21:06:58.0401 3924 msahci - ok
21:06:58.0479 3924 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:06:58.0479 3924 msdsm - ok
21:06:58.0542 3924 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:06:58.0542 3924 Msfs - ok
21:06:58.0620 3924 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:06:58.0620 3924 mshidkmdf - ok
21:06:58.0651 3924 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:06:58.0651 3924 msisadrv - ok
21:06:58.0682 3924 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:06:58.0682 3924 MSKSSRV - ok
21:06:58.0713 3924 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:06:58.0713 3924 MSPCLOCK - ok
21:06:58.0729 3924 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:06:58.0729 3924 MSPQM - ok
21:06:58.0760 3924 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:06:58.0776 3924 MsRPC - ok
21:06:58.0807 3924 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:06:58.0807 3924 mssmbios - ok
21:06:58.0869 3924 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:06:58.0869 3924 MSTEE - ok
21:06:58.0900 3924 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:06:58.0900 3924 MTConfig - ok
21:06:58.0947 3924 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:06:58.0947 3924 Mup - ok
21:06:59.0056 3924 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:06:59.0056 3924 NativeWifiP - ok
21:06:59.0134 3924 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:06:59.0134 3924 NDIS - ok
21:06:59.0244 3924 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:06:59.0259 3924 NdisCap - ok
21:06:59.0290 3924 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:06:59.0290 3924 NdisTapi - ok
21:06:59.0368 3924 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:06:59.0368 3924 Ndisuio - ok
21:06:59.0415 3924 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:06:59.0415 3924 NdisWan - ok
21:06:59.0446 3924 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:06:59.0446 3924 NDProxy - ok
21:06:59.0478 3924 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:06:59.0478 3924 NetBIOS - ok
21:06:59.0556 3924 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:06:59.0556 3924 NetBT - ok
21:06:59.0743 3924 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
21:06:59.0852 3924 netw5v64 - ok
21:06:59.0961 3924 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:06:59.0961 3924 nfrd960 - ok
21:07:00.0070 3924 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:07:00.0070 3924 Npfs - ok
21:07:00.0148 3924 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:07:00.0148 3924 nsiproxy - ok
21:07:00.0211 3924 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
21:07:00.0226 3924 Ntfs - ok
21:07:00.0320 3924 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:07:00.0320 3924 Null - ok
21:07:00.0351 3924 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
21:07:00.0351 3924 nvraid - ok
21:07:00.0382 3924 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
21:07:00.0382 3924 nvstor - ok
21:07:00.0523 3924 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:07:00.0523 3924 nv_agp - ok
21:07:00.0554 3924 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:07:00.0570 3924 ohci1394 - ok
21:07:00.0741 3924 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:07:00.0741 3924 Parport - ok
21:07:00.0772 3924 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:07:00.0772 3924 partmgr - ok
21:07:00.0804 3924 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:07:00.0819 3924 pci - ok
21:07:00.0928 3924 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:07:00.0928 3924 pciide - ok
21:07:00.0975 3924 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:07:00.0975 3924 pcmcia - ok
21:07:01.0084 3924 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:07:01.0084 3924 pcw - ok
21:07:01.0116 3924 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:07:01.0131 3924 PEAUTH - ok
21:07:01.0303 3924 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:07:01.0303 3924 PptpMiniport - ok
21:07:01.0350 3924 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:07:01.0350 3924 Processor - ok
21:07:01.0474 3924 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:07:01.0474 3924 Psched - ok
21:07:01.0537 3924 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:07:01.0552 3924 ql2300 - ok
21:07:01.0677 3924 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:07:01.0677 3924 ql40xx - ok
21:07:01.0708 3924 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:07:01.0708 3924 QWAVEdrv - ok
21:07:01.0771 3924 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:07:01.0771 3924 RasAcd - ok
21:07:01.0864 3924 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:07:01.0864 3924 RasAgileVpn - ok
21:07:01.0927 3924 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:07:01.0927 3924 Rasl2tp - ok
21:07:02.0005 3924 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:07:02.0005 3924 RasPppoe - ok
21:07:02.0036 3924 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:07:02.0052 3924 RasSstp - ok
21:07:02.0083 3924 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:07:02.0083 3924 rdbss - ok
21:07:02.0130 3924 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:07:02.0130 3924 rdpbus - ok
21:07:02.0208 3924 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:07:02.0208 3924 RDPCDD - ok
21:07:02.0270 3924 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:07:02.0270 3924 RDPENCDD - ok
21:07:02.0317 3924 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:07:02.0317 3924 RDPREFMP - ok
21:07:02.0379 3924 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:07:02.0379 3924 RDPWD - ok
21:07:02.0442 3924 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:07:02.0442 3924 rdyboost - ok
21:07:02.0551 3924 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:07:02.0566 3924 rspndr - ok
21:07:02.0644 3924 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:07:02.0644 3924 RTL8167 - ok
21:07:02.0738 3924 rtl8192se (cd8f32bb993b98e6705f11504a7f7250) C:\Windows\system32\DRIVERS\rtl8192se.sys
21:07:02.0754 3924 rtl8192se - ok
21:07:02.0878 3924 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:07:02.0878 3924 sbp2port - ok
21:07:02.0925 3924 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:07:02.0925 3924 scfilter - ok
21:07:02.0972 3924 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
21:07:02.0972 3924 sdbus - ok
21:07:03.0097 3924 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:07:03.0097 3924 secdrv - ok
21:07:03.0144 3924 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:07:03.0144 3924 Serenum - ok
21:07:03.0175 3924 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:07:03.0190 3924 Serial - ok
21:07:03.0300 3924 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:07:03.0300 3924 sermouse - ok
21:07:03.0362 3924 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:07:03.0362 3924 sffdisk - ok
21:07:03.0471 3924 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:07:03.0471 3924 sffp_mmc - ok
21:07:03.0502 3924 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:07:03.0502 3924 sffp_sd - ok
21:07:03.0549 3924 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:07:03.0549 3924 sfloppy - ok
21:07:03.0690 3924 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\Windows\system32\DRIVERS\Sftfslh.sys
21:07:03.0705 3924 Sftfs - ok
21:07:03.0814 3924 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:07:03.0814 3924 Sftplay - ok
21:07:03.0846 3924 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:07:03.0846 3924 Sftredir - ok
21:07:03.0892 3924 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys
21:07:03.0908 3924 Sftvol - ok
21:07:04.0002 3924 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:07:04.0002 3924 SiSRaid2 - ok
21:07:04.0080 3924 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:07:04.0080 3924 SiSRaid4 - ok
21:07:04.0173 3924 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:07:04.0173 3924 Smb - ok
21:07:04.0251 3924 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:07:04.0251 3924 spldr - ok
21:07:04.0345 3924 srv (37c3abc2338010e110d2a6a3930f3149) C:\Windows\system32\DRIVERS\srv.sys
21:07:04.0345 3924 srv - ok
21:07:04.0470 3924 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
21:07:04.0485 3924 srv2 - ok
21:07:04.0516 3924 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:07:04.0516 3924 SrvHsfHDA - ok
21:07:04.0594 3924 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:07:04.0610 3924 SrvHsfV92 - ok
21:07:04.0704 3924 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:07:04.0704 3924 SrvHsfWinac - ok
21:07:04.0828 3924 srvnet (cce32bb223e9ff55d241099a858fa889) C:\Windows\system32\DRIVERS\srvnet.sys
21:07:04.0828 3924 srvnet - ok
21:07:04.0891 3924 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:07:04.0891 3924 stexstor - ok
21:07:05.0000 3924 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:07:05.0000 3924 swenum - ok
21:07:05.0078 3924 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
21:07:05.0094 3924 SynTP - ok
21:07:05.0250 3924 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
21:07:05.0250 3924 Tcpip - ok
21:07:05.0406 3924 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
21:07:05.0421 3924 TCPIP6 - ok
21:07:05.0530 3924 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:07:05.0530 3924 tcpipreg - ok
21:07:05.0577 3924 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:07:05.0577 3924 TDPIPE - ok
21:07:05.0593 3924 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:07:05.0593 3924 TDTCP - ok
21:07:05.0624 3924 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:07:05.0624 3924 tdx - ok
21:07:05.0671 3924 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:07:05.0671 3924 TermDD - ok
21:07:05.0764 3924 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:07:05.0764 3924 tssecsrv - ok
21:07:05.0842 3924 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:07:05.0842 3924 tunnel - ok
21:07:05.0920 3924 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:07:05.0936 3924 uagp35 - ok
21:07:05.0967 3924 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
21:07:05.0967 3924 udfs - ok
21:07:06.0108 3924 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:07:06.0108 3924 uliagpkx - ok
21:07:06.0154 3924 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:07:06.0154 3924 umbus - ok
21:07:06.0279 3924 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:07:06.0279 3924 UmPass - ok
21:07:06.0310 3924 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
21:07:06.0326 3924 usbccgp - ok
21:07:06.0451 3924 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:07:06.0451 3924 usbcir - ok
21:07:06.0482 3924 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
21:07:06.0482 3924 usbehci - ok
21:07:06.0607 3924 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
21:07:06.0607 3924 usbhub - ok
21:07:06.0654 3924 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
21:07:06.0654 3924 usbohci - ok
21:07:06.0685 3924 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:07:06.0685 3924 usbprint - ok
21:07:06.0794 3924 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:07:06.0794 3924 USBSTOR - ok
21:07:06.0825 3924 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:07:06.0825 3924 usbuhci - ok
21:07:06.0888 3924 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:07:06.0888 3924 vdrvroot - ok
21:07:06.0997 3924 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:07:06.0997 3924 vga - ok
21:07:07.0044 3924 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:07:07.0044 3924 VgaSave - ok
21:07:07.0090 3924 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:07:07.0090 3924 vhdmp - ok
21:07:07.0200 3924 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:07:07.0200 3924 viaide - ok
21:07:07.0246 3924 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:07:07.0246 3924 volmgr - ok
21:07:07.0324 3924 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:07:07.0324 3924 volmgrx - ok
21:07:07.0387 3924 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:07:07.0387 3924 volsnap - ok
21:07:07.0465 3924 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:07:07.0465 3924 vsmraid - ok
21:07:07.0512 3924 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:07:07.0512 3924 vwifibus - ok
21:07:07.0543 3924 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:07:07.0558 3924 vwififlt - ok
21:07:07.0683 3924 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:07:07.0683 3924 vwifimp - ok
21:07:07.0746 3924 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:07:07.0746 3924 WacomPen - ok
21:07:07.0870 3924 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:07:07.0870 3924 WANARP - ok
21:07:07.0886 3924 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:07:07.0886 3924 Wanarpv6 - ok
21:07:07.0948 3924 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:07:07.0964 3924 Wd - ok
21:07:08.0058 3924 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:07:08.0058 3924 Wdf01000 - ok
21:07:08.0245 3924 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:07:08.0245 3924 WfpLwf - ok
21:07:08.0260 3924 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:07:08.0260 3924 WIMMount - ok
21:07:08.0448 3924 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:07:08.0448 3924 WinUsb - ok
21:07:08.0494 3924 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:07:08.0494 3924 WmiAcpi - ok
21:07:08.0619 3924 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:07:08.0619 3924 ws2ifsl - ok
21:07:08.0682 3924 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:07:08.0682 3924 WudfPf - ok
21:07:08.0822 3924 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:07:08.0822 3924 WUDFRd - ok
21:07:08.0884 3924 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
21:07:08.0884 3924 yukonw7 - ok
21:07:08.0931 3924 MBR (0x1B8) (267286b4d3e61023d7cbac898d1ec7fe) \Device\Harddisk0\DR0
21:07:08.0931 3924 \Device\Harddisk0\DR0 - ok
21:07:08.0947 3924 Boot (0x1200) (6ef16a6b96e3ab8ce53e63ede51c7f69) \Device\Harddisk0\DR0\Partition0
21:07:08.0947 3924 \Device\Harddisk0\DR0\Partition0 - ok
21:07:08.0962 3924 Boot (0x1200) (00ebf65158c7609d02be31d589701311) \Device\Harddisk0\DR0\Partition1
21:07:08.0962 3924 \Device\Harddisk0\DR0\Partition1 - ok
21:07:08.0994 3924 Boot (0x1200) (2b28d341ea1d876c10e7202be35baae2) \Device\Harddisk0\DR0\Partition2
21:07:08.0994 3924 \Device\Harddisk0\DR0\Partition2 - ok
21:07:09.0009 3924 Boot (0x1200) (a825d222e0e40144e37b0bb3139e45d3) \Device\Harddisk0\DR0\Partition3
21:07:09.0009 3924 \Device\Harddisk0\DR0\Partition3 - ok
21:07:09.0025 3924 ============================================================
21:07:09.0025 3924 Scan finished
21:07:09.0025 3924 ============================================================
21:07:09.0040 3932 Detected object count: 0
21:07:09.0040 3932 Actual detected object count: 0

#6
HBrian

Posted 12 December 2011 - 09:14 PM

Member

Topic Starter
Member
25 posts

When I went to bed last night I kicked off a boot virus scan and it apparently did quite a bit of work. The system is running better and I'm not seeing any redirections at the moment. Let me know what you see in those log files.

#7
maliprog

Posted 13 December 2011 - 12:21 AM

Trusted Helper

Malware Removal
6,172 posts

Hi HBrian,

Glad to hear that! I see some leftovers that we need to remove and check for hidden infections.

Step 1

Can you please post log from this boot-time scan? I see you have Avast installed so you can find it like This

Step 2

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\2.bin
[2011/12/10 18:13:34 | 000,008,688 | -HS- | M] () -- C:\Users\Bre Dior'\AppData\Local\thpwtr4o4qpo2lss2vcx6x360v1o
[2011/12/10 18:13:34 | 000,008,688 | -HS- | M] () -- C:\ProgramData\thpwtr4o4qpo2lss2vcx6x360v1o
[2011/12/01 23:05:10 | 000,000,000 | ---- | M] () -- C:\ProgramData\5hU7l3T3.dat

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Run OTL.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 4

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply

Step 5

Please don't forget to include these items in your reply:

Boot-time scan log
OTL fix log
New OTL scan log
aswMBR log

It would be helpful if you could post each log in separate post

#8
HBrian

Posted 13 December 2011 - 08:47 PM

Member

Topic Starter
Member
25 posts

Boottime scan:

12/11/2011 21:35
Scan of all local drives

File C:\HP\Bin\EndProcess.exe is infected by Win32:KillApp-W [PUP], Deleted
File C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ping.exe_616132375014cd58817c7fa49354802fce7dc12e_cab_079e83cf\WER7022.tmp.hdmp is infected by Win32:DNSChanger-VJ [Trj], Deleted
File C:\Users\Bre Dior'\AppData\Local\Ares\My Shared Folder\miss you boosie (house remix).wma is infected by WMA:Wimad [Drp], Deleted
File C:\Users\Bre Dior'\AppData\Local\Ares\My Shared Folder\playas for the south boosie (complete).wma is infected by WMA:Wimad [Drp], Deleted
File C:\Users\Bre Dior'\AppData\Local\Ares\My Shared Folder\youre the one for me dondria soundtrack.wma is infected by WMA:Wimad [Drp], Deleted
File C:\Users\Bre Dior'\AppData\Local\CrashDumps\iexplore.exe(1).4932.dmp is infected by Win32:Mywebsearch-R [PUP], Deleted
File C:\Users\Bre Dior'\AppData\Local\CrashDumps\iexplore.exe.1896.dmp is infected by Win32:Mywebsearch-R [PUP], Deleted
File C:\Users\Bre Dior'\AppData\Local\CrashDumps\iexplore.exe.4332.dmp is infected by Win32:Mywebsearch-R [PUP], Deleted
File C:\Users\Bre Dior'\AppData\Local\CrashDumps\iexplore.exe.4932.dmp is infected by Win32:Mywebsearch-R [PUP], Deleted
File C:\Users\Bre Dior'\AppData\Local\CrashDumps\iexplore.exe.5728.dmp is infected by Win32:Mywebsearch-R [PUP], Deleted
File C:\Users\Bre Dior'\AppData\Local\CrashDumps\iexplore.exe.7324.dmp is infected by Win32:Mywebsearch-R [PUP], Deleted
File C:\Users\Bre Dior'\AppData\Local\CrashDumps\mswinext.exe.7332.dmp is infected by Win32:Mywebsearch-R [PUP], Deleted
File C:\Users\Bre Dior'\AppData\Local\CrashDumps\Skype.exe.13496.dmp is infected by Win32:Mywebsearch-R [PUP], Deleted
File C:\Users\Bre Dior'\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_iexplore.exe_82e6a23ebb92f4a3ff6d49f97dca3c414bca4d8_cab_bbacf6eb\WERB7BB.tmp.hdmp is infected by Win32:Mywebsearch-R [PUP], Deleted
File C:\Users\Bre Dior'\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_iexplore.exe_82e6a23ebb92f4a3ff6d49f97dca3c414bca4d8_cab_bbacf6eb\WERF577.tmp.mdmp is infected by Win32:Mywebsearch-R [PUP], Deleted
File C:\Users\Bre Dior'\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_mswinext.exe_a8c07ffe4c3883c36a806878736e44cf325c43be_cab_99b4cbdb\WERC181.tmp.hdmp is infected by Win32:Mywebsearch-R [PUP], Deleted
File C:\Users\Bre Dior'\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_mswinext.exe_a8c07ffe4c3883c36a806878736e44cf325c43be_cab_99b4cbdb\WERCAC5.tmp.mdmp is infected by Win32:Mywebsearch-R [PUP], Deleted
File C:\Users\Bre Dior'\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppHang_iexplore.exe_a83bb749bbd92e79244314bb0cc19b5d1ee9a75_cab_083aaed6\WER4521.tmp.mdmp is infected by Win32:Mywebsearch-R [PUP], Deleted
File C:\Users\Bre Dior'\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppHang_iexplore.exe_a83bb749bbd92e79244314bb0cc19b5d1ee9a75_cab_083aaed6\WERB0AE.tmp.hdmp is infected by Win32:Mywebsearch-R [PUP], Deleted
File C:\Users\Bre Dior'\AppData\LocalLow\MyWebSearch\bar\Cache\00026C2A.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#M3UNPAT.DLL] is infected by Win32:Mywebsearch-X [PUP], Deleted
File C:\Users\Bre Dior'\AppData\LocalLow\MyWebSearch\bar\Cache\00026C2A.exe|>mwsSetup.CommonCodebase.exe is infected by Win32:Mywebsearch-X [PUP], Deleted
File C:\Users\Bre Dior'\AppData\LocalLow\MyWebSearch\bar\Cache\00026C2A.exe is infected by Win32:Mywebsearch-X [PUP], Deleted
File C:\Users\Bre Dior'\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\44f2359a-64bb6e04|>photo\Crop.class is infected by Java:Agent-AEY [Expl], Deleted
File C:\Users\Bre Dior'\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\44f2359a-64bb6e04|>photo\Image.class is infected by Java:Agent-AEZ [Expl], Deleted
File C:\Users\Bre Dior'\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\44f2359a-64bb6e04|>photo\Zoom.class is infected by Java:Agent-ADW [Expl], Deleted
File C:\Users\Bre Dior'\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6436d4e7-1b53108f|>morale.class is infected by Java:CVE-2011-3544-J [Expl], Deleted
File C:\Windows\assembly\GAC_32\Desktop.ini is infected by Win32:Sirefef-FQ [Drp], Deleted
File C:\Windows\assembly\GAC_64\Desktop.ini is infected by Win64:Sirefef-C [Drp], Deleted
File C:\Windows\assembly\temp\U\00000002.@|>[Embedded_R#00290]|>[UPX] is infected by Win32:PUP-gen [PUP], Deleted
File C:\Windows\SoftwareDistribution\Download\3901bec9d74eef25aef188437e9125e7\BITF445.tmp|>mrt.exe Error 42127 {CAB archive is corrupted.}
File C:\Windows\SoftwareDistribution\Download\f181e390c0160f778b7d85e4d532a968\BIT328B.tmp|>msxml.msi|>01File Error 42144 {OLE archive is corrupted.}
File C:\Windows\SoftwareDistribution\Download\f181e390c0160f778b7d85e4d532a968\BIT328B.tmp|>msxml.msi|>XML_Core.cab|>ul_msxml4.dll.7B30B69B_0E6C_B7E0_FF6B_D6B9ABF34537 Error 42127 {CAB archive is corrupted.}
File C:\Windows\SoftwareDistribution\Download\f181e390c0160f778b7d85e4d532a968\BIT328B.tmp|>msxml.msi|>XML_Core.cab Error 42144 {OLE archive is corrupted.}
File C:\Windows\SoftwareDistribution\Download\f181e390c0160f778b7d85e4d532a968\BIT328B.tmp|>msxml.msi Error 42127 {CAB archive is corrupted.}
File C:\Windows\System32\consrv.dll|>[Embedded_I#1ac7] is infected by Win64:Sirefef-C [Drp], Deleted
File C:\Windows\System32\consrv.dll|>[Embedded_I#2ec7] is infected by Win32:Sirefef-FQ [Drp], Deleted
File C:\Windows\System32\consrv.dll|>[Embedded_I#46ff] is infected by Win64:Sirefef-D [Drp], Deleted
File C:\Windows\System32\consrv.dll is infected by Win64:Sirefef-C [Drp], Deleted
Number of searched folders: 25295
Number of tested files: 652310
Number of infected files: 33

#9
HBrian

Posted 13 December 2011 - 09:10 PM

Member

Topic Starter
Member
25 posts

OTL log:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\2.bin not found.
C:\Users\Bre Dior'\AppData\Local\thpwtr4o4qpo2lss2vcx6x360v1o moved successfully.
C:\ProgramData\thpwtr4o4qpo2lss2vcx6x360v1o moved successfully.
C:\ProgramData\5hU7l3T3.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Bre Dior'\Desktop\cmd.bat deleted successfully.
C:\Users\Bre Dior'\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12132011_204951

#10
HBrian

Posted 13 December 2011 - 09:33 PM

Member

Topic Starter
Member
25 posts

New OTL Log:

OTL logfile created on: 12/13/2011 9:25:49 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bre Dior'\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 62.88% Memory free
5.86 Gb Paging File | 4.75 Gb Available in Paging File | 81.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 216.47 Gb Total Space | 168.37 Gb Free Space | 77.78% Space Free | Partition Type: NTFS
Drive D: | 16.12 Gb Total Space | 2.31 Gb Free Space | 14.33% Space Free | Partition Type: NTFS
Drive F: | 1001.97 Mb Total Space | 516.48 Mb Free Space | 51.55% Space Free | Partition Type: FAT

Computer Name: BREDIOR-HP | User Name: Bre Dior' | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/11 21:00:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bre Dior'\Desktop\OTL.exe
PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/07 11:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
PRC - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/18 17:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/04/19 19:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 15:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 15:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 15:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 15:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 15:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 15:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/07/10 20:48:56 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/07/10 20:48:56 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/04/22 19:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/22 19:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/05 13:57:00 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/04 21:06:00 | 001,093,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\2.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Bre Dior'\AppData\Local\RewardsArcade\498\Firefox

O1 HOSTS File: ([2011/12/13 20:49:51 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 208.67.220.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9E69046-4B35-4ED2-BFB6-2CF003180388}: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B21D2D2A-90C7-4CCE-8331-B69205661D3F}: DhcpNameServer = 208.67.222.222 208.67.220.220 208.67.220.222
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/13 21:14:15 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Bre Dior'\Desktop\aswMBR.exe
[2011/12/13 20:49:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/12 22:16:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/12/12 22:16:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/12/12 21:53:13 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2011/12/12 21:53:13 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2011/12/12 21:53:12 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2011/12/12 21:53:12 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2011/12/12 21:53:12 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2011/12/12 21:53:12 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2011/12/12 21:53:12 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2011/12/12 21:53:11 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2011/12/12 21:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/12/12 21:42:03 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/12/12 21:42:03 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/12/12 21:42:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/12/12 21:42:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/12/12 21:22:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/12/12 21:21:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/12 21:05:40 | 000,000,000 | ---D | C] -- C:\temp
[2011/12/12 21:00:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/12 20:55:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/12 20:43:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/12 20:43:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/12 20:43:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/12 20:43:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/12 20:43:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/12 20:40:49 | 004,337,189 | R--- | C] (Swearware) -- C:\Users\Bre Dior'\Desktop\ComboFix.exe
[2011/12/12 20:40:49 | 000,693,545 | ---- | C] (maliprog @ Geekstogo) -- C:\Users\Bre Dior'\Desktop\ClickShoot.exe
[2011/12/12 05:44:03 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/12/12 05:44:03 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/12/12 05:43:59 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2011/12/12 05:43:44 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/12/12 05:43:44 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011/12/12 05:43:36 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/12/12 05:43:35 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/12/12 05:43:35 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/12/12 05:43:35 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/12/12 05:43:35 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/12/12 05:43:34 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/12/12 05:43:33 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/12/12 05:43:32 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/12/12 05:43:32 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/12/12 05:43:31 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/12/12 05:43:31 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/12/12 05:43:31 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/12/12 05:43:31 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/12/12 05:43:31 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/12/12 05:43:31 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/12/12 05:43:31 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/12/12 05:43:24 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/12/12 05:43:24 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/12/12 05:43:23 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/12/12 05:43:23 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/12/12 05:43:23 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/12/12 05:43:23 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/12/12 05:43:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/12/12 05:43:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/12/12 05:43:22 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/12/12 05:43:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/12/12 05:43:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/12/12 05:43:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/12/12 05:43:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/12 05:43:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/12 05:43:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/12/12 05:43:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/12/12 05:43:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/12/12 05:43:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/12/12 05:43:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/12/12 05:43:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/12/12 05:43:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/12/12 05:43:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/12/12 05:43:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/12/12 05:43:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/12/12 05:43:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/12/12 05:43:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/12/12 05:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/12/12 05:43:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/12/12 05:43:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/12/12 05:43:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/12/12 05:43:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/12/12 05:43:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/12/12 05:43:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/12/12 05:43:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/12/12 05:43:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/12/12 05:43:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/12/12 05:43:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/12/12 05:43:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/12/12 05:43:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/12/12 05:43:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/12/12 05:43:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/12/12 05:43:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/12/12 05:43:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/12/12 05:43:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/12/12 05:43:16 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/12/12 05:42:53 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/12 05:42:52 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/12 05:42:52 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/12 05:42:51 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/12 05:42:50 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/12 05:42:50 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/12 05:42:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/12 05:42:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/12 05:42:49 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/12 05:42:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/12 05:42:48 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/12 05:42:47 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/12 05:42:47 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/12 05:42:47 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/12 05:42:47 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/12 05:42:10 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/12/12 05:42:04 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/12/12 05:42:03 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/12/12 05:42:03 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/12/12 05:41:51 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2011/12/12 05:41:36 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/12/12 05:41:35 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/12/12 05:41:35 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/12/12 05:41:35 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/12/12 05:41:34 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/12/12 05:41:33 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/12/12 05:41:33 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/12/12 05:41:33 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/12/12 05:41:33 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/12/12 05:41:33 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/12/12 05:41:32 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/12/12 05:41:32 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/12/12 05:41:32 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/12/12 05:41:29 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2011/12/12 05:41:28 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2011/12/12 05:41:28 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2011/12/12 05:41:28 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2011/12/12 05:41:28 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2011/12/12 05:41:28 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2011/12/12 05:41:28 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2011/12/12 05:41:28 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2011/12/12 05:41:17 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011/12/12 05:41:16 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011/12/12 05:41:15 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011/12/12 05:41:14 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011/12/12 05:41:14 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011/12/12 05:41:14 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011/12/12 05:41:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011/12/12 05:41:11 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/12/12 05:41:11 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/12/12 05:41:03 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/12/12 05:41:03 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/12 05:41:03 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/12/12 05:41:02 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/12/12 05:41:02 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/12/12 05:41:02 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/12 05:41:02 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/12/12 05:41:01 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/12/12 05:40:58 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2011/12/12 05:40:58 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2011/12/12 05:40:46 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/12/12 05:40:46 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/12/12 05:40:40 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/12/12 05:40:40 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/12/12 05:40:39 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/12/12 05:40:39 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/12/12 05:40:39 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/12/12 05:40:39 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/12/12 05:40:39 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/12/12 05:40:36 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/12/12 05:40:35 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/12/12 05:40:35 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/12/12 05:40:35 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/12/12 05:40:34 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/12 05:40:33 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/12 05:40:33 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/12/12 05:40:13 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/12/12 05:40:13 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/12/12 05:40:12 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/12/12 05:40:12 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011/12/12 05:40:12 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/12/12 05:40:12 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/12/12 05:40:11 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/12/12 05:40:11 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011/12/12 05:40:11 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011/12/12 05:40:11 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011/12/12 05:40:11 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/12/12 05:40:11 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/12/12 05:40:08 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/12/12 05:40:08 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/12/12 05:40:05 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011/12/12 05:40:05 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/12/12 05:40:04 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011/12/12 05:40:04 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/12/12 05:40:01 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/12/12 05:40:01 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/12/12 05:40:01 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/12/12 05:39:59 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2011/12/12 05:39:56 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/12/12 05:39:56 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/12/12 05:39:56 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/12/12 05:39:56 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/12/12 05:39:56 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/12/12 05:39:56 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/12/12 05:39:56 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/12/12 05:39:56 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/12/12 05:39:56 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/12/12 05:39:45 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2011/12/12 05:39:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2011/12/12 05:39:44 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/12/12 05:39:44 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/12/12 05:39:44 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/12/12 05:39:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/12/12 05:39:43 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/12/12 05:39:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/12/12 05:39:41 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2011/12/12 05:39:39 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2011/12/12 05:39:39 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2011/12/12 05:39:31 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011/12/12 05:39:30 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2011/12/12 05:39:30 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2011/12/12 05:39:28 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2011/12/12 05:39:28 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2011/12/12 05:39:25 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/12/12 05:39:25 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/12/12 05:39:20 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2011/12/12 05:39:19 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2011/12/12 05:39:13 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2011/12/12 05:39:11 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2011/12/12 05:39:09 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2011/12/12 05:39:08 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2011/12/12 05:39:06 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011/12/12 05:39:02 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/12/12 05:39:02 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/12/11 21:18:13 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/12/11 21:18:13 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/12/11 21:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/12/11 21:18:11 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/12/11 21:18:10 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/12/11 21:18:09 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/12/11 21:18:05 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/12/11 21:18:04 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/12/11 21:17:13 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/12/11 21:17:13 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/12/11 21:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/12/11 21:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/11 21:02:49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bre Dior'\Desktop\OTL.exe
[2011/12/11 16:10:26 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/10 18:20:33 | 000,000,000 | ---D | C] -- C:\Users\Bre Dior'\AppData\Roaming\Malwarebytes
[2011/12/10 18:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/10 18:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/10 18:16:35 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/10 18:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/01 21:50:05 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/12/01 00:05:22 | 000,000,000 | ---D | C] -- C:\Users\Bre Dior'\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab PDF Converter
[2011/12/01 00:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FoxTabPDFConverter

========== Files - Modified Within 30 Days ==========

[2011/12/13 21:11:48 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Bre Dior'\Desktop\aswMBR.exe
[2011/12/13 20:58:45 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 20:58:45 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 20:56:08 | 000,714,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/13 20:56:08 | 000,615,804 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/13 20:56:08 | 000,103,888 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/13 20:51:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/13 20:50:37 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/13 20:49:51 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/12/12 22:18:54 | 000,425,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/12 20:41:48 | 000,489,277 | ---- | M] () -- C:\Users\Bre Dior'\Desktop\ClickShoot_204148.jpg
[2011/12/12 20:40:00 | 001,557,928 | ---- | M] () -- C:\Users\Bre Dior'\Desktop\tdsskiller.zip
[2011/12/12 20:39:54 | 004,337,189 | R--- | M] (Swearware) -- C:\Users\Bre Dior'\Desktop\ComboFix.exe
[2011/12/12 20:39:24 | 000,693,545 | ---- | M] (maliprog @ Geekstogo) -- C:\Users\Bre Dior'\Desktop\ClickShoot.exe
[2011/12/11 21:18:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/12/11 21:00:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bre Dior'\Desktop\OTL.exe
[2011/12/11 16:10:26 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/28 19:18:55 | 000,126,951 | ---- | M] () -- C:\Users\Bre Dior'\Documents\BRe!.jpg
[2011/11/28 18:38:10 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBre Dior'.job

========== Files Created - No Company Name ==========

[2011/12/12 21:22:47 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/12 20:43:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/12 20:43:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/12 20:43:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/12 20:43:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/12 20:43:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/12 20:41:48 | 000,489,277 | ---- | C] () -- C:\Users\Bre Dior'\Desktop\ClickShoot_204148.jpg
[2011/12/12 20:40:49 | 001,557,928 | ---- | C] () -- C:\Users\Bre Dior'\Desktop\tdsskiller.zip
[2011/12/11 21:18:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/12/01 00:05:28 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/11/28 19:18:54 | 000,126,951 | ---- | C] () -- C:\Users\Bre Dior'\Documents\BRe!.jpg
[2011/05/30 16:27:10 | 000,001,854 | ---- | C] () -- C:\Users\Bre Dior'\AppData\Roaming\GhostObjGAFix.xml
[2011/02/03 17:08:05 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/27 17:09:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/10 23:06:40 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/07/08 02:29:39 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/07/08 02:25:45 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/07/08 02:25:45 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/08 02:25:44 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/07/08 02:25:44 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/07/08 02:25:44 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/07/08 02:25:24 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/07/08 02:25:24 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 15:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

#11
HBrian

Posted 13 December 2011 - 09:34 PM

Member

Topic Starter
Member
25 posts

MBR Log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-13 21:14:31
-----------------------------
21:14:31.139 OS Version: Windows x64 6.1.7600
21:14:31.139 Number of processors: 1 586 0x170A
21:14:31.139 ComputerName: BREDIOR-HP UserName: Bre Dior'
21:14:32.106 Initialize success
21:14:32.199 AVAST engine defs: 11121302
21:14:36.053 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:14:36.053 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
21:14:36.068 Disk 0 MBR read successfully
21:14:36.084 Disk 0 MBR scan
21:14:36.084 Disk 0 unknown MBR code
21:14:36.084 Service scanning
21:14:37.285 Modules scanning
21:14:37.285 Disk 0 trace - called modules:
21:14:37.301 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
21:14:37.316 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80050ac160]
21:14:37.316 3 CLASSPNP.SYS[fffff88001af243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80031d0050]
21:14:37.909 AVAST engine scan C:\Windows
21:14:43.603 AVAST engine scan C:\Windows\system32
21:15:52.633 AVAST engine scan C:\Windows\system32\drivers
21:15:59.996 AVAST engine scan C:\Users\Bre Dior'
21:21:24.009 AVAST engine scan C:\ProgramData
21:22:14.225 Scan finished successfully
21:25:33.796 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
21:25:33.843 The log file has been saved successfully to "F:\aswMBR.txt"

#12
maliprog

Posted 14 December 2011 - 01:19 AM

Trusted Helper

Malware Removal
6,172 posts

I see that AVAST boot scan did great job! How is your system now?

#13
HBrian

Posted 14 December 2011 - 05:34 AM

Member

Topic Starter
Member
25 posts

It seems to be running good. No more redirects. Was just waiting on the all clear from you.

#14
maliprog

Posted 14 December 2011 - 05:38 AM

Trusted Helper

Malware Removal
6,172 posts

Glad to hear that!

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update

Click Start, click Run, type sysdm.cpl, and then press ENTER.
Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
Click OK button

2. Delete Temp files

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.

4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.