Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vista Security 2012 [Solved]


  • This topic is locked This topic is locked

#1
Gilfindel

Gilfindel

    Member

  • Member
  • PipPip
  • 53 posts
My daughter's laptop has been infected with the Vista Security 2012 virus; it's blocking all of the security software, and is preventing access to the Internet as well. Help!
  • 0

Advertisements


#2
Gilfindel

Gilfindel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
I should also note that it looks like most if not all .exe have been disabled; I can't run any programs on this computer, presumably due to something the virus has done. This may make resolving the issue a bit trickier...
  • 0

#3
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, Gilfindel! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

You will need to download these files and copy them to a flash drive and onto the sick computer until we get the internet back. So to protect your clean computer please do this step on it:

  • Please download Panda USB Vaccine (you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run the program.

  • Double-click on the file USBVaccine.zip located on your desktop.
  • A file viewer will open. Double-click on the file USBVaccineSetup.exe. Please select Yes if you are asked if you want to allow the program to make changes to the computer.
  • Follow the steps on screen to install the program on your computer.

  • Plug in your USB drive and click on Vaccinate USB and Vaccinate Computer.


Step 1.

Download RogueKiller to your desktop.

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.


Step 2.

Rerun RogueKiller
  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.


Step 3.

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Step 4.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 5.

Do the following:
Start -> Run.
Type diskmgmt.msc .
Click "OK".

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen shot of the Disk Management Window and attach the screen shot to your reply.


To do this follow these steps:

  • Press Alt and Print Screen button on your keyboard
  • Open Paint program
  • From the menu choose Edit then Paste
  • Now save the picture as a .jpg file and attach it here for me.


Step 6.


Please Post:

both RkReport.txt files
aswMBR log
OTL.txt
Extras.txt
Picture of disk management screen



How is your computer doing? Have your wallpaper and icons reappeared?
  • 0

#4
Gilfindel

Gilfindel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Thanks, I appreciate all the help you can give.

The desktop icons are good, although the desktop background is black; I'll have to check with my daughter to see if she had it set to display anything. I ran one of the exe fix macros that I found elsewhere, and I can now launch programs OK; however, I still don't have Internet access. I'm using another computer to download the programs and post the logs. Here we go:

RK Report #1:
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User: Ovenmitt [Admin rights]
Mode: Remove -- Date : 12/20/2011 14:40:08

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILEASSO] HKCU\[...]Software\Classes\.exe\shell\open\command : ("C:\Users\Ovenmitt\AppData\Local\vue.exe" -a "%1" %*) -> REPLACED ("%1" %*)
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : ("C:\Users\Ovenmitt\AppData\Local\vue.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") -> REPLACED ("C:\Program Files\mozilla firefox\firefox.exe")
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command : ("C:\Users\Ovenmitt\AppData\Local\vue.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) -> REPLACED ("C:\Program Files\mozilla firefox\firefox.exe" -safe-mode)
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Users\Ovenmitt\AppData\Local\vue.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> REPLACED ("C:\Program Files\internet explorer\iexplore.exe")

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤
--- User ---
[MBR] 58f02d4c31012472c979f136c3f59511
[BSP] 37923316c67f50941cad01a959c85ff0 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 73682 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 143910270 | Size: 6341 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


RK Report #2:
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User: Ovenmitt [Admin rights]
Mode: Shortcuts HJfix -- Date : 12/20/2011 14:43:06

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 12 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 271 / Fail 0
My documents: Success 2 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 42 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 144 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\CdRom1 -- 0x5 --> Skipped
[G:] \Device\HarddiskVolume5 -- 0x2 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

aswMBR Report:
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-20 14:43:43
-----------------------------
14:43:43.664 OS Version: Windows 6.0.6000
14:43:43.664 Number of processors: 2 586 0xE0C
14:43:43.664 ComputerName: LOKI UserName:
14:43:45.365 Initialize success
14:43:45.942 AVAST engine defs: 11121400
14:44:01.807 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
14:44:01.807 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC7BP Size: 76319MB BusType: 3
14:44:03.851 Disk 0 MBR read successfully
14:44:03.851 Disk 0 MBR scan
14:44:03.851 Disk 0 unknown MBR code
14:44:03.866 Disk 0 scanning sectors +156296385
14:44:03.929 Disk 0 scanning C:\Windows\system32\drivers
14:44:12.930 Service scanning
14:44:14.318 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
14:44:14.942 Modules scanning
14:44:23.117 Disk 0 trace - called modules:
14:44:23.132 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x840fb1f8]<<
14:44:23.148 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x846a46a0]
14:44:23.148 3 ntkrnlpa.exe[81cb07e2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x841d78b8]
14:44:23.163 \Driver\atapi[0x83311b00] -> IRP_MJ_CREATE -> 0x840fb1f8
14:44:23.772 AVAST engine scan C:\Windows
14:44:26.190 AVAST engine scan C:\Windows\system32
14:46:16.638 AVAST engine scan C:\Windows\system32\drivers
14:46:28.634 AVAST engine scan C:\Users\Ovenmitt
15:09:17.894 AVAST engine scan C:\ProgramData
15:11:54.206 Scan finished successfully
15:12:03.691 Disk 0 MBR has been saved successfully to "C:\Users\Ovenmitt\Desktop\MBR.dat"
15:12:03.706 The log file has been saved successfully to "C:\Users\Ovenmitt\Desktop\aswMBR.txt"


OTL Report:
OTL logfile created on: 12/20/2011 3:14:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ovenmitt\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.50 Mb Total Physical Memory | 328.25 Mb Available Physical Memory | 32.39% Memory free
2.23 Gb Paging File | 1.53 Gb Available in Paging File | 68.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.62 Gb Total Space | 17.33 Gb Free Space | 25.26% Space Free | Partition Type: NTFS
Drive D: | 5.91 Gb Total Space | 0.95 Gb Free Space | 16.04% Space Free | Partition Type: NTFS
Drive G: | 3.93 Gb Total Space | 3.91 Gb Free Space | 99.45% Space Free | Partition Type: FAT32

Computer Name: LOKI | User Name: Ovenmitt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/20 14:34:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ovenmitt\Desktop\OTL.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe
PRC - [2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/04/23 12:00:34 | 000,103,968 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2006/11/02 03:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe


========== Modules (No Company Name) ==========

MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/03/29 09:42:30 | 000,536,576 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\splitter.ax
MOD - [2008/03/29 09:41:52 | 000,079,360 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mkzlib.dll
MOD - [2008/03/29 09:41:52 | 000,023,552 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
MOD - [2007/05/08 09:06:38 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/04/15 05:42:20 | 000,421,888 | ---- | M] () -- C:\Program Files\RealMedia\RealMediaSplitter.ax
MOD - [2004/09/11 19:47:32 | 000,126,464 | ---- | M] () -- C:\Program Files\CoreCodec\The Core Media Player\System\coreshellagent.cll
MOD - [2003/11/16 03:48:02 | 000,909,312 | ---- | M] () -- C:\Windows\System32\vorbisenc.dll
MOD - [2003/11/16 03:48:00 | 001,060,864 | ---- | M] () -- C:\Windows\System32\vorbis.dll
MOD - [2003/11/15 10:54:18 | 000,036,864 | ---- | M] () -- C:\Windows\System32\ogg.dll
MOD - [2002/10/06 16:42:58 | 000,237,568 | ---- | M] () -- C:\Windows\System32\OggDS.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/09/19 04:31:10 | 002,221,200 | ---- | M] (Giraffic) [Auto | Stopped] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/04/23 12:00:34 | 000,103,968 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2006/06/26 10:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/06/22 06:35:10 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/05/15 16:21:16 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/06/15 11:25:46 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/02/15 18:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/11/02 08:43:50 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/09/25 17:19:52 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/08/04 11:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 10:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2004/10/05 10:40:18 | 000,015,872 | ---- | M] (Interlex Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMLaunch\BuddyVM.sys -- ({09BB444F-B2E2-4009-BAF2-7B727681223E})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...SARIO&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...SARIO&pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.miki13cgs.chatango.com/ [binary data]
IE - HKU\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
IE - HKU\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-707605045-4109517109-592397696-1000\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found
IE - HKU\S-1-5-21-707605045-4109517109-592397696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-707605045-4109517109-592397696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\BitTorrent_DNA\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Ovenmitt\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Ovenmitt\AppData\Roaming\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ovenmitt\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ovenmitt\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/10 07:35:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/30 20:50:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/30 20:50:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Ovenmitt\Program Files\DNA [2008/08/31 22:21:34 | 000,000,000 | ---D | M]

[2011/06/06 19:36:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions
[2009/10/14 15:23:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/06 19:36:58 | 000,000,000 | ---D | M] (PageRage Community Toolbar) -- C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
[2011/06/06 19:36:58 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\[email protected]
[2011/06/06 19:34:23 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\[email protected]
[2011/03/09 20:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/09 20:15:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2007/12/04 20:12:22 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2008/08/31 22:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\OVENMITT\PROGRAM FILES\DNA
[2007/11/28 13:12:01 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2007/11/28 13:12:02 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2007/11/28 13:12:03 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2007/11/28 13:12:04 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2007/11/28 13:12:04 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2011/03/09 20:14:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/02 10:21:15 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ovenmitt\AppData\Local\Google\Chrome\Application\8.0.552.215\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Ovenmitt\AppData\Local\Google\Chrome\Application\8.0.552.215\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ovenmitt\AppData\Local\Google\Chrome\Application\8.0.552.215\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: BitTorrent DNA Plug-in (Enabled) = C:\Program Files\BitTorrent_DNA\npbtdna.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: VeohTV Plugin (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: NPVeohVersion2 plugin (Enabled) = C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ovenmitt\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

Hosts file not found
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\..\Toolbar\WebBrowser: (no name) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-707605045-4109517109-592397696-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-707605045-4109517109-592397696-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-707605045-4109517109-592397696-1000..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe ()
O4 - HKU\S-1-5-21-707605045-4109517109-592397696-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-707605045-4109517109-592397696-1000..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs...ameLauncher.CAB (Wizard101GameLauncher)
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} http://218be9f87d470...=/dl_applet.cab (Installer.InstallControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{453D4B25-5BDA-4367-8EE3-D79FD7C8EE1E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA131B7A-6BE7-425D-A35A-7684ECB2B9B7}: DhcpNameServer = 192.168.1.1 68.238.96.12
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/15 07:37:05 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | --S- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2011/12/20 14:30:14 | 000,000,016 | -H-- | M] () - G:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{c55ed780-7192-11dd-ac9a-0016d4ee87d3}\Shell - "" = AutoRun
O33 - MountPoints2\{c55ed780-7192-11dd-ac9a-0016d4ee87d3}\Shell\AutoRun\command - "" = F:\irjs3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:322657bdb1)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/20 14:39:47 | 000,000,000 | ---D | C] -- C:\Users\Ovenmitt\Desktop\RK_Quarantine
[2011/12/20 14:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/12/20 14:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2011/12/20 14:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2011/12/20 14:37:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ovenmitt\Desktop\OTL.exe
[2011/12/20 14:37:19 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Ovenmitt\Desktop\aswMBR.exe
[2011/12/17 10:54:13 | 000,000,000 | ---D | C] -- C:\Users\Ovenmitt\Desktop\FUN!
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/20 15:12:03 | 000,000,512 | ---- | M] () -- C:\Users\Ovenmitt\Desktop\MBR.dat
[2011/12/20 15:02:14 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-707605045-4109517109-592397696-1000UA.job
[2011/12/20 14:40:04 | 000,626,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/20 14:40:04 | 000,107,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/20 14:34:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ovenmitt\Desktop\OTL.exe
[2011/12/20 14:33:54 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Ovenmitt\Desktop\aswMBR.exe
[2011/12/20 14:31:44 | 000,771,072 | ---- | M] () -- C:\Users\Ovenmitt\Desktop\RogueKiller.exe
[2011/12/20 14:31:31 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 14:31:30 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 14:28:36 | 000,823,346 | ---- | M] () -- C:\Users\Ovenmitt\Desktop\USBVaccine.zip
[2011/12/20 03:02:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-707605045-4109517109-592397696-1000Core.job
[2011/12/19 20:31:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/19 20:31:21 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/19 09:31:10 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/12/19 09:28:43 | 000,012,252 | --S- | M] () -- C:\ProgramData\xdgsnm4q8ojs3nyw5quo8i636e8q
[2011/12/19 09:28:42 | 000,012,252 | --S- | M] () -- C:\Users\Ovenmitt\AppData\Local\xdgsnm4q8ojs3nyw5quo8i636e8q
[2011/12/10 19:20:25 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/10 07:35:13 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 12:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/20 15:12:03 | 000,000,512 | ---- | C] () -- C:\Users\Ovenmitt\Desktop\MBR.dat
[2011/12/20 14:39:03 | 000,823,346 | ---- | C] () -- C:\Users\Ovenmitt\Desktop\USBVaccine.zip
[2011/12/20 14:37:30 | 000,771,072 | ---- | C] () -- C:\Users\Ovenmitt\Desktop\RogueKiller.exe
[2011/12/19 20:31:21 | 1063,378,944 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/14 05:30:15 | 000,012,252 | --S- | C] () -- C:\Users\Ovenmitt\AppData\Local\xdgsnm4q8ojs3nyw5quo8i636e8q
[2011/12/14 05:30:15 | 000,012,252 | --S- | C] () -- C:\ProgramData\xdgsnm4q8ojs3nyw5quo8i636e8q
[2011/08/10 01:50:27 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2009/10/14 18:10:31 | 000,000,096 | ---- | C] () -- C:\Users\Ovenmitt\AppData\Local\fusioncache.dat
[2009/06/04 14:53:31 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/03/15 11:32:12 | 000,001,356 | ---- | C] () -- C:\Users\Ovenmitt\AppData\Local\d3d9caps.dat
[2009/01/16 17:52:47 | 000,000,071 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/01/01 01:24:17 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/06/02 13:08:40 | 000,000,041 | --S- | C] () -- C:\ProgramData\.zreglib
[2007/12/04 20:12:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/11/29 16:30:28 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/11/28 15:52:32 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/11/21 17:12:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2007/09/17 19:33:41 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/09/09 14:52:36 | 000,183,296 | ---- | C] () -- C:\Users\Ovenmitt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/08 12:51:58 | 000,023,888 | ---- | C] () -- C:\Users\Ovenmitt\AppData\Roaming\UserTile.png
[2007/05/08 10:17:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1272.dll
[2007/05/08 09:06:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/10 05:54:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/06 05:02:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,351,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,626,976 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,107,714 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 01:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 01:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/19 00:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 00:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/09 18:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004/09/16 14:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2003/11/16 03:48:02 | 000,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2003/11/16 03:48:00 | 001,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2003/11/15 10:54:18 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2002/10/06 16:42:58 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll

========== LOP Check ==========

[2011/03/06 14:26:49 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\BitTorrent
[2008/03/12 18:31:42 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\BitTorrent DNA
[2008/12/31 21:39:28 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\CoreCodec
[2008/06/22 06:35:09 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\DAEMON Tools
[2008/09/01 19:53:10 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\DNA
[2007/09/08 15:51:07 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\JCreator
[2007/09/28 14:05:28 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\Nexon
[2007/09/08 12:51:58 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\PeerNetworking
[2009/08/03 07:00:11 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\RenPy
[2008/06/14 08:35:09 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\Secret of the Solstice
[2008/11/04 17:08:37 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\SlySoft
[2011/10/21 05:47:03 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\uTorrent
[2008/08/23 22:17:39 | 000,000,000 | ---D | M] -- C:\Users\Spatula\AppData\Roaming\DAEMON Tools
[2011/12/19 12:11:12 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/09/28 18:08:32 | 000,058,760 | ---- | M] () -- C:\symlcsv1.exe


< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 06:07:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 06:07:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 03:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 01:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 03:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006/11/02 03:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 03:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 03:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/11/02 03:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 03:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 01:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2006/11/02 02:57:20 | 000,184,320 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{453D4B25-5BDA-4367-8EE3-D79FD7C8EE1E}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{DA131B7A-6BE7-425D-A35A-7684ECB2B9B7}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2006/11/02 02:57:26 | 000,035,840 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 04 01 02 01 05 01 03 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 5
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/11/02 03:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo

< End of report >

Extras Report:
OTL Extras logfile created on: 12/20/2011 3:14:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ovenmitt\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.50 Mb Total Physical Memory | 328.25 Mb Available Physical Memory | 32.39% Memory free
2.23 Gb Paging File | 1.53 Gb Available in Paging File | 68.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.62 Gb Total Space | 17.33 Gb Free Space | 25.26% Space Free | Partition Type: NTFS
Drive D: | 5.91 Gb Total Space | 0.95 Gb Free Space | 16.04% Space Free | Partition Type: NTFS
Drive G: | 3.93 Gb Total Space | 3.91 Gb Free Space | 99.45% Space Free | Partition Type: FAT32

Computer Name: LOKI | User Name: Ovenmitt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023C7074-9D8C-4B51-9402-6589E00B21C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1789AE24-5852-4A83-969C-89C8FA7B7390}" = rport=138 | protocol=17 | dir=out | app=system |
"{1B8DD8B4-BD88-4C0C-8ECC-4A662B7C0CFB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{56C2AEAE-33DA-4B05-8C56-457B001F342D}" = lport=138 | protocol=17 | dir=in | app=system |
"{6C5BB727-5283-4DC5-8BD7-BC6AFA234955}" = rport=445 | protocol=6 | dir=out | app=system |
"{73836EF1-95DB-4EB3-8D47-2D1640DDF304}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8829DBDE-3396-476D-8EE2-3DE5E1103D2C}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A2B7870-8641-4BA6-AC4A-C05AE8102CAC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{92F26DDD-C2C7-41FE-A04F-DA7DCCEAADC1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{937598E3-C77F-458C-BE7C-648A89706E49}" = lport=445 | protocol=6 | dir=in | app=system |
"{9E1EF198-7977-4716-AF37-827D69162481}" = lport=139 | protocol=6 | dir=in | app=system |
"{BE64C9D4-4627-49CC-B3E2-EB456CC6D92A}" = rport=139 | protocol=6 | dir=out | app=system |
"{C9DDC69E-3709-4FE6-8777-FBD6BA539A3A}" = rport=137 | protocol=17 | dir=out | app=system |
"{F6EB2CEA-0E85-47AB-A88E-386ADF20F65A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09722247-3E3C-49C7-96E7-C0809BEAF75D}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{13FDB28E-4C5F-4C10-910E-547E0782C837}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{15DD8404-8A05-49EA-AFE8-E852CF5ED427}" = protocol=6 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
"{1922D536-497E-4D98-AE8A-BF57BAD4A34B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1CB72867-FE59-43D0-8502-0759140DE353}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1EF61956-0214-4B5E-B92D-7E40FF7EE7EC}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{239EA19F-F83E-4040-84C4-8FAD36977EED}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{2586B4CF-3605-4D2A-B6E8-5CBEBE492C6C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{26CAAD31-E4BE-4ED0-BFB1-72D4EA78C26F}" = protocol=58 | dir=out | [email protected],-28546 |
"{2E4D1786-4963-4591-B55C-556EC04FB2E0}" = protocol=17 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{3DACBC28-8210-4D60-BDD1-EFF504F33878}" = protocol=6 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"{3F18C341-5AD4-4306-80F3-D3143479A735}" = protocol=17 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
"{4C253B88-B439-4AF0-9840-9A779936EB7F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{60580BE2-FEEC-428E-A26C-A390AA22DAC1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{65732BDC-7DE1-4DBE-B266-36A6580E576E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{69ACCC0A-C9DD-4746-9E3C-7A19CA7D9DF7}" = protocol=6 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
"{73A2CBA1-E99F-41EE-8748-5C92FA5A3DEE}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{75A575CE-FAE6-46B6-B6A1-1A2A142563D5}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{77FCF4F7-C2CB-4CF2-AC57-1FAB8D7C0F65}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{79F85AAF-43A0-4EAA-B2EA-8C8B3166E2FB}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{79FBAC6B-7790-45B0-9C20-B5C28775DE90}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{858953EA-0537-4497-AAC5-C4062C992B45}" = protocol=17 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"{8622E259-27A2-4F0A-8534-C511F548929B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8B220D3D-4ABA-4BC0-919D-1387216AA3D4}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{949F06B8-E24C-44F4-B7EF-345E94D1F0BF}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{A06CD83C-4209-4127-B3E8-7095F205A3DA}" = protocol=6 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
"{A085EA4A-37C0-45F3-A30F-B6F35C7EC1D5}" = dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections |
"{A7D5D388-C045-4B12-AD11-46B53D923598}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{AA715153-C859-4D99-9150-BFED9D9527F8}" = protocol=6 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{AB59EB5D-39C1-4F46-A266-7F6F40174AB8}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B417EFCB-C32C-498C-9F9C-D5E7AEE5401F}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{B45AB148-81F1-4266-86AF-2F591552B30C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B8621FF0-8C0D-4E91-AFEF-D88746BE1875}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{BC00AC82-07C1-4788-B768-E0191DC178AA}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BDA1C352-5848-4418-9838-B7BC3091E287}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BF432D52-912B-4E0C-95BF-02E4946DF476}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BF82DC44-DFCC-48C6-ABF3-0FC39CE1C4E4}" = protocol=1 | dir=in | [email protected],-28543 |
"{C527F44A-5B28-4390-A3C6-BB1E63578CB5}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{C7B02740-C78D-4860-8A89-DDCBCAA4CE94}" = protocol=17 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
"{D24983A8-E642-47FC-B301-07A3C22643BB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D2542197-C729-46F6-AD70-693AFE80BB90}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DBA8C78A-5C04-4919-9F75-A6FB6A63FBD1}" = protocol=1 | dir=out | [email protected],-28544 |
"{E0A3CDF3-D881-4110-A283-1EFFCF530AE5}" = protocol=58 | dir=in | [email protected],-28545 |
"{F325BBFB-EF6E-439C-A156-5A4CB72E2321}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{0F9EE89A-FC34-43A4-BE06-B2A2EEAB34CA}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{1ED90289-7B41-4EA7-912B-8DB009D9CE1E}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{84ED3125-3545-4F9F-A9B0-4F0C5D4787BB}C:\users\ovenmitt\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\ovenmitt\program files\dna\btdna.exe |
"TCP Query User{8CC2CD81-02CD-413B-B703-AE18F7CD3282}C:\nexon\maplestory\maplestory.exe" = protocol=6 | dir=in | app=c:\nexon\maplestory\maplestory.exe |
"TCP Query User{8EB6CC63-105E-41A7-9395-CE785D732534}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{BAADFE08-E3B8-4B3E-B7CA-2C0257B6F937}C:\nexon\maplestory\newpatcher.exe" = protocol=6 | dir=in | app=c:\nexon\maplestory\newpatcher.exe |
"TCP Query User{C412ADC5-B4AF-4B4A-8BED-68768C51461F}C:\nexon\maplestory\patcher.exe" = protocol=6 | dir=in | app=c:\nexon\maplestory\patcher.exe |
"TCP Query User{E0A4221E-4D52-4D3F-895E-6C771362129A}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{E78EEED9-015C-4C03-BC32-E14987B57B03}C:\users\ovenmitt\program files\bittorrent_dna\dna.exe" = protocol=6 | dir=in | app=c:\users\ovenmitt\program files\bittorrent_dna\dna.exe |
"TCP Query User{FB51DA7B-FD1D-4269-B61A-2B7E3008DAF6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0A94D22F-7413-4B6C-BF39-EF1FC93A4CFC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{14FAAD4B-6A9D-4A14-9A85-3D058E158CFD}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{33F47D28-3CE3-4802-A994-6744F9257D8E}C:\users\ovenmitt\program files\bittorrent_dna\dna.exe" = protocol=17 | dir=in | app=c:\users\ovenmitt\program files\bittorrent_dna\dna.exe |
"UDP Query User{7FB82926-77C9-4E9A-BF21-B05C94DF6680}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{96504D2D-F913-481D-9B5E-9C82BAB78BA2}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{AE1566D2-0516-4D33-9888-991E34560B7E}C:\users\ovenmitt\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\ovenmitt\program files\dna\btdna.exe |
"UDP Query User{B721EED0-5F2E-45BA-8AD9-ED56D67BB69D}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{B7DA8EEE-61D7-4BFE-933C-DAE1C189CB1A}C:\nexon\maplestory\patcher.exe" = protocol=17 | dir=in | app=c:\nexon\maplestory\patcher.exe |
"UDP Query User{E0140D9E-B149-4D48-BD8D-4BC9BCCEAEC2}C:\nexon\maplestory\maplestory.exe" = protocol=17 | dir=in | app=c:\nexon\maplestory\maplestory.exe |
"UDP Query User{F17B0F8E-A4EE-448C-A119-21EC5FDA1386}C:\nexon\maplestory\newpatcher.exe" = protocol=17 | dir=in | app=c:\nexon\maplestory\newpatcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}" = Java DB 10.2.2.0
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{15DD1D3C-8386-47D4-91A4-2D25FAFE1255}" = HP User Guide 0039
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{32A3A4F4-B792-11D6-A78A-00B0D0160020}" = Java™ SE Development Kit 6 Update 2
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 B9
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.0
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{56C64E81-FC93-4cb9-9EBF-953662950D3B}_is1" = Delete Virtual-Mate Launcher
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{97A96172-A963-4A37-9FFB-DA6805BB915A}" = VeohTV BETA
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99C5770C-1C90-42E7-9B74-D47CFAF14621}" = muvee autoProducer 5.0
"{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}" = HP Total Care Advisor
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B222E134-CF77-43A3-AF7B-DE8618EB2862}" = MIPSter 2.0
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{E4D02EF2-6F12-4BE9-9928-2F27DA01A915}" = ILLUSION 人工少女3
"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent 5.0.9
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"CDex" = CDex extraction audio
"CloneCD" = CloneCD
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30A5" = HDAUDIO Soft Data Fax Modem with SmartCP
"DC-Bass Source" = DC-Bass Source 1.1.1
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"ffdshow_is1" = ffdshow [rev 1685] [2007-12-06]
"Giraffic" = Veoh Giraffic Video Accelerator
"Gmask 1.70 English" = Gmask 1.70 English
"GOM Player" = GOM Player
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HPOOVClient-3572475 Uninstaller" = Compaq Connections (remove only)
"ImageViewer_is1" = ImageViewer 1.9
"InstallShield_{97A96172-A963-4A37-9FFB-DA6805BB915A}" = VeohTV BETA
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"IvanView" = IvanView
"JCreator LE_is1" = JCreator LE 4.50
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MapleStory" = MapleStory
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Movies" = Movies
"Mozilla Firefox (2.0.0.11)" = Mozilla Firefox (2.0.0.11)
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"RealMedia" = RealMedia (remove only)
"RealPlayer 12.0" = RealPlayer
"SafeConnect" = SafeConnect
"SHOUTcast Source" = SHOUTcast Source (remove only)
"ST6UNST #1" = AZ Paint
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tetris Planet_is1" = Tetris Planet v5.0
"The Core Media Player" = The Core Media Player 4.0
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
"Veoh Video Compass" = Veoh Video Compass
"Virtual Hypnotist" = Virtual Hypnotist 5.8
"Virtual MIDI Piano Keyboard" = Virtual MIDI Piano Keyboard
"WinAce Archiver" = WinAce Archiver
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"FoxTab Video To MP3" = FoxTab Video To MP3
"Google Chrome" = Google Chrome
"SOE-Clone Wars" = Clone Wars
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/15/2011 8:51:35 AM | Computer Name = Loki | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6000.16982 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1a54 Start Time: 01cbcd0f013604c0 Termination Time: 15

Error - 2/15/2011 8:52:34 AM | Computer Name = Loki | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6000.16982 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 27d0 Start Time: 01cbcd0f20956400 Termination Time: 31

Error - 2/15/2011 8:53:23 AM | Computer Name = Loki | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6000.16982 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 22e8 Start Time: 01cbcd0f3aef5cc0 Termination Time: 16

Error - 2/15/2011 8:56:29 AM | Computer Name = Loki | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6000.16982 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 27fc Start Time: 01cbcd0f55fe3e00 Termination Time: 15

Error - 2/15/2011 8:58:11 AM | Computer Name = Loki | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.0.6000.16771 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1044 Start Time: 01cbcd0b0d1dc420 Termination Time: 141

Error - 2/15/2011 6:37:00 PM | Computer Name = Loki | Source = Application Hang | ID = 1002
Description = The program MapleStory.exe version 1.0.0.1 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: de0 Start Time: 01cbcd6085749e30 Termination Time: 9

Error - 2/15/2011 7:41:49 PM | Computer Name = Loki | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6000.16982 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1958 Start Time: 01cbcd69b90faec0 Termination Time: 32

Error - 2/15/2011 7:44:48 PM | Computer Name = Loki | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6000.16982 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1274 Start Time: 01cbcd69ee279a00 Termination Time: 31

Error - 2/15/2011 8:18:14 PM | Computer Name = Loki | Source = Application Hang | ID = 1002
Description = The program WINWORD.EXE version 12.0.6545.5000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1908 Start Time: 01cbcd6ec4da8900 Termination Time: 15

Error - 2/15/2011 8:18:25 PM | Computer Name = Loki | Source = Application Error | ID = 1000
Description = Faulting application SETUP.EXE_Microsoft Setup Bootstrapper, version
12.0.6425.1000, time stamp 0x49d4b32a, faulting module ole32.dll, version 6.0.6000.16386,
time stamp 0x4549bd92, exception code 0xc0000005, fault offset 0x0004101f, process
id 0x2628, application start time 0x01cbcd6ed6fea3a0.

[ System Events ]
Error - 12/20/2011 5:02:23 PM | Computer Name = Loki | Source = Service Control Manager | ID = 7001
Description =

Error - 12/20/2011 5:02:23 PM | Computer Name = Loki | Source = Service Control Manager | ID = 7001
Description =

Error - 12/20/2011 5:11:14 PM | Computer Name = Loki | Source = Service Control Manager | ID = 7003
Description =

Error - 12/20/2011 5:11:14 PM | Computer Name = Loki | Source = Service Control Manager | ID = 7001
Description =

Error - 12/20/2011 5:11:19 PM | Computer Name = Loki | Source = Service Control Manager | ID = 7003
Description =

Error - 12/20/2011 5:11:19 PM | Computer Name = Loki | Source = Service Control Manager | ID = 7001
Description =

Error - 12/20/2011 5:11:19 PM | Computer Name = Loki | Source = Service Control Manager | ID = 7003
Description =

Error - 12/20/2011 5:11:19 PM | Computer Name = Loki | Source = Service Control Manager | ID = 7001
Description =

Error - 12/20/2011 5:11:24 PM | Computer Name = Loki | Source = Service Control Manager | ID = 7003
Description =

Error - 12/20/2011 5:11:24 PM | Computer Name = Loki | Source = Service Control Manager | ID = 7001
Description =


< End of report >

DiskMgmt Screenshot:
See attachment

Hopefully all this points you in the right direction....

Attached Thumbnails

  • diskmgmt.jpg

  • 0

#5
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
P2P Warning!:

IMPORTANT I have noticed that there are signs of BitTorrent, BitTorrent DNA and uTorrent P2P (Person to Person) File Sharing Programs on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
infoworld

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would strongly recommend that you uninstall BitTorrent, BitTorrent DNA and uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep them, please do not use either of them until your computer is cleaned.




Step 1.


Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now



Step 2.


Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 3.

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.


Step 4.

Please rerun OTL.

Click Scan all Users

Then click Quickscan

It will produce an OTL.txt log on your desktop. Please post it in your next reply.


Step 5.

Please post:

ComboFix.txt
TDSSKiller log
MBRCheck.txt
OTL.txt


Please tell me how the computer is performing? You or your daughter can change the wallpaper that is black to what you prefer.
  • 0

#6
Gilfindel

Gilfindel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
I've removed the torrents. The background is now displaying properly, so that's good. I still don't have Internet access working, but that may be a problem with the wireless adapter; I'll check it out with a wired connection later tonight and let you know the results.

ComboFix found (and hopefully removed) a rootkit, so we're making progress. There seems to be something suspicious about the MBR.

ComboFix report:

ComboFix 11-12-21.02 - Ovenmitt 12/21/2011 17:05:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.460 [GMT -6:00]
Running from: c:\users\Ovenmitt\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\windows\$NtUninstallKB62280$
c:\windows\$NtUninstallKB62280$\1791964532
c:\windows\$NtUninstallKB62280$\485945278\@
c:\windows\$NtUninstallKB62280$\485945278\bckfg.tmp
c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
c:\windows\$NtUninstallKB62280$\485945278\keywords
c:\windows\$NtUninstallKB62280$\485945278\kwrd.dll
c:\windows\$NtUninstallKB62280$\485945278\L\qnbwvoto
c:\windows\$NtUninstallKB62280$\485945278\lsflt7.ver
c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@
c:\windows\HPCPCUninstaller-6.3.2.139-3572475.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))
.
.
2011-12-21 23:35 . 2011-12-21 23:36 -------- d-----w- c:\users\Ovenmitt\AppData\Local\temp
2011-12-21 23:35 . 2011-12-21 23:35 -------- d-----w- c:\users\Spatula\AppData\Local\temp
2011-12-21 23:35 . 2011-12-21 23:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-20 20:39 . 2011-12-20 20:39 -------- d-----w- c:\programdata\Panda Security
2011-12-20 20:39 . 2011-12-20 20:39 -------- d-----w- c:\program files\Panda USB Vaccine
2011-12-17 16:54 . 2007-05-08 15:05 172032 ----a-w- c:\windows\system32\igfxres.dll
2011-12-13 07:51 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C2E3C1A-3119-46E9-A051-42C36087729D}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2011-03-10 23:40 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-03-10 23:40 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-03-10 23:41 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-03-10 23:41 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-03-10 23:41 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-03-10 23:41 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-03-10 23:41 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-03-10 23:41 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2007-11-28 19:12 . 2007-12-05 02:12 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-11-28 19:12 . 2007-12-05 02:12 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-11-28 19:12 . 2007-12-05 02:12 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-11-28 19:12 . 2007-12-05 02:12 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-11-28 19:12 . 2007-12-05 02:12 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-13 3411968]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-11 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-11 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-11 133912]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-15 198160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
.
c:\users\Ovenmitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2007-4-9 206368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:322657bdb1
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\Giraffic\Veoh_GirafficWatchdog.exe [2011-09-19 2221200]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-06-22 717296]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\VMLaunch\BuddyVM.sys [2004-10-05 15872]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-707605045-4109517109-592397696-1000Core.job
- c:\users\Ovenmitt\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-07 23:01]
.
2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-707605045-4109517109-592397696-1000UA.job
- c:\users\Ovenmitt\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-07 23:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.youtube.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
FF - ProfilePath - c:\users\Ovenmitt\AppData\Roaming\Mozilla\Firefox\Profiles\3ukka615.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\users\Ovenmitt\AppData\Local\Temp\yus.dll
HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
AddRemove-Virtual Hypnotist - c:\users\Ovenmitt\Desktop\Hypnotism\Virtual Hypnotist\uninst.exe
AddRemove-Virtual MIDI Piano Keyboard - c:\program files\vmpk\uninstall.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
AddRemove-FoxTab Video To MP3 - c:\users\Ovenmitt\Desktop\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-21 17:35
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-21 17:44:30
ComboFix-quarantined-files.txt 2011-12-21 23:44
.
Pre-Run: 18,073,608,192 bytes free
Post-Run: 19,458,064,384 bytes free
.
- - End Of File - - 545931E2EC74BBD818365D7AD803DA16

TDSSKiller Report:
17:46:35.0787 2840 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
17:46:35.0834 2840 ============================================================
17:46:35.0834 2840 Current date / time: 2011/12/21 17:46:35.0834
17:46:35.0834 2840 SystemInfo:
17:46:35.0834 2840
17:46:35.0834 2840 OS Version: 6.0.6000 ServicePack: 0.0
17:46:35.0834 2840 Product type: Workstation
17:46:35.0834 2840 ComputerName: LOKI
17:46:35.0849 2840 UserName: Ovenmitt
17:46:35.0849 2840 Windows directory: C:\Windows
17:46:35.0849 2840 System windows directory: C:\Windows
17:46:35.0849 2840 Processor architecture: Intel x86
17:46:35.0849 2840 Number of processors: 2
17:46:35.0849 2840 Page size: 0x1000
17:46:35.0849 2840 Boot type: Normal boot
17:46:35.0849 2840 ============================================================
17:46:37.0238 2840 Initialize success
17:46:58.0344 0772 ============================================================
17:46:58.0344 0772 Scan started
17:46:58.0344 0772 Mode: Manual; SigCheck; TDLFS;
17:46:58.0344 0772 ============================================================
17:46:59.0483 0772 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
17:46:59.0670 0772 ACPI - ok
17:46:59.0748 0772 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
17:46:59.0811 0772 adp94xx - ok
17:46:59.0982 0772 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
17:46:59.0998 0772 adpahci - ok
17:47:00.0060 0772 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
17:47:00.0076 0772 adpu160m - ok
17:47:00.0185 0772 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
17:47:00.0201 0772 adpu320 - ok
17:47:00.0326 0772 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
17:47:00.0341 0772 agp440 - ok
17:47:00.0435 0772 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:47:00.0466 0772 aic78xx - ok
17:47:00.0528 0772 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
17:47:00.0544 0772 aliide - ok
17:47:00.0575 0772 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
17:47:00.0575 0772 amdagp - ok
17:47:00.0638 0772 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
17:47:00.0653 0772 amdide - ok
17:47:00.0762 0772 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
17:47:00.0840 0772 AmdK7 - ok
17:47:00.0903 0772 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
17:47:00.0981 0772 AmdK8 - ok
17:47:01.0152 0772 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
17:47:01.0168 0772 arc - ok
17:47:01.0246 0772 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
17:47:01.0262 0772 arcsas - ok
17:47:01.0324 0772 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
17:47:01.0464 0772 aswFsBlk - ok
17:47:01.0620 0772 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
17:47:01.0652 0772 aswMonFlt - ok
17:47:01.0667 0772 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
17:47:01.0698 0772 aswRdr - ok
17:47:01.0730 0772 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
17:47:01.0808 0772 aswSnx - ok
17:47:01.0948 0772 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
17:47:01.0995 0772 aswSP - ok
17:47:02.0026 0772 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
17:47:02.0073 0772 aswTdi - ok
17:47:02.0166 0772 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
17:47:02.0229 0772 AsyncMac - ok
17:47:02.0276 0772 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
17:47:02.0291 0772 atapi - ok
17:47:02.0369 0772 BCM43XV (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys
17:47:02.0463 0772 BCM43XV - ok
17:47:02.0494 0772 BCM43XX (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys
17:47:02.0572 0772 BCM43XX - ok
17:47:02.0712 0772 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
17:47:02.0775 0772 Beep - ok
17:47:02.0822 0772 blbdrive - ok
17:47:02.0900 0772 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
17:47:02.0978 0772 bowser - ok
17:47:03.0102 0772 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:47:03.0196 0772 BrFiltLo - ok
17:47:03.0227 0772 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:47:03.0274 0772 BrFiltUp - ok
17:47:03.0414 0772 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:47:03.0492 0772 Brserid - ok
17:47:03.0524 0772 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:47:03.0602 0772 BrSerWdm - ok
17:47:03.0633 0772 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:47:03.0711 0772 BrUsbMdm - ok
17:47:03.0836 0772 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:47:03.0914 0772 BrUsbSer - ok
17:47:03.0945 0772 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:47:04.0023 0772 BTHMODEM - ok
17:47:04.0054 0772 BVRPMPR5 (6598d078d5446197aed6b46c6a2a3431) C:\Windows\system32\drivers\BVRPMPR5.SYS
17:47:04.0070 0772 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
17:47:04.0070 0772 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
17:47:04.0148 0772 catchme - ok
17:47:04.0272 0772 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
17:47:04.0350 0772 cdfs - ok
17:47:04.0413 0772 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
17:47:04.0475 0772 cdrom - ok
17:47:04.0506 0772 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
17:47:04.0616 0772 circlass - ok
17:47:04.0865 0772 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
17:47:04.0881 0772 CLFS - ok
17:47:04.0990 0772 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
17:47:05.0037 0772 CmBatt - ok
17:47:05.0162 0772 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
17:47:05.0177 0772 cmdide - ok
17:47:05.0224 0772 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
17:47:05.0240 0772 Compbatt - ok
17:47:05.0271 0772 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
17:47:05.0271 0772 crcdisk - ok
17:47:05.0318 0772 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
17:47:05.0396 0772 Crusoe - ok
17:47:05.0536 0772 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
17:47:05.0614 0772 DfsC - ok
17:47:05.0801 0772 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
17:47:05.0817 0772 disk - ok
17:47:05.0879 0772 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
17:47:05.0957 0772 drmkaud - ok
17:47:06.0113 0772 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
17:47:06.0191 0772 DXGKrnl - ok
17:47:06.0332 0772 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
17:47:06.0425 0772 E100B - ok
17:47:06.0472 0772 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:47:06.0550 0772 E1G60 - ok
17:47:06.0690 0772 eabfiltr (a6476585b4fefee46a9f42e4d2bfdfa4) C:\Windows\system32\DRIVERS\eabfiltr.sys
17:47:06.0737 0772 eabfiltr - ok
17:47:06.0768 0772 EagleNT - ok
17:47:06.0893 0772 EagleXNt - ok
17:47:06.0971 0772 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
17:47:06.0987 0772 Ecache - ok
17:47:07.0096 0772 eeCtrl (e89cc1363cb7f5320ae3b41c1333d0c3) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:47:07.0158 0772 eeCtrl - ok
17:47:07.0314 0772 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
17:47:07.0361 0772 ElbyCDFL - ok
17:47:07.0377 0772 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\Windows\system32\Drivers\ElbyCDIO.sys
17:47:07.0408 0772 ElbyCDIO - ok
17:47:07.0470 0772 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
17:47:07.0486 0772 elxstor - ok
17:47:07.0642 0772 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
17:47:07.0720 0772 fastfat - ok
17:47:07.0782 0772 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
17:47:07.0860 0772 fdc - ok
17:47:07.0985 0772 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
17:47:08.0001 0772 FileInfo - ok
17:47:08.0032 0772 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
17:47:08.0110 0772 Filetrace - ok
17:47:08.0126 0772 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
17:47:08.0204 0772 flpydisk - ok
17:47:08.0344 0772 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
17:47:08.0360 0772 FltMgr - ok
17:47:08.0406 0772 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
17:47:08.0469 0772 Fs_Rec - ok
17:47:08.0500 0772 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
17:47:08.0516 0772 gagp30kx - ok
17:47:08.0656 0772 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
17:47:08.0672 0772 GEARAspiWDM - ok
17:47:08.0750 0772 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
17:47:08.0796 0772 HBtnKey - ok
17:47:08.0937 0772 HdAudAddService (de4020f928a2f8a6327f5687f36d361b) C:\Windows\system32\drivers\CHDART.sys
17:47:08.0984 0772 HdAudAddService - ok
17:47:09.0046 0772 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:47:09.0093 0772 HDAudBus - ok
17:47:09.0218 0772 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:47:09.0280 0772 HidBth - ok
17:47:09.0311 0772 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:47:09.0389 0772 HidIr - ok
17:47:09.0436 0772 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
17:47:09.0498 0772 HidUsb - ok
17:47:09.0639 0772 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
17:47:09.0654 0772 HpCISSs - ok
17:47:09.0732 0772 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:47:09.0795 0772 HSFHWAZL - ok
17:47:09.0951 0772 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:47:10.0044 0772 HSF_DPV - ok
17:47:10.0185 0772 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
17:47:10.0216 0772 HSXHWAZL - ok
17:47:10.0278 0772 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
17:47:10.0372 0772 HTTP - ok
17:47:10.0528 0772 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
17:47:10.0544 0772 i2omp - ok
17:47:10.0637 0772 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
17:47:10.0684 0772 i8042prt - ok
17:47:10.0887 0772 ialm (e84cad5121e30d88050ea210caff3095) C:\Windows\system32\DRIVERS\igdkmd32.sys
17:47:11.0090 0772 ialm - ok
17:47:11.0246 0772 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
17:47:11.0261 0772 iaStorV - ok
17:47:11.0402 0772 igfx (e84cad5121e30d88050ea210caff3095) C:\Windows\system32\DRIVERS\igdkmd32.sys
17:47:11.0495 0772 igfx - ok
17:47:11.0667 0772 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:47:11.0682 0772 iirsp - ok
17:47:11.0792 0772 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys
17:47:11.0807 0772 intelide - ok
17:47:11.0823 0772 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
17:47:11.0916 0772 intelppm - ok
17:47:12.0057 0772 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:47:12.0119 0772 IpFilterDriver - ok
17:47:12.0135 0772 IpInIp - ok
17:47:12.0166 0772 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
17:47:12.0244 0772 IPMIDRV - ok
17:47:12.0275 0772 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
17:47:12.0338 0772 IPNAT - ok
17:47:12.0478 0772 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
17:47:12.0540 0772 IRENUM - ok
17:47:12.0572 0772 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
17:47:12.0587 0772 isapnp - ok
17:47:12.0634 0772 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
17:47:12.0650 0772 iScsiPrt - ok
17:47:12.0681 0772 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:47:12.0681 0772 iteatapi - ok
17:47:12.0712 0772 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:47:12.0728 0772 iteraid - ok
17:47:12.0852 0772 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
17:47:12.0868 0772 kbdclass - ok
17:47:12.0899 0772 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
17:47:12.0946 0772 kbdhid - ok
17:47:13.0008 0772 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
17:47:13.0055 0772 KSecDD - ok
17:47:13.0242 0772 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
17:47:13.0320 0772 lltdio - ok
17:47:13.0367 0772 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
17:47:13.0383 0772 LSI_FC - ok
17:47:13.0398 0772 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
17:47:13.0414 0772 LSI_SAS - ok
17:47:13.0554 0772 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
17:47:13.0570 0772 LSI_SCSI - ok
17:47:13.0632 0772 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
17:47:13.0710 0772 luafv - ok
17:47:13.0757 0772 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:47:13.0788 0772 mdmxsdk - ok
17:47:13.0929 0772 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
17:47:13.0944 0772 megasas - ok
17:47:13.0991 0772 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
17:47:14.0054 0772 Modem - ok
17:47:14.0194 0772 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
17:47:14.0241 0772 monitor - ok
17:47:14.0288 0772 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
17:47:14.0303 0772 mouclass - ok
17:47:14.0334 0772 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
17:47:14.0381 0772 mouhid - ok
17:47:14.0537 0772 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
17:47:14.0553 0772 MountMgr - ok
17:47:14.0584 0772 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
17:47:14.0600 0772 mpio - ok
17:47:14.0662 0772 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
17:47:14.0724 0772 mpsdrv - ok
17:47:14.0849 0772 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:47:14.0865 0772 Mraid35x - ok
17:47:14.0927 0772 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
17:47:14.0958 0772 MRxDAV - ok
17:47:15.0021 0772 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:47:15.0068 0772 mrxsmb - ok
17:47:15.0208 0772 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:47:15.0255 0772 mrxsmb10 - ok
17:47:15.0317 0772 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:47:15.0348 0772 mrxsmb20 - ok
17:47:15.0489 0772 msahci (b2efb263600314babcf9dadb1cbba994) C:\Windows\system32\drivers\msahci.sys
17:47:15.0504 0772 msahci - ok
17:47:15.0551 0772 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
17:47:15.0567 0772 msdsm - ok
17:47:15.0598 0772 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
17:47:15.0676 0772 Msfs - ok
17:47:15.0832 0772 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
17:47:15.0832 0772 msisadrv - ok
17:47:15.0910 0772 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
17:47:15.0988 0772 MSKSSRV - ok
17:47:16.0004 0772 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
17:47:16.0097 0772 MSPCLOCK - ok
17:47:16.0222 0772 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
17:47:16.0300 0772 MSPQM - ok
17:47:16.0331 0772 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
17:47:16.0347 0772 MsRPC - ok
17:47:16.0378 0772 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
17:47:16.0394 0772 mssmbios - ok
17:47:16.0425 0772 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
17:47:16.0503 0772 MSTEE - ok
17:47:16.0628 0772 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
17:47:16.0643 0772 Mup - ok
17:47:16.0721 0772 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
17:47:16.0768 0772 NativeWifiP - ok
17:47:16.0924 0772 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
17:47:16.0971 0772 NDIS - ok
17:47:17.0142 0772 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
17:47:17.0205 0772 NdisTapi - ok
17:47:17.0236 0772 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
17:47:17.0314 0772 Ndisuio - ok
17:47:17.0345 0772 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
17:47:17.0408 0772 NdisWan - ok
17:47:17.0532 0772 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
17:47:17.0579 0772 NDProxy - ok
17:47:17.0626 0772 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
17:47:17.0704 0772 NetBIOS - ok
17:47:17.0844 0772 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
17:47:17.0922 0772 netbt - ok
17:47:17.0969 0772 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:47:17.0969 0772 nfrd960 - ok
17:47:18.0000 0772 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
17:47:18.0094 0772 Npfs - ok
17:47:18.0141 0772 npkcrypt - ok
17:47:18.0281 0772 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
17:47:18.0359 0772 nsiproxy - ok
17:47:18.0437 0772 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
17:47:18.0531 0772 Ntfs - ok
17:47:18.0687 0772 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:47:18.0765 0772 ntrigdigi - ok
17:47:18.0827 0772 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
17:47:18.0890 0772 Null - ok
17:47:18.0921 0772 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
17:47:18.0936 0772 nvraid - ok
17:47:18.0968 0772 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
17:47:18.0968 0772 nvstor - ok
17:47:19.0108 0772 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
17:47:19.0124 0772 nv_agp - ok
17:47:19.0139 0772 NwlnkFlt - ok
17:47:19.0155 0772 NwlnkFwd - ok
17:47:19.0186 0772 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
17:47:19.0295 0772 ohci1394 - ok
17:47:19.0342 0772 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:47:19.0436 0772 Parport - ok
17:47:19.0576 0772 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
17:47:19.0592 0772 partmgr - ok
17:47:19.0623 0772 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:47:19.0732 0772 Parvdm - ok
17:47:19.0779 0772 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
17:47:19.0794 0772 pci - ok
17:47:19.0826 0772 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
17:47:19.0826 0772 pciide - ok
17:47:19.0935 0772 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:47:19.0950 0772 pcmcia - ok
17:47:20.0028 0772 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:47:20.0138 0772 PEAUTH - ok
17:47:20.0294 0772 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
17:47:20.0372 0772 PptpMiniport - ok
17:47:20.0403 0772 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:47:20.0481 0772 Processor - ok
17:47:20.0652 0772 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
17:47:20.0668 0772 PSched - ok
17:47:20.0715 0772 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
17:47:20.0730 0772 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
17:47:20.0730 0772 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
17:47:20.0902 0772 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:47:20.0964 0772 ql2300 - ok
17:47:21.0120 0772 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:47:21.0136 0772 ql40xx - ok
17:47:21.0183 0772 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
17:47:21.0214 0772 QWAVEdrv - ok
17:47:21.0245 0772 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
17:47:21.0308 0772 RasAcd - ok
17:47:21.0339 0772 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:47:21.0432 0772 Rasl2tp - ok
17:47:21.0557 0772 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
17:47:21.0620 0772 RasPppoe - ok
17:47:21.0651 0772 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
17:47:21.0729 0772 rdbss - ok
17:47:21.0760 0772 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:47:21.0854 0772 RDPCDD - ok
17:47:21.0885 0772 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
17:47:21.0963 0772 rdpdr - ok
17:47:22.0103 0772 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
17:47:22.0181 0772 RDPENCDD - ok
17:47:22.0212 0772 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
17:47:22.0290 0772 RDPWD - ok
17:47:22.0353 0772 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
17:47:22.0446 0772 rspndr - ok
17:47:22.0618 0772 RTL8023xp (dda0d5842335e78e375e96c308858a61) C:\Windows\system32\DRIVERS\Rtnicxp.sys
17:47:22.0696 0772 RTL8023xp - ok
17:47:22.0836 0772 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:47:22.0852 0772 sbp2port - ok
17:47:22.0914 0772 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:47:22.0992 0772 secdrv - ok
17:47:23.0039 0772 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:47:23.0117 0772 Serenum - ok
17:47:23.0258 0772 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:47:23.0351 0772 Serial - ok
17:47:23.0382 0772 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
17:47:23.0398 0772 sermouse - ok
17:47:23.0445 0772 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
17:47:23.0523 0772 sffdisk - ok
17:47:23.0648 0772 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
17:47:23.0726 0772 sffp_mmc - ok
17:47:23.0772 0772 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
17:47:23.0835 0772 sffp_sd - ok
17:47:23.0866 0772 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:47:23.0928 0772 sfloppy - ok
17:47:24.0084 0772 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
17:47:24.0100 0772 sisagp - ok
17:47:24.0116 0772 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
17:47:24.0131 0772 SiSRaid2 - ok
17:47:24.0162 0772 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:47:24.0178 0772 SiSRaid4 - ok
17:47:24.0225 0772 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
17:47:24.0303 0772 Smb - ok
17:47:24.0459 0772 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
17:47:24.0459 0772 spldr - ok
17:47:24.0521 0772 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
17:47:24.0537 0772 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
17:47:24.0537 0772 sptd ( LockedFile.Multi.Generic ) - warning
17:47:24.0537 0772 sptd - detected LockedFile.Multi.Generic (1)
17:47:24.0662 0772 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
17:47:24.0708 0772 srv - ok
17:47:24.0771 0772 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
17:47:24.0864 0772 srv2 - ok
17:47:24.0989 0772 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
17:47:25.0036 0772 srvnet - ok
17:47:25.0098 0772 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
17:47:25.0114 0772 swenum - ok
17:47:25.0223 0772 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:47:25.0239 0772 Symc8xx - ok
17:47:25.0286 0772 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:47:25.0301 0772 Sym_hi - ok
17:47:25.0332 0772 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:47:25.0348 0772 Sym_u3 - ok
17:47:25.0473 0772 SynTP (81cf7aa63bb3cca31e1d1944c0a45fc7) C:\Windows\system32\DRIVERS\SynTP.sys
17:47:25.0520 0772 SynTP - ok
17:47:25.0598 0772 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
17:47:25.0660 0772 Tcpip - ok
17:47:25.0800 0772 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
17:47:25.0863 0772 Tcpip6 - ok
17:47:25.0972 0772 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
17:47:26.0050 0772 tcpipreg - ok
17:47:26.0128 0772 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
17:47:26.0206 0772 TDPIPE - ok
17:47:26.0284 0772 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
17:47:26.0346 0772 TDTCP - ok
17:47:26.0378 0772 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
17:47:26.0471 0772 tdx - ok
17:47:26.0565 0772 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
17:47:26.0580 0772 TermDD - ok
17:47:26.0658 0772 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:47:26.0736 0772 tssecsrv - ok
17:47:26.0783 0772 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
17:47:26.0830 0772 tunmp - ok
17:47:26.0955 0772 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
17:47:26.0970 0772 tunnel - ok
17:47:27.0080 0772 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
17:47:27.0095 0772 uagp35 - ok
17:47:27.0126 0772 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
17:47:27.0204 0772 udfs - ok
17:47:27.0329 0772 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
17:47:27.0345 0772 uliagpkx - ok
17:47:27.0423 0772 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
17:47:27.0438 0772 uliahci - ok
17:47:27.0548 0772 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:47:27.0563 0772 UlSata - ok
17:47:27.0626 0772 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:47:27.0641 0772 ulsata2 - ok
17:47:27.0672 0772 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
17:47:27.0750 0772 umbus - ok
17:47:27.0860 0772 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
17:47:27.0906 0772 USBAAPL - ok
17:47:28.0000 0772 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
17:47:28.0078 0772 usbccgp - ok
17:47:28.0109 0772 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:47:28.0172 0772 usbcir - ok
17:47:28.0265 0772 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
17:47:28.0296 0772 usbehci - ok
17:47:28.0374 0772 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
17:47:28.0390 0772 usbhub - ok
17:47:28.0421 0772 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:47:28.0515 0772 usbohci - ok
17:47:28.0608 0772 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
17:47:28.0686 0772 usbprint - ok
17:47:28.0764 0772 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:47:28.0811 0772 USBSTOR - ok
17:47:28.0920 0772 usbuhci (d864735b0bfcb65440960a0b7cc1a38d) C:\Windows\system32\DRIVERS\usbuhci.sys
17:47:28.0936 0772 usbuhci - ok
17:47:29.0045 0772 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
17:47:29.0123 0772 vga - ok
17:47:29.0217 0772 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
17:47:29.0295 0772 VgaSave - ok
17:47:29.0357 0772 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
17:47:29.0373 0772 viaagp - ok
17:47:29.0420 0772 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
17:47:29.0498 0772 ViaC7 - ok
17:47:29.0576 0772 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
17:47:29.0591 0772 viaide - ok
17:47:29.0654 0772 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
17:47:29.0669 0772 volmgr - ok
17:47:29.0716 0772 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
17:47:29.0747 0772 volmgrx - ok
17:47:29.0841 0772 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
17:47:29.0856 0772 volsnap - ok
17:47:29.0919 0772 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
17:47:29.0934 0772 vsmraid - ok
17:47:29.0981 0772 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:47:30.0059 0772 WacomPen - ok
17:47:30.0106 0772 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
17:47:30.0122 0772 Wanarp - ok
17:47:30.0137 0772 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
17:47:30.0168 0772 Wanarpv6 - ok
17:47:30.0262 0772 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
17:47:30.0278 0772 Wd - ok
17:47:30.0371 0772 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
17:47:30.0434 0772 Wdf01000 - ok
17:47:30.0590 0772 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:47:30.0636 0772 winachsf - ok
17:47:30.0792 0772 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:47:30.0839 0772 WmiAcpi - ok
17:47:30.0917 0772 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
17:47:30.0980 0772 WpdUsb - ok
17:47:31.0104 0772 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
17:47:31.0167 0772 ws2ifsl - ok
17:47:31.0245 0772 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:47:31.0323 0772 WUDFRd - ok
17:47:31.0463 0772 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
17:47:31.0494 0772 XAudio - ok
17:47:31.0572 0772 {09BB444F-B2E2-4009-BAF2-7B727681223E} (f2478ffe3492b486adbc0f21e3e0b51f) C:\Program Files\VMLaunch\BuddyVM.sys
17:47:31.0572 0772 {09BB444F-B2E2-4009-BAF2-7B727681223E} ( UnsignedFile.Multi.Generic ) - warning
17:47:31.0572 0772 {09BB444F-B2E2-4009-BAF2-7B727681223E} - detected UnsignedFile.Multi.Generic (1)
17:47:31.0604 0772 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
17:47:31.0728 0772 \Device\Harddisk0\DR0 - ok
17:47:31.0744 0772 MBR (0x1B8) (08b26729634452d0c2889c002b1bb97c) \Device\Harddisk1\DR1
17:47:31.0884 0772 \Device\Harddisk1\DR1 - ok
17:47:31.0884 0772 Boot (0x1200) (6b8e490ed5943bd86df5d43d100d1615) \Device\Harddisk0\DR0\Partition0
17:47:31.0884 0772 \Device\Harddisk0\DR0\Partition0 - ok
17:47:31.0900 0772 Boot (0x1200) (71d33f9b807253e7c1da005c63bdffa1) \Device\Harddisk0\DR0\Partition1
17:47:31.0900 0772 \Device\Harddisk0\DR0\Partition1 - ok
17:47:31.0900 0772 Boot (0x1200) (024d1a4456ef8665e79b4e7d478fdc82) \Device\Harddisk1\DR1\Partition0
17:47:31.0900 0772 \Device\Harddisk1\DR1\Partition0 - ok
17:47:31.0900 0772 ============================================================
17:47:31.0900 0772 Scan finished
17:47:31.0900 0772 ============================================================
17:47:31.0931 2872 Detected object count: 4
17:47:31.0931 2872 Actual detected object count: 4
17:47:47.0531 2872 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
17:47:47.0531 2872 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:47:47.0531 2872 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
17:47:47.0531 2872 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:47:47.0531 2872 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:47:47.0531 2872 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:47:47.0547 2872 {09BB444F-B2E2-4009-BAF2-7B727681223E} ( UnsignedFile.Multi.Generic ) - skipped by user
17:47:47.0547 2872 {09BB444F-B2E2-4009-BAF2-7B727681223E} ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:11.0493 0328 ============================================================
17:48:11.0493 0328 Scan started
17:48:11.0493 0328 Mode: Manual; SigCheck; TDLFS;
17:48:11.0493 0328 ============================================================
17:48:11.0805 0328 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
17:48:11.0836 0328 ACPI - ok
17:48:11.0898 0328 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
17:48:11.0961 0328 adp94xx - ok
17:48:12.0023 0328 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
17:48:12.0039 0328 adpahci - ok
17:48:12.0164 0328 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
17:48:12.0164 0328 adpu160m - ok
17:48:12.0195 0328 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
17:48:12.0210 0328 adpu320 - ok
17:48:12.0257 0328 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
17:48:12.0257 0328 agp440 - ok
17:48:12.0288 0328 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:48:12.0304 0328 aic78xx - ok
17:48:12.0335 0328 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
17:48:12.0351 0328 aliide - ok
17:48:12.0382 0328 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
17:48:12.0398 0328 amdagp - ok
17:48:12.0522 0328 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
17:48:12.0538 0328 amdide - ok
17:48:12.0569 0328 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
17:48:12.0632 0328 AmdK7 - ok
17:48:12.0647 0328 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
17:48:12.0725 0328 AmdK8 - ok
17:48:12.0756 0328 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
17:48:12.0772 0328 arc - ok
17:48:12.0788 0328 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
17:48:12.0803 0328 arcsas - ok
17:48:12.0944 0328 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
17:48:12.0990 0328 aswFsBlk - ok
17:48:13.0006 0328 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
17:48:13.0053 0328 aswMonFlt - ok
17:48:13.0084 0328 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
17:48:13.0115 0328 aswRdr - ok
17:48:13.0146 0328 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
17:48:13.0178 0328 aswSnx - ok
17:48:13.0318 0328 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
17:48:13.0365 0328 aswSP - ok
17:48:13.0380 0328 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
17:48:13.0412 0328 aswTdi - ok
17:48:13.0474 0328 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
17:48:13.0536 0328 AsyncMac - ok
17:48:13.0583 0328 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
17:48:13.0583 0328 atapi - ok
17:48:13.0739 0328 BCM43XV (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys
17:48:13.0833 0328 BCM43XV - ok
17:48:13.0848 0328 BCM43XX (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys
17:48:13.0942 0328 BCM43XX - ok
17:48:14.0067 0328 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
17:48:14.0129 0328 Beep - ok
17:48:14.0145 0328 blbdrive - ok
17:48:14.0192 0328 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
17:48:14.0254 0328 bowser - ok
17:48:14.0285 0328 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:48:14.0316 0328 BrFiltLo - ok
17:48:14.0348 0328 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:48:14.0379 0328 BrFiltUp - ok
17:48:14.0426 0328 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:48:14.0488 0328 Brserid - ok
17:48:14.0519 0328 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:48:14.0582 0328 BrSerWdm - ok
17:48:14.0706 0328 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:48:14.0769 0328 BrUsbMdm - ok
17:48:14.0800 0328 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:48:14.0862 0328 BrUsbSer - ok
17:48:14.0878 0328 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:48:14.0940 0328 BTHMODEM - ok
17:48:14.0972 0328 BVRPMPR5 (6598d078d5446197aed6b46c6a2a3431) C:\Windows\system32\drivers\BVRPMPR5.SYS
17:48:14.0987 0328 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
17:48:14.0987 0328 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
17:48:15.0034 0328 catchme - ok
17:48:15.0159 0328 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
17:48:15.0221 0328 cdfs - ok
17:48:15.0252 0328 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
17:48:15.0315 0328 cdrom - ok
17:48:15.0346 0328 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
17:48:15.0408 0328 circlass - ok
17:48:15.0455 0328 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
17:48:15.0471 0328 CLFS - ok
17:48:15.0627 0328 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
17:48:15.0658 0328 CmBatt - ok
17:48:15.0689 0328 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
17:48:15.0705 0328 cmdide - ok
17:48:15.0736 0328 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
17:48:15.0752 0328 Compbatt - ok
17:48:15.0783 0328 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
17:48:15.0783 0328 crcdisk - ok
17:48:15.0814 0328 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
17:48:15.0876 0328 Crusoe - ok
17:48:16.0017 0328 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
17:48:16.0079 0328 DfsC - ok
17:48:16.0110 0328 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
17:48:16.0126 0328 disk - ok
17:48:16.0157 0328 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
17:48:16.0220 0328 drmkaud - ok
17:48:16.0282 0328 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
17:48:16.0344 0328 DXGKrnl - ok
17:48:16.0485 0328 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
17:48:16.0547 0328 E100B - ok
17:48:16.0594 0328 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:48:16.0656 0328 E1G60 - ok
17:48:16.0688 0328 eabfiltr (a6476585b4fefee46a9f42e4d2bfdfa4) C:\Windows\system32\DRIVERS\eabfiltr.sys
17:48:16.0703 0328 eabfiltr - ok
17:48:16.0719 0328 EagleNT - ok
17:48:16.0734 0328 EagleXNt - ok
17:48:16.0766 0328 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
17:48:16.0781 0328 Ecache - ok
17:48:16.0890 0328 eeCtrl (e89cc1363cb7f5320ae3b41c1333d0c3) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:48:16.0937 0328 eeCtrl - ok
17:48:17.0062 0328 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
17:48:17.0093 0328 ElbyCDFL - ok
17:48:17.0140 0328 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\Windows\system32\Drivers\ElbyCDIO.sys
17:48:17.0171 0328 ElbyCDIO - ok
17:48:17.0218 0328 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
17:48:17.0234 0328 elxstor - ok
17:48:17.0390 0328 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
17:48:17.0452 0328 fastfat - ok
17:48:17.0499 0328 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
17:48:17.0561 0328 fdc - ok
17:48:17.0608 0328 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
17:48:17.0624 0328 FileInfo - ok
17:48:17.0655 0328 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
17:48:17.0717 0328 Filetrace - ok
17:48:17.0826 0328 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
17:48:17.0889 0328 flpydisk - ok
17:48:17.0951 0328 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
17:48:17.0982 0328 FltMgr - ok
17:48:18.0014 0328 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
17:48:18.0045 0328 Fs_Rec - ok
17:48:18.0076 0328 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
17:48:18.0092 0328 gagp30kx - ok
17:48:18.0216 0328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
17:48:18.0232 0328 GEARAspiWDM - ok
17:48:18.0294 0328 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
17:48:18.0310 0328 HBtnKey - ok
17:48:18.0341 0328 HdAudAddService (de4020f928a2f8a6327f5687f36d361b) C:\Windows\system32\drivers\CHDART.sys
17:48:18.0357 0328 HdAudAddService - ok
17:48:18.0466 0328 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:48:18.0497 0328 HDAudBus - ok
17:48:18.0575 0328 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:48:18.0653 0328 HidBth - ok
17:48:18.0669 0328 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:48:18.0731 0328 HidIr - ok
17:48:18.0856 0328 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
17:48:18.0918 0328 HidUsb - ok
17:48:18.0965 0328 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
17:48:18.0981 0328 HpCISSs - ok
17:48:19.0028 0328 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:48:19.0059 0328 HSFHWAZL - ok
17:48:19.0121 0328 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:48:19.0168 0328 HSF_DPV - ok
17:48:19.0293 0328 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
17:48:19.0308 0328 HSXHWAZL - ok
17:48:19.0371 0328 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
17:48:19.0402 0328 HTTP - ok
17:48:19.0449 0328 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
17:48:19.0464 0328 i2omp - ok
17:48:19.0496 0328 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
17:48:19.0511 0328 i8042prt - ok
17:48:19.0714 0328 ialm (e84cad5121e30d88050ea210caff3095) C:\Windows\system32\DRIVERS\igdkmd32.sys
17:48:19.0808 0328 ialm - ok
17:48:19.0995 0328 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
17:48:20.0010 0328 iaStorV - ok
17:48:20.0120 0328 igfx (e84cad5121e30d88050ea210caff3095) C:\Windows\system32\DRIVERS\igdkmd32.sys
17:48:20.0213 0328 igfx - ok
17:48:20.0385 0328 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:48:20.0400 0328 iirsp - ok
17:48:20.0447 0328 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys
17:48:20.0447 0328 intelide - ok
17:48:20.0478 0328 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
17:48:20.0541 0328 intelppm - ok
17:48:20.0588 0328 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:48:20.0650 0328 IpFilterDriver - ok
17:48:20.0666 0328 IpInIp - ok
17:48:20.0697 0328 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
17:48:20.0759 0328 IPMIDRV - ok
17:48:20.0884 0328 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
17:48:20.0946 0328 IPNAT - ok
17:48:20.0978 0328 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
17:48:21.0040 0328 IRENUM - ok
17:48:21.0071 0328 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
17:48:21.0087 0328 isapnp - ok
17:48:21.0118 0328 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
17:48:21.0134 0328 iScsiPrt - ok
17:48:21.0165 0328 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:48:21.0165 0328 iteatapi - ok
17:48:21.0290 0328 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:48:21.0305 0328 iteraid - ok
17:48:21.0336 0328 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
17:48:21.0352 0328 kbdclass - ok
17:48:21.0383 0328 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
17:48:21.0399 0328 kbdhid - ok
17:48:21.0477 0328 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
17:48:21.0524 0328 KSecDD - ok
17:48:21.0695 0328 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
17:48:21.0758 0328 lltdio - ok
17:48:21.0789 0328 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
17:48:21.0804 0328 LSI_FC - ok
17:48:21.0836 0328 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
17:48:21.0851 0328 LSI_SAS - ok
17:48:21.0867 0328 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
17:48:21.0882 0328 LSI_SCSI - ok
17:48:21.0914 0328 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
17:48:21.0976 0328 luafv - ok
17:48:22.0101 0328 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:48:22.0116 0328 mdmxsdk - ok
17:48:22.0163 0328 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
17:48:22.0179 0328 megasas - ok
17:48:22.0226 0328 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
17:48:22.0288 0328 Modem - ok
17:48:22.0335 0328 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
17:48:22.0350 0328 monitor - ok
17:48:22.0475 0328 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
17:48:22.0491 0328 mouclass - ok
17:48:22.0522 0328 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
17:48:22.0538 0328 mouhid - ok
17:48:22.0584 0328 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
17:48:22.0584 0328 MountMgr - ok
17:48:22.0631 0328 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
17:48:22.0647 0328 mpio - ok
17:48:22.0772 0328 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
17:48:22.0803 0328 mpsdrv - ok
17:48:22.0850 0328 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:48:22.0850 0328 Mraid35x - ok
17:48:22.0896 0328 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
17:48:22.0912 0328 MRxDAV - ok
17:48:23.0037 0328 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:48:23.0052 0328 mrxsmb - ok
17:48:23.0115 0328 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:48:23.0130 0328 mrxsmb10 - ok
17:48:23.0146 0328 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:48:23.0177 0328 mrxsmb20 - ok
17:48:23.0224 0328 msahci (b2efb263600314babcf9dadb1cbba994) C:\Windows\system32\drivers\msahci.sys
17:48:23.0240 0328 msahci - ok
17:48:23.0286 0328 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
17:48:23.0286 0328 msdsm - ok
17:48:23.0427 0328 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
17:48:23.0489 0328 Msfs - ok
17:48:23.0505 0328 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
17:48:23.0520 0328 msisadrv - ok
17:48:23.0552 0328 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
17:48:23.0614 0328 MSKSSRV - ok
17:48:23.0645 0328 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
17:48:23.0708 0328 MSPCLOCK - ok
17:48:23.0739 0328 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
17:48:23.0801 0328 MSPQM - ok
17:48:23.0832 0328 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
17:48:23.0848 0328 MsRPC - ok
17:48:23.0973 0328 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
17:48:23.0973 0328 mssmbios - ok
17:48:24.0004 0328 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
17:48:24.0066 0328 MSTEE - ok
17:48:24.0098 0328 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
17:48:24.0113 0328 Mup - ok
17:48:24.0144 0328 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
17:48:24.0176 0328 NativeWifiP - ok
17:48:24.0207 0328 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
17:48:24.0254 0328 NDIS - ok
17:48:24.0410 0328 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
17:48:24.0425 0328 NdisTapi - ok
17:48:24.0456 0328 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
17:48:24.0519 0328 Ndisuio - ok
17:48:24.0550 0328 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
17:48:24.0612 0328 NdisWan - ok
17:48:24.0675 0328 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
17:48:24.0690 0328 NDProxy - ok
17:48:24.0706 0328 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
17:48:24.0784 0328 NetBIOS - ok
17:48:24.0909 0328 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
17:48:25.0002 0328 netbt - ok
17:48:25.0034 0328 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:48:25.0049 0328 nfrd960 - ok
17:48:25.0096 0328 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
17:48:25.0174 0328 Npfs - ok
17:48:25.0205 0328 npkcrypt - ok
17:48:25.0330 0328 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
17:48:25.0392 0328 nsiproxy - ok
17:48:25.0486 0328 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
17:48:25.0533 0328 Ntfs - ok
17:48:25.0673 0328 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:48:25.0736 0328 ntrigdigi - ok
17:48:25.0767 0328 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
17:48:25.0829 0328 Null - ok
17:48:25.0860 0328 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
17:48:25.0860 0328 nvraid - ok
17:48:25.0892 0328 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
17:48:25.0907 0328 nvstor - ok
17:48:25.0938 0328 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
17:48:25.0954 0328 nv_agp - ok
17:48:26.0048 0328 NwlnkFlt - ok
17:48:26.0079 0328 NwlnkFwd - ok
17:48:26.0126 0328 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
17:48:26.0188 0328 ohci1394 - ok
17:48:26.0219 0328 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:48:26.0282 0328 Parport - ok
17:48:26.0313 0328 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
17:48:26.0328 0328 partmgr - ok
17:48:26.0360 0328 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:48:26.0422 0328 Parvdm - ok
17:48:26.0562 0328 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
17:48:26.0578 0328 pci - ok
17:48:26.0640 0328 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
17:48:26.0656 0328 pciide - ok
17:48:26.0687 0328 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:48:26.0703 0328 pcmcia - ok
17:48:26.0765 0328 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:48:26.0859 0328 PEAUTH - ok
17:48:27.0030 0328 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
17:48:27.0108 0328 PptpMiniport - ok
17:48:27.0140 0328 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:48:27.0218 0328 Processor - ok
17:48:27.0264 0328 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
17:48:27.0280 0328 PSched - ok
17:48:27.0327 0328 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
17:48:27.0327 0328 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
17:48:27.0327 0328 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
17:48:27.0498 0328 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:48:27.0561 0328 ql2300 - ok
17:48:27.0701 0328 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:48:27.0717 0328 ql40xx - ok
17:48:27.0764 0328 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
17:48:27.0795 0328 QWAVEdrv - ok
17:48:27.0826 0328 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
17:48:27.0888 0328 RasAcd - ok
17:48:27.0920 0328 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:48:27.0982 0328 Rasl2tp - ok
17:48:27.0998 0328 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
17:48:28.0060 0328 RasPppoe - ok
17:48:28.0200 0328 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
17:48:28.0263 0328 rdbss - ok
17:48:28.0294 0328 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:48:28.0356 0328 RDPCDD - ok
17:48:28.0403 0328 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
17:48:28.0466 0328 rdpdr - ok
17:48:28.0481 0328 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
17:48:28.0544 0328 RDPENCDD - ok
17:48:28.0575 0328 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
17:48:28.0637 0328 RDPWD - ok
17:48:28.0700 0328 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
17:48:28.0762 0328 rspndr - ok
17:48:28.0887 0328 RTL8023xp (dda0d5842335e78e375e96c308858a61) C:\Windows\system32\DRIVERS\Rtnicxp.sys
17:48:28.0918 0328 RTL8023xp - ok
17:48:28.0980 0328 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:48:28.0996 0328 sbp2port - ok
17:48:29.0058 0328 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:48:29.0121 0328 secdrv - ok
17:48:29.0152 0328 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:48:29.0214 0328 Serenum - ok
17:48:29.0355 0328 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:48:29.0433 0328 Serial - ok
17:48:29.0464 0328 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
17:48:29.0480 0328 sermouse - ok
17:48:29.0526 0328 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
17:48:29.0589 0328 sffdisk - ok
17:48:29.0620 0328 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
17:48:29.0682 0328 sffp_mmc - ok
17:48:29.0823 0328 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
17:48:29.0885 0328 sffp_sd - ok
17:48:29.0901 0328 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:48:29.0963 0328 sfloppy - ok
17:48:30.0010 0328 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
17:48:30.0026 0328 sisagp - ok
17:48:30.0041 0328 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
17:48:30.0057 0328 SiSRaid2 - ok
17:48:30.0088 0328 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:48:30.0104 0328 SiSRaid4 - ok
17:48:30.0228 0328 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
17:48:30.0306 0328 Smb - ok
17:48:30.0338 0328 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
17:48:30.0353 0328 spldr - ok
17:48:30.0416 0328 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
17:48:30.0416 0328 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
17:48:30.0416 0328 sptd ( LockedFile.Multi.Generic ) - warning
17:48:30.0416 0328 sptd - detected LockedFile.Multi.Generic (1)
17:48:30.0556 0328 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
17:48:30.0572 0328 srv - ok
17:48:30.0618 0328 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
17:48:30.0650 0328 srv2 - ok
17:48:30.0712 0328 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
17:48:30.0728 0328 srvnet - ok
17:48:30.0790 0328 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
17:48:30.0790 0328 swenum - ok
17:48:30.0899 0328 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:48:30.0915 0328 Symc8xx - ok
17:48:30.0962 0328 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:48:30.0977 0328 Sym_hi - ok
17:48:31.0008 0328 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:48:31.0024 0328 Sym_u3 - ok
17:48:31.0071 0328 SynTP (81cf7aa63bb3cca31e1d1944c0a45fc7) C:\Windows\system32\DRIVERS\SynTP.sys
17:48:31.0102 0328 SynTP - ok
17:48:31.0242 0328 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
17:48:31.0320 0328 Tcpip - ok
17:48:31.0383 0328 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
17:48:31.0430 0328 Tcpip6 - ok
17:48:31.0476 0328 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
17:48:31.0539 0328 tcpipreg - ok
17:48:31.0632 0328 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
17:48:31.0695 0328 TDPIPE - ok
17:48:31.0757 0328 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
17:48:31.0820 0328 TDTCP - ok
17:48:31.0866 0328 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
17:48:31.0929 0328 tdx - ok
17:48:32.0022 0328 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
17:48:32.0038 0328 TermDD - ok
17:48:32.0116 0328 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:48:32.0178 0328 tssecsrv - ok
17:48:32.0225 0328 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
17:48:32.0241 0328 tunmp - ok
17:48:32.0272 0328 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
17:48:32.0303 0328 tunnel - ok
17:48:32.0397 0328 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
17:48:32.0412 0328 uagp35 - ok
17:48:32.0475 0328 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
17:48:32.0553 0328 udfs - ok
17:48:32.0584 0328 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
17:48:32.0600 0328 uliagpkx - ok
17:48:32.0631 0328 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
17:48:32.0662 0328 uliahci - ok
17:48:32.0756 0328 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:48:32.0771 0328 UlSata - ok
17:48:32.0849 0328 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:48:32.0865 0328 ulsata2 - ok
17:48:32.0896 0328 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
17:48:32.0958 0328 umbus - ok
17:48:33.0005 0328 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
17:48:33.0021 0328 USBAAPL - ok
17:48:33.0130 0328 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
17:48:33.0192 0328 usbccgp - ok
17:48:33.0255 0328 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:48:33.0317 0328 usbcir - ok
17:48:33.0348 0328 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
17:48:33.0380 0328 usbehci - ok
17:48:33.0411 0328 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
17:48:33.0442 0328 usbhub - ok
17:48:33.0536 0328 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:48:33.0598 0328 usbohci - ok
17:48:33.0660 0328 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
17:48:33.0723 0328 usbprint - ok
17:48:33.0770 0328 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:48:33.0785 0328 USBSTOR - ok
17:48:33.0832 0328 usbuhci (d864735b0bfcb65440960a0b7cc1a38d) C:\Windows\system32\DRIVERS\usbuhci.sys
17:48:33.0848 0328 usbuhci - ok
17:48:33.0957 0328 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
17:48:34.0019 0328 vga - ok
17:48:34.0082 0328 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
17:48:34.0144 0328 VgaSave - ok
17:48:34.0175 0328 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
17:48:34.0191 0328 viaagp - ok
17:48:34.0222 0328 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
17:48:34.0300 0328 ViaC7 - ok
17:48:34.0394 0328 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
17:48:34.0409 0328 viaide - ok
17:48:34.0472 0328 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
17:48:34.0487 0328 volmgr - ok
17:48:34.0518 0328 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
17:48:34.0534 0328 volmgrx - ok
17:48:34.0628 0328 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
17:48:34.0643 0328 volsnap - ok
17:48:34.0706 0328 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
17:48:34.0721 0328 vsmraid - ok
17:48:34.0768 0328 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:48:34.0830 0328 WacomPen - ok
17:48:34.0893 0328 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
17:48:34.0908 0328 Wanarp - ok
17:48:34.0908 0328 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
17:48:34.0940 0328 Wanarpv6 - ok
17:48:35.0018 0328 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
17:48:35.0033 0328 Wd - ok
17:48:35.0127 0328 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
17:48:35.0189 0328 Wdf01000 - ok
17:48:35.0392 0328 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:48:35.0517 0328 winachsf - ok
17:48:35.0704 0328 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:48:35.0720 0328 WmiAcpi - ok
17:48:35.0798 0328 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
17:48:35.0860 0328 WpdUsb - ok
17:48:35.0907 0328 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
17:48:35.0969 0328 ws2ifsl - ok
17:48:36.0016 0328 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:48:36.0078 0328 WUDFRd - ok
17:48:36.0203 0328 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
17:48:36.0219 0328 XAudio - ok
17:48:36.0281 0328 {09BB444F-B2E2-4009-BAF2-7B727681223E} (f2478ffe3492b486adbc0f21e3e0b51f) C:\Program Files\VMLaunch\BuddyVM.sys
17:48:36.0297 0328 {09BB444F-B2E2-4009-BAF2-7B727681223E} ( UnsignedFile.Multi.Generic ) - warning
17:48:36.0297 0328 {09BB444F-B2E2-4009-BAF2-7B727681223E} - detected UnsignedFile.Multi.Generic (1)
17:48:36.0312 0328 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
17:48:36.0437 0328 \Device\Harddisk0\DR0 - ok
17:48:36.0437 0328 MBR (0x1B8) (08b26729634452d0c2889c002b1bb97c) \Device\Harddisk1\DR1
17:48:36.0578 0328 \Device\Harddisk1\DR1 - ok
17:48:36.0578 0328 Boot (0x1200) (6b8e490ed5943bd86df5d43d100d1615) \Device\Harddisk0\DR0\Partition0
17:48:36.0578 0328 \Device\Harddisk0\DR0\Partition0 - ok
17:48:36.0593 0328 Boot (0x1200) (71d33f9b807253e7c1da005c63bdffa1) \Device\Harddisk0\DR0\Partition1
17:48:36.0593 0328 \Device\Harddisk0\DR0\Partition1 - ok
17:48:36.0609 0328 Boot (0x1200) (024d1a4456ef8665e79b4e7d478fdc82) \Device\Harddisk1\DR1\Partition0
17:48:36.0609 0328 \Device\Harddisk1\DR1\Partition0 - ok
17:48:36.0609 0328 ============================================================
17:48:36.0609 0328 Scan finished
17:48:36.0609 0328 ============================================================
17:48:36.0624 2036 Detected object count: 4
17:48:36.0624 2036 Actual detected object count: 4
17:48:46.0967 2036 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:46.0967 2036 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:46.0967 2036 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:46.0967 2036 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:46.0967 2036 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:48:46.0967 2036 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:48:46.0967 2036 {09BB444F-B2E2-4009-BAF2-7B727681223E} ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:46.0967 2036 {09BB444F-B2E2-4009-BAF2-7B727681223E} ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:49.0650 1424 Deinitialize success

MBRCheck Report:
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Presario C500 (GF572UA#ABA)
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 156):
0x81C00000 \SystemRoot\system32\ntkrnlpa.exe
0x81FA1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80700000 \SystemRoot\System32\Drivers\spsx.sys
0x80204000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8047E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8043B000 \SystemRoot\system32\drivers\acpi.sys
0x80433000 \SystemRoot\system32\drivers\msisadrv.sys
0x80424000 \SystemRoot\system32\drivers\volmgr.sys
0x806DB000 \SystemRoot\system32\drivers\pci.sys
0x80201000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8041A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8040A000 \SystemRoot\System32\drivers\mountmgr.sys
0x80403000 \SystemRoot\system32\drivers\intelide.sys
0x806CD000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80683000 \SystemRoot\System32\drivers\volmgrx.sys
0x8067B000 \SystemRoot\system32\drivers\atapi.sys
0x8065D000 \SystemRoot\system32\drivers\ataport.SYS
0x80654000 \SystemRoot\system32\drivers\msahci.sys
0x80623000 \SystemRoot\system32\drivers\fltmgr.sys
0x80613000 \SystemRoot\system32\drivers\fileinfo.sys
0x8060A000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x824FC000 \SystemRoot\system32\drivers\ndis.sys
0x824D1000 \SystemRoot\system32\drivers\msrpc.sys
0x82498000 \SystemRoot\system32\drivers\NETIO.SYS
0x826F8000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8242E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x826C2000 \SystemRoot\system32\drivers\volsnap.sys
0x80602000 \SystemRoot\System32\Drivers\spldr.sys
0x8241F000 \SystemRoot\System32\drivers\partmgr.sys
0x82410000 \SystemRoot\System32\Drivers\mup.sys
0x8269D000 \SystemRoot\System32\drivers\ecache.sys
0x8268C000 \SystemRoot\system32\drivers\disk.sys
0x8266B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82407000 \SystemRoot\system32\drivers\crcdisk.sys
0x88D50000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8858B000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88A3E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x85E57000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x85FC0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x88117000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x88594000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x89019000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x88CB3000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8804E000 \SystemRoot\System32\drivers\watchdog.sys
0x8803C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x88C2D000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x88D5B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x88493000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x88A4C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8802B000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0x880F0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x88018000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x88D66000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x88A05000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x85E6F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x88D71000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x88133000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0x88000000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x88468000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x89B9B000 \SystemRoot\System32\Drivers\ae1jsr0v.SYS
0x89B64000 \SystemRoot\System32\Drivers\a0ouhipx.SYS
0x88C02000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x89B24000 \SystemRoot\system32\DRIVERS\storport.sys
0x88D7C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x89002000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x88D87000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x89B01000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x88B2E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x89AEE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x88B3D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x85E7B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x89AC4000 \SystemRoot\system32\DRIVERS\ks.sys
0x884DA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x88403000 \SystemRoot\system32\DRIVERS\umbus.sys
0x88570000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x89A90000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x85F80000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x89A67000 \SystemRoot\system32\drivers\CHDART.sys
0x89A3A000 \SystemRoot\system32\drivers\portcls.sys
0x89A15000 \SystemRoot\system32\drivers\drmk.sys
0x89CF3000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8A0FD000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x89C3F000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x89D30000 \SystemRoot\system32\drivers\modem.sys
0x8A014000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8D37C000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x885AF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x88125000 \SystemRoot\System32\Drivers\Null.SYS
0x8812C000 \SystemRoot\System32\Drivers\Beep.SYS
0x8805B000 \SystemRoot\System32\drivers\vga.sys
0x8D26B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x881F8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8A03D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x88D92000 \SystemRoot\System32\Drivers\Msfs.SYS
0x88A5A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x885B8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E92B000 \SystemRoot\System32\drivers\tcpip.sys
0x8D232000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8D21D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x88DA8000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8D209000 \SystemRoot\system32\DRIVERS\smb.sys
0x88148000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8E8F9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E8E3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x88A68000 \SystemRoot\system32\DRIVERS\netbios.sys
0x85E7F000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x8A02A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E8A8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x884E4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x880AD000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x8E808000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x8EBE9000 \SystemRoot\System32\Drivers\dfsc.sys
0x8EB9E000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8EB76000 \SystemRoot\System32\Drivers\fastfat.SYS
0x89D57000 \SystemRoot\System32\Drivers\crashdmp.sys
0x88DB3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x885E5000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x96800000 \SystemRoot\System32\win32k.sys
0x884F8000 \SystemRoot\System32\drivers\Dxapi.sys
0x88B6A000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA7E00000 \SystemRoot\System32\TSDDD.dll
0xA7E10000 \SystemRoot\System32\cdd.dll
0xA82C3000 \SystemRoot\system32\drivers\luafv.sys
0xA828B000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x85E3C000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA9CB2000 \SystemRoot\system32\drivers\spsys.sys
0x85F70000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAA6D9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8853E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9C5F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAA600000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAB114000 \SystemRoot\system32\drivers\mrxdav.sys
0xAB0F6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAB0BD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAB0AB000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB09B8000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB08A2000 \SystemRoot\system32\drivers\peauth.sys
0x88548000 \SystemRoot\System32\Drivers\secdrv.SYS
0x88D9D000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB080D000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xAB1BF000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xAA73C000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xB0984000 \??\C:\Program Files\VMLaunch\BuddyVM.sys
0x881A0000 \??\C:\Users\Ovenmitt\AppData\Local\Temp\catchme.sys
0xAB099000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x8D3EA000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77A60000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\daemon.dll

Processes (total 41):
0 System Idle Process
4 System
420 C:\Windows\System32\smss.exe
556 csrss.exe
596 C:\Windows\System32\wininit.exe
608 csrss.exe
640 C:\Windows\System32\services.exe
656 C:\Windows\System32\lsass.exe
664 C:\Windows\System32\lsm.exe
732 C:\Windows\System32\winlogon.exe
860 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\audiodg.exe
1208 C:\Windows\System32\SLsvc.exe
1252 C:\Windows\System32\svchost.exe
1436 C:\Windows\System32\svchost.exe
1524 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
2012 C:\Windows\System32\dwm.exe
436 C:\Windows\System32\svchost.exe
1232 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1028 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
1464 C:\Program Files\SafeConnect\scManager.sys
1196 C:\Windows\System32\svchost.exe
824 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\SearchIndexer.exe
2008 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2076 WUDFHost.exe
2216 C:\Windows\System32\taskeng.exe
2256 C:\Windows\System32\taskeng.exe
1604 C:\Windows\System32\conime.exe
2892 C:\ComboFix\PEV.exe
3792 C:\Windows\explorer.exe
3888 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
3120 C:\Program Files\SafeConnect\SCClient.exe
2444 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
1560 C:\Windows\System32\wbem\unsecapp.exe
3876 WmiPrvSE.exe
4004 C:\Users\Ovenmitt\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000011`27cafc00 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541680J9SA00, Rev: SB2OC7BP

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

OTL Report:
OTL logfile created on: 12/21/2011 5:51:10 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ovenmitt\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.50 Mb Total Physical Memory | 339.27 Mb Available Physical Memory | 33.48% Memory free
2.23 Gb Paging File | 1.66 Gb Available in Paging File | 74.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.62 Gb Total Space | 18.07 Gb Free Space | 26.33% Space Free | Partition Type: NTFS
Drive D: | 5.91 Gb Total Space | 0.95 Gb Free Space | 16.04% Space Free | Partition Type: NTFS
Drive G: | 3.93 Gb Total Space | 3.90 Gb Free Space | 99.30% Space Free | Partition Type: FAT32

Computer Name: LOKI | User Name: Ovenmitt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/20 14:34:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ovenmitt\Desktop\OTL.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/04/23 12:00:34 | 000,103,968 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2007/04/09 09:44:58 | 000,206,368 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2006/11/02 03:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe


========== Modules (No Company Name) ==========

MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/05/08 09:06:38 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/09/19 04:31:10 | 002,221,200 | ---- | M] (Giraffic) [Auto | Stopped] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/04/23 12:00:34 | 000,103,968 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2006/06/26 10:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/06/22 06:35:10 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/05/15 16:21:16 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/06/15 11:25:46 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/02/15 18:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/11/02 08:43:50 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/09/25 17:19:52 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/08/04 11:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 10:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2004/10/05 10:40:18 | 000,015,872 | ---- | M] (Interlex Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMLaunch\BuddyVM.sys -- ({09BB444F-B2E2-4009-BAF2-7B727681223E})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...SARIO&pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
IE - HKU\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-707605045-4109517109-592397696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-707605045-4109517109-592397696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\BitTorrent_DNA\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Ovenmitt\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Ovenmitt\AppData\Roaming\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ovenmitt\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ovenmitt\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/10 07:35:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/30 20:50:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/30 20:50:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Ovenmitt\Program Files\DNA [2008/08/31 22:21:34 | 000,000,000 | ---D | M]

[2011/06/06 19:36:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions
[2009/10/14 15:23:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/06 19:36:58 | 000,000,000 | ---D | M] (PageRage Community Toolbar) -- C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
[2011/06/06 19:36:58 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\[email protected]
[2011/06/06 19:34:23 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\[email protected]
[2011/03/09 20:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/09 20:15:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2007/12/04 20:12:22 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2008/08/31 22:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\OVENMITT\PROGRAM FILES\DNA
[2007/11/28 13:12:01 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2007/11/28 13:12:02 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2007/11/28 13:12:03 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2007/11/28 13:12:04 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2007/11/28 13:12:04 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2011/03/09 20:14:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/02 10:21:15 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ovenmitt\AppData\Local\Google\Chrome\Application\8.0.552.215\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Ovenmitt\AppData\Local\Google\Chrome\Application\8.0.552.215\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ovenmitt\AppData\Local\Google\Chrome\Application\8.0.552.215\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: BitTorrent DNA Plug-in (Enabled) = C:\Program Files\BitTorrent_DNA\npbtdna.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: VeohTV Plugin (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: NPVeohVersion2 plugin (Enabled) = C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ovenmitt\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/21 17:35:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-707605045-4109517109-592397696-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-707605045-4109517109-592397696-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-707605045-4109517109-592397696-1000..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O7 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs...ameLauncher.CAB (Wizard101GameLauncher)
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} http://218be9f87d470...=/dl_applet.cab (Installer.InstallControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{453D4B25-5BDA-4367-8EE3-D79FD7C8EE1E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA131B7A-6BE7-425D-A35A-7684ECB2B9B7}: DhcpNameServer = 192.168.1.1 68.238.96.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ovenmitt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/15 07:37:05 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | --S- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2011/12/20 14:30:14 | 000,000,016 | -H-- | M] () - G:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:322657bdb1)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/21 17:44:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/21 17:44:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/21 17:44:40 | 000,000,000 | ---D | C] -- C:\Users\Ovenmitt\AppData\Local\temp
[2011/12/21 16:51:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/21 16:51:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/21 16:51:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/12/21 16:51:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/21 16:51:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/21 16:51:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/21 16:50:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/21 16:46:17 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ovenmitt\Desktop\tdsskiller.exe
[2011/12/21 16:46:12 | 004,347,226 | R--- | C] (Swearware) -- C:\Users\Ovenmitt\Desktop\ComboFix.exe
[2011/12/20 14:39:47 | 000,000,000 | ---D | C] -- C:\Users\Ovenmitt\Desktop\RK_Quarantine
[2011/12/20 14:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/12/20 14:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2011/12/20 14:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2011/12/20 14:37:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ovenmitt\Desktop\OTL.exe
[2011/12/20 14:37:19 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Ovenmitt\Desktop\aswMBR.exe
[2011/12/17 10:54:13 | 000,000,000 | ---D | C] -- C:\Users\Ovenmitt\Desktop\FUN!
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/21 17:35:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/21 17:08:01 | 000,626,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/21 17:08:01 | 000,107,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/21 17:02:12 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-707605045-4109517109-592397696-1000UA.job
[2011/12/21 17:00:33 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/21 17:00:33 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/21 17:00:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/21 17:00:21 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/21 16:50:47 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-707605045-4109517109-592397696-1000Core.job
[2011/12/21 16:43:58 | 000,080,384 | ---- | M] () -- C:\Users\Ovenmitt\Desktop\MBRCheck.exe
[2011/12/21 16:43:22 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ovenmitt\Desktop\tdsskiller.exe
[2011/12/21 16:42:20 | 004,347,226 | R--- | M] (Swearware) -- C:\Users\Ovenmitt\Desktop\ComboFix.exe
[2011/12/20 14:34:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ovenmitt\Desktop\OTL.exe
[2011/12/20 14:33:54 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Ovenmitt\Desktop\aswMBR.exe
[2011/12/20 14:31:44 | 000,771,072 | ---- | M] () -- C:\Users\Ovenmitt\Desktop\RogueKiller.exe
[2011/12/20 14:28:36 | 000,823,346 | ---- | M] () -- C:\Users\Ovenmitt\Desktop\USBVaccine.zip
[2011/12/19 09:31:10 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/12/19 09:28:43 | 000,012,252 | --S- | M] () -- C:\ProgramData\xdgsnm4q8ojs3nyw5quo8i636e8q
[2011/12/19 09:28:42 | 000,012,252 | --S- | M] () -- C:\Users\Ovenmitt\AppData\Local\xdgsnm4q8ojs3nyw5quo8i636e8q
[2011/12/10 19:20:25 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/10 07:35:13 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 12:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/21 16:51:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/21 16:51:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/21 16:51:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/21 16:51:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/21 16:51:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/21 16:46:26 | 000,080,384 | ---- | C] () -- C:\Users\Ovenmitt\Desktop\MBRCheck.exe
[2011/12/20 14:39:03 | 000,823,346 | ---- | C] () -- C:\Users\Ovenmitt\Desktop\USBVaccine.zip
[2011/12/20 14:37:30 | 000,771,072 | ---- | C] () -- C:\Users\Ovenmitt\Desktop\RogueKiller.exe
[2011/12/19 20:31:21 | 1063,378,944 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/14 05:30:15 | 000,012,252 | --S- | C] () -- C:\Users\Ovenmitt\AppData\Local\xdgsnm4q8ojs3nyw5quo8i636e8q
[2011/12/14 05:30:15 | 000,012,252 | --S- | C] () -- C:\ProgramData\xdgsnm4q8ojs3nyw5quo8i636e8q
[2011/08/10 01:50:27 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2009/10/14 18:10:31 | 000,000,096 | ---- | C] () -- C:\Users\Ovenmitt\AppData\Local\fusioncache.dat
[2009/06/04 14:53:31 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/03/15 11:32:12 | 000,001,356 | ---- | C] () -- C:\Users\Ovenmitt\AppData\Local\d3d9caps.dat
[2009/01/16 17:52:47 | 000,000,071 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/01/01 01:24:17 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/06/02 13:08:40 | 000,000,041 | --S- | C] () -- C:\ProgramData\.zreglib
[2007/12/04 20:12:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/11/29 16:30:28 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/11/28 15:52:32 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/11/21 17:12:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2007/09/17 19:33:41 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/09/09 14:52:36 | 000,183,296 | ---- | C] () -- C:\Users\Ovenmitt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/08 12:51:58 | 000,023,888 | ---- | C] () -- C:\Users\Ovenmitt\AppData\Roaming\UserTile.png
[2007/05/08 10:17:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1272.dll
[2007/05/08 09:06:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/10 05:54:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/06 05:02:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,351,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,626,976 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,107,714 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 01:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 01:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/19 00:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 00:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/09 18:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004/09/16 14:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2003/11/16 03:48:02 | 000,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2003/11/16 03:48:00 | 001,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2003/11/15 10:54:18 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2002/10/06 16:42:58 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll

========== LOP Check ==========

[2011/03/06 14:26:49 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\BitTorrent
[2008/03/12 18:31:42 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\BitTorrent DNA
[2008/12/31 21:39:28 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\CoreCodec
[2008/06/22 06:35:09 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\DAEMON Tools
[2008/09/01 19:53:10 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\DNA
[2007/09/08 15:51:07 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\JCreator
[2007/09/28 14:05:28 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\Nexon
[2007/09/08 12:51:58 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\PeerNetworking
[2009/08/03 07:00:11 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\RenPy
[2008/06/14 08:35:09 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\Secret of the Solstice
[2008/11/04 17:08:37 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\SlySoft
[2008/08/23 22:17:39 | 000,000,000 | ---D | M] -- C:\Users\Spatula\AppData\Roaming\DAEMON Tools
[2011/12/21 16:59:01 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo

< End of report >
  • 0

#7
Gilfindel

Gilfindel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Neither wired nor wireless Internet access is working; the adaptors appear to be unable to recognize or discover the default gateway, and hence it's not getting an IP address assigned. This was working shortly before we started this process, even with the virus; I don't think it's anything you or I did (I blame the virus, frankly), but we're going to have to get that straightened out as well.

Also, Avast is unable to start the Web real time protection process, although the other Avast checks are working properly. Something seems to be blocking it. Trying to open Windows Firewall and Windows Defender, both of which show disabled, results in cryptic error messages.
  • 0

#8
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    IE - HKU\S-1-5-21-707605045-4109517109-592397696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\BitTorrent_DNA\npbtdna.dll (BitTorrent, Inc.)
    FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Ovenmitt\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Ovenmitt\Program Files\DNA [2008/08/31 22:21:34 | 000,000,000 | ---D | M]
    [2011/06/06 19:36:58 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\[email protected]
    [2011/06/06 19:34:23 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\[email protected]
    [2011/03/09 20:15:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    CHR - plugin: BitTorrent DNA Plug-in (Enabled) = C:\Program Files\BitTorrent_DNA\npbtdna.dll
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    [2011/12/19 09:28:43 | 000,012,252 | --S- | M] () -- C:\ProgramData\xdgsnm4q8ojs3nyw5quo8i636e8q
    [2011/12/19 09:28:42 | 000,012,252 | --S- | M] () -- C:\Users\Ovenmitt\AppData\Local\xdgsnm4q8ojs3nyw5quo8i636e8q
    [2011/03/06 14:26:49 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\BitTorrent
    [2008/03/12 18:31:42 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\BitTorrent DNA
    [2008/09/01 19:53:10 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\DNA
    [2009/09/28 18:08:32 | 000,058,760 | ---- | M] () -- C:\symlcsv1.exe
    @Alternate Data Stream - 60 bytes -> C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo
    
    :files
    ipconfig /flushdns /c
    
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "UacDisableNotify" = DWORD:0
    "InternetSettingsDisableNotify" = DWORD:0
    "AutoUpdateDisableNotify" = DWORD:0
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 2.

Lets check out the net services first to see what is not working correctly for your internet connection.

Can you please download this farbar service scanner

Put it on the desktop and double click to run it
Posted Image
Tick "Internet services" option.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.


Step 3.

Please rerun OTL.

Click Scan all Users, LOP, and Purity

Then click Quickscan

It will produce an OTL.txt log on your desktop. Please post it in your next reply.


Step 4.

Please post:

OTL fix log
FSS.txt
OTL.txt


Please tell me what brand and model number your computer is.

Please tell me how the computer is performing!
  • 0

#9
Gilfindel

Gilfindel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
It's a Compaq Presario. There's no model number on the unit, but the serial number is QF572UAR, if that helps any. Still unable to access the Internet.

The first OTL report:

All processes killed
========== OTL ==========
HKU\S-1-5-21-707605045-4109517109-592397696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA\ deleted successfully.
C:\Program Files\BitTorrent_DNA\npbtdna.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA\ deleted successfully.
C:\Users\Ovenmitt\Program Files\DNA\plugins\npbtdna.dll moved successfully.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Ovenmitt\Program Files\DNA not found.
C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\[email protected]\searchplugin folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\[email protected]\lib folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\[email protected]\DualPackage folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\[email protected] folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\[email protected]\skin folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\[email protected]\locale folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\[email protected]\content folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\[email protected] folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
File C:\Program Files\BitTorrent_DNA\npbtdna.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-707605045-4109517109-592397696-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\ProgramData\xdgsnm4q8ojs3nyw5quo8i636e8q moved successfully.
C:\Users\Ovenmitt\AppData\Local\xdgsnm4q8ojs3nyw5quo8i636e8q moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\BitTorrent\locale folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\BitTorrent\incomplete folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\BitTorrent\data\torrents folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\BitTorrent\data\resume folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\BitTorrent\data\metainfo folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\BitTorrent\data folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\BitTorrent folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\BitTorrent DNA folder moved successfully.
C:\Users\Ovenmitt\AppData\Roaming\DNA folder moved successfully.
C:\symlcsv1.exe moved successfully.
ADS C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ovenmitt\Desktop\cmd.bat deleted successfully.
C:\Users\Ovenmitt\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UacDisableNotify" | DWORD:0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"InternetSettingsDisableNotify" | DWORD:0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AutoUpdateDisableNotify" |DWORD:0 /E : value set successfully!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ovenmitt
->Temp folder emptied: 130138 bytes
->Temporary Internet Files folder emptied: 8377951073 bytes
->Java cache emptied: 119943519 bytes
->FireFox cache emptied: 82146244 bytes
->Google Chrome cache emptied: 26779845 bytes
->Flash cache emptied: 3870355 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Spatula
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1962848 bytes
RecycleBin emptied: 98335 bytes

Total Files Cleaned = 8,214.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 12222011_171547

Files\Folders moved on Reboot...
C:\Users\Ovenmitt\AppData\Local\Temp\ehmsas.txt moved successfully.
File move failed. C:\Windows\SE388F88F.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

The FSS report:
Farbar Service Scanner
Ran by Ovenmitt (administrator) on 22-12-2011 at 17:40:27
Microsoft® Windows Vista™ Home Premium (X86)
********************************************************

Internet Services:
=================
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of afd. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of afd. The value does not exist.


Connection Status:
=================
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
==========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
Attention! C:\Windows\system32\Drivers\afd.sys is missing.
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

The second OTL report:

OTL logfile created on: 12/22/2011 5:42:01 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ovenmitt\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.50 Mb Total Physical Memory | 421.23 Mb Available Physical Memory | 41.56% Memory free
2.23 Gb Paging File | 1.61 Gb Available in Paging File | 72.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.62 Gb Total Space | 23.08 Gb Free Space | 33.63% Space Free | Partition Type: NTFS
Drive D: | 5.91 Gb Total Space | 0.95 Gb Free Space | 16.04% Space Free | Partition Type: NTFS
Drive G: | 3.93 Gb Total Space | 3.90 Gb Free Space | 99.29% Space Free | Partition Type: FAT32

Computer Name: LOKI | User Name: Ovenmitt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/20 14:34:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ovenmitt\Desktop\OTL.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/10/15 11:14:26 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/08 06:11:12 | 000,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/11/13 15:48:54 | 003,411,968 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
PRC - [2007/07/12 03:00:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2007/04/23 12:00:34 | 000,103,968 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2007/04/09 09:44:58 | 000,206,368 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2006/11/02 03:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2006/09/28 13:21:04 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe


========== Modules (No Company Name) ==========

MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/08/08 06:10:48 | 000,081,920 | ---- | M] () -- C:\Program Files\DAEMON Tools Lite\Lang\ENU.dll
MOD - [2007/05/08 09:06:38 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/11/24 16:33:18 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2006/10/01 22:49:16 | 000,389,120 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\AdobeXMP.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/09/19 04:31:10 | 002,221,200 | ---- | M] (Giraffic) [Auto | Stopped] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/04/23 12:00:34 | 000,103,968 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2006/06/26 10:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/06/22 06:35:10 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/05/15 16:21:16 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/06/15 11:25:46 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/02/15 18:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/11/02 08:43:50 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/09/25 17:19:52 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/08/04 11:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 10:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2004/10/05 10:40:18 | 000,015,872 | ---- | M] (Interlex Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMLaunch\BuddyVM.sys -- ({09BB444F-B2E2-4009-BAF2-7B727681223E})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...SARIO&pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
IE - HKU\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-707605045-4109517109-592397696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-707605045-4109517109-592397696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Ovenmitt\AppData\Roaming\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ovenmitt\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ovenmitt\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/10 07:35:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/30 20:50:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/30 20:50:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Ovenmitt\Program Files\DNA [2008/08/31 22:21:34 | 000,000,000 | ---D | M]

[2011/12/22 17:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions
[2009/10/14 15:23:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/06 19:36:58 | 000,000,000 | ---D | M] (PageRage Community Toolbar) -- C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
[2011/12/22 17:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/04 20:12:22 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2008/08/31 22:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\OVENMITT\PROGRAM FILES\DNA
[2007/11/28 13:12:01 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2007/11/28 13:12:02 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2007/11/28 13:12:03 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2007/11/28 13:12:04 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2007/11/28 13:12:04 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2011/03/09 20:14:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/02 10:21:15 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ovenmitt\AppData\Local\Google\Chrome\Application\8.0.552.215\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Ovenmitt\AppData\Local\Google\Chrome\Application\8.0.552.215\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ovenmitt\AppData\Local\Google\Chrome\Application\8.0.552.215\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: BitTorrent DNA Plug-in (Enabled) = C:\Program Files\BitTorrent_DNA\npbtdna.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: VeohTV Plugin (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: NPVeohVersion2 plugin (Enabled) = C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ovenmitt\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/22 17:16:15 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-707605045-4109517109-592397696-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-707605045-4109517109-592397696-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-707605045-4109517109-592397696-1000..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs...ameLauncher.CAB (Wizard101GameLauncher)
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} http://218be9f87d470...=/dl_applet.cab (Installer.InstallControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{453D4B25-5BDA-4367-8EE3-D79FD7C8EE1E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA131B7A-6BE7-425D-A35A-7684ECB2B9B7}: DhcpNameServer = 192.168.1.1 68.238.96.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ovenmitt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/15 07:37:05 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | --S- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2011/12/20 14:30:14 | 000,000,016 | -H-- | M] () - G:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:322657bdb1)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/22 17:15:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/21 17:44:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/21 17:44:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/21 17:44:40 | 000,000,000 | ---D | C] -- C:\Users\Ovenmitt\AppData\Local\temp
[2011/12/21 16:51:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/21 16:51:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/21 16:51:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/12/21 16:51:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/21 16:51:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/21 16:51:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/21 16:50:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/21 16:46:17 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ovenmitt\Desktop\tdsskiller.exe
[2011/12/21 16:46:12 | 004,347,226 | R--- | C] (Swearware) -- C:\Users\Ovenmitt\Desktop\ComboFix.exe
[2011/12/20 14:39:47 | 000,000,000 | ---D | C] -- C:\Users\Ovenmitt\Desktop\RK_Quarantine
[2011/12/20 14:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/12/20 14:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2011/12/20 14:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2011/12/20 14:37:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ovenmitt\Desktop\OTL.exe
[2011/12/20 14:37:19 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Ovenmitt\Desktop\aswMBR.exe
[2011/12/17 10:54:13 | 000,000,000 | ---D | C] -- C:\Users\Ovenmitt\Desktop\FUN!
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/22 17:35:29 | 000,626,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/22 17:35:29 | 000,107,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/22 17:30:17 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/12/22 17:27:17 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 17:27:17 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 17:27:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/22 17:27:05 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/22 17:16:15 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/12/22 17:15:52 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-707605045-4109517109-592397696-1000Core.job
[2011/12/22 17:02:10 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-707605045-4109517109-592397696-1000UA.job
[2011/12/21 16:43:58 | 000,080,384 | ---- | M] () -- C:\Users\Ovenmitt\Desktop\MBRCheck.exe
[2011/12/21 16:43:22 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ovenmitt\Desktop\tdsskiller.exe
[2011/12/21 16:42:20 | 004,347,226 | R--- | M] (Swearware) -- C:\Users\Ovenmitt\Desktop\ComboFix.exe
[2011/12/20 14:34:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ovenmitt\Desktop\OTL.exe
[2011/12/20 14:33:54 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Ovenmitt\Desktop\aswMBR.exe
[2011/12/20 14:31:44 | 000,771,072 | ---- | M] () -- C:\Users\Ovenmitt\Desktop\RogueKiller.exe
[2011/12/20 14:28:36 | 000,823,346 | ---- | M] () -- C:\Users\Ovenmitt\Desktop\USBVaccine.zip
[2011/12/10 19:20:25 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/10 07:35:13 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 12:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/22 17:39:36 | 000,330,663 | ---- | C] () -- C:\Users\Ovenmitt\Desktop\FSS.exe
[2011/12/21 16:51:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/21 16:51:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/21 16:51:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/21 16:51:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/21 16:51:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/21 16:46:26 | 000,080,384 | ---- | C] () -- C:\Users\Ovenmitt\Desktop\MBRCheck.exe
[2011/12/20 14:39:03 | 000,823,346 | ---- | C] () -- C:\Users\Ovenmitt\Desktop\USBVaccine.zip
[2011/12/20 14:37:30 | 000,771,072 | ---- | C] () -- C:\Users\Ovenmitt\Desktop\RogueKiller.exe
[2011/12/19 20:31:21 | 1063,378,944 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/10 01:50:27 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2009/10/14 18:10:31 | 000,000,096 | ---- | C] () -- C:\Users\Ovenmitt\AppData\Local\fusioncache.dat
[2009/06/04 14:53:31 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/03/15 11:32:12 | 000,001,356 | ---- | C] () -- C:\Users\Ovenmitt\AppData\Local\d3d9caps.dat
[2009/01/16 17:52:47 | 000,000,071 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/01/01 01:24:17 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/06/02 13:08:40 | 000,000,041 | --S- | C] () -- C:\ProgramData\.zreglib
[2007/12/04 20:12:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/11/29 16:30:28 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/11/28 15:52:32 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/11/21 17:12:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2007/09/17 19:33:41 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/09/09 14:52:36 | 000,183,296 | ---- | C] () -- C:\Users\Ovenmitt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/08 12:51:58 | 000,023,888 | ---- | C] () -- C:\Users\Ovenmitt\AppData\Roaming\UserTile.png
[2007/05/08 10:17:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1272.dll
[2007/05/08 09:06:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/10 05:54:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/06 05:02:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,351,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,626,976 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,107,714 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 01:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 01:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/19 00:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 00:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/09 18:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004/09/16 14:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2003/11/16 03:48:02 | 000,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2003/11/16 03:48:00 | 001,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2003/11/15 10:54:18 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2002/10/06 16:42:58 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll

========== LOP Check ==========

[2008/12/31 21:39:28 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\CoreCodec
[2008/06/22 06:35:09 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\DAEMON Tools
[2007/09/08 15:51:07 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\JCreator
[2007/09/28 14:05:28 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\Nexon
[2007/09/08 12:51:58 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\PeerNetworking
[2009/08/03 07:00:11 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\RenPy
[2008/06/14 08:35:09 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\Secret of the Solstice
[2008/11/04 17:08:37 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\SlySoft
[2008/08/23 22:17:39 | 000,000,000 | ---D | M] -- C:\Users\Spatula\AppData\Roaming\DAEMON Tools
[2011/12/22 17:25:43 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#10
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
The Farbar tool identified the afd.sys file as missing. This scan is to find a replacement for that file and to check on other features of Windows that you have noticed are not working correctly. This only collects information for me to prepare a fix in my next post to start restoring your internet service.


Step 1.

Re run OTL from your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    afd.sys
    afd.*
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open one notepad window, OTL.Txt.
  • Post the log



Step 2.

Please post the OTL.txt file
  • 0

Advertisements


#11
Gilfindel

Gilfindel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
OTL still had the LOP Check and Purity Check options on from the last run. Hopefully that won't make a difference to the results:

OTL logfile created on: 12/23/2011 9:18:51 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ovenmitt\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.50 Mb Total Physical Memory | 418.76 Mb Available Physical Memory | 41.32% Memory free
2.23 Gb Paging File | 1.63 Gb Available in Paging File | 73.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.62 Gb Total Space | 21.62 Gb Free Space | 31.51% Space Free | Partition Type: NTFS
Drive D: | 5.91 Gb Total Space | 0.95 Gb Free Space | 16.04% Space Free | Partition Type: NTFS
Drive G: | 3.93 Gb Total Space | 3.90 Gb Free Space | 99.29% Space Free | Partition Type: FAT32

Computer Name: LOKI | User Name: Ovenmitt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/20 14:34:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ovenmitt\Desktop\OTL.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/10/15 11:14:26 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/08 06:11:12 | 000,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/11/13 15:48:54 | 003,411,968 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
PRC - [2007/07/12 03:00:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2007/04/23 12:00:34 | 000,103,968 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2007/04/09 09:44:58 | 000,206,368 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2006/09/28 13:21:04 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe


========== Modules (No Company Name) ==========

MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/08/08 06:10:48 | 000,081,920 | ---- | M] () -- C:\Program Files\DAEMON Tools Lite\Lang\ENU.dll
MOD - [2007/05/08 09:06:38 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/11/24 16:33:18 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/09/19 04:31:10 | 002,221,200 | ---- | M] (Giraffic) [Auto | Stopped] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/04/23 12:00:34 | 000,103,968 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2006/06/26 10:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/06/22 06:35:10 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/05/15 16:21:16 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/06/15 11:25:46 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/02/15 18:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/11/02 08:43:50 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/09/25 17:19:52 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/08/04 11:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 10:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2004/10/05 10:40:18 | 000,015,872 | ---- | M] (Interlex Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMLaunch\BuddyVM.sys -- ({09BB444F-B2E2-4009-BAF2-7B727681223E})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...SARIO&pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
IE - HKU\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-707605045-4109517109-592397696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Ovenmitt\AppData\Roaming\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ovenmitt\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ovenmitt\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/10 07:35:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/30 20:50:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/30 20:50:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Ovenmitt\Program Files\DNA [2008/08/31 22:21:34 | 000,000,000 | ---D | M]

[2011/12/22 17:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions
[2009/10/14 15:23:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/06 19:36:58 | 000,000,000 | ---D | M] (PageRage Community Toolbar) -- C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
[2011/12/22 17:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/04 20:12:22 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2008/08/31 22:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\OVENMITT\PROGRAM FILES\DNA
[2007/11/28 13:12:01 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2007/11/28 13:12:02 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2007/11/28 13:12:03 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2007/11/28 13:12:04 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2007/11/28 13:12:04 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2011/03/09 20:14:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/02 10:21:15 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ovenmitt\AppData\Local\Google\Chrome\Application\8.0.552.215\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Ovenmitt\AppData\Local\Google\Chrome\Application\8.0.552.215\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ovenmitt\AppData\Local\Google\Chrome\Application\8.0.552.215\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: BitTorrent DNA Plug-in (Enabled) = C:\Program Files\BitTorrent_DNA\npbtdna.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: VeohTV Plugin (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: NPVeohVersion2 plugin (Enabled) = C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ovenmitt\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/22 17:16:15 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-707605045-4109517109-592397696-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-707605045-4109517109-592397696-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-707605045-4109517109-592397696-1000..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs...ameLauncher.CAB (Wizard101GameLauncher)
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} http://218be9f87d470...=/dl_applet.cab (Installer.InstallControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{453D4B25-5BDA-4367-8EE3-D79FD7C8EE1E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA131B7A-6BE7-425D-A35A-7684ECB2B9B7}: DhcpNameServer = 192.168.1.1 68.238.96.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ovenmitt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/15 07:37:05 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | --S- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2011/12/20 14:30:14 | 000,000,016 | -H-- | M] () - G:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:322657bdb1)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/22 17:15:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/21 17:44:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/21 17:44:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/21 17:44:40 | 000,000,000 | ---D | C] -- C:\Users\Ovenmitt\AppData\Local\temp
[2011/12/21 16:51:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/21 16:51:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/21 16:51:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/12/21 16:51:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/21 16:51:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/21 16:51:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/21 16:50:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/21 16:46:17 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ovenmitt\Desktop\tdsskiller.exe
[2011/12/21 16:46:12 | 004,347,226 | R--- | C] (Swearware) -- C:\Users\Ovenmitt\Desktop\ComboFix.exe
[2011/12/20 14:39:47 | 000,000,000 | ---D | C] -- C:\Users\Ovenmitt\Desktop\RK_Quarantine
[2011/12/20 14:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/12/20 14:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2011/12/20 14:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2011/12/20 14:37:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ovenmitt\Desktop\OTL.exe
[2011/12/20 14:37:19 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Ovenmitt\Desktop\aswMBR.exe
[2011/12/17 10:54:13 | 000,000,000 | ---D | C] -- C:\Users\Ovenmitt\Desktop\FUN!
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/23 09:22:09 | 000,626,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/23 09:22:09 | 000,107,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/23 09:06:08 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/12/23 09:04:08 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 09:04:08 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 09:04:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/23 09:03:57 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/22 22:02:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-707605045-4109517109-592397696-1000UA.job
[2011/12/22 17:16:15 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/12/22 17:15:52 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-707605045-4109517109-592397696-1000Core.job
[2011/12/21 16:43:58 | 000,080,384 | ---- | M] () -- C:\Users\Ovenmitt\Desktop\MBRCheck.exe
[2011/12/21 16:43:22 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ovenmitt\Desktop\tdsskiller.exe
[2011/12/21 16:42:20 | 004,347,226 | R--- | M] (Swearware) -- C:\Users\Ovenmitt\Desktop\ComboFix.exe
[2011/12/20 14:34:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ovenmitt\Desktop\OTL.exe
[2011/12/20 14:33:54 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Ovenmitt\Desktop\aswMBR.exe
[2011/12/20 14:31:44 | 000,771,072 | ---- | M] () -- C:\Users\Ovenmitt\Desktop\RogueKiller.exe
[2011/12/20 14:28:36 | 000,823,346 | ---- | M] () -- C:\Users\Ovenmitt\Desktop\USBVaccine.zip
[2011/12/10 19:20:25 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/10 07:35:13 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 12:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/22 17:39:36 | 000,330,663 | ---- | C] () -- C:\Users\Ovenmitt\Desktop\FSS.exe
[2011/12/21 16:51:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/21 16:51:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/21 16:51:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/21 16:51:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/21 16:51:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/21 16:46:26 | 000,080,384 | ---- | C] () -- C:\Users\Ovenmitt\Desktop\MBRCheck.exe
[2011/12/20 14:39:03 | 000,823,346 | ---- | C] () -- C:\Users\Ovenmitt\Desktop\USBVaccine.zip
[2011/12/20 14:37:30 | 000,771,072 | ---- | C] () -- C:\Users\Ovenmitt\Desktop\RogueKiller.exe
[2011/12/19 20:31:21 | 1063,378,944 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/10 01:50:27 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2009/10/14 18:10:31 | 000,000,096 | ---- | C] () -- C:\Users\Ovenmitt\AppData\Local\fusioncache.dat
[2009/06/04 14:53:31 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/03/15 11:32:12 | 000,001,356 | ---- | C] () -- C:\Users\Ovenmitt\AppData\Local\d3d9caps.dat
[2009/01/16 17:52:47 | 000,000,071 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/01/01 01:24:17 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/06/02 13:08:40 | 000,000,041 | --S- | C] () -- C:\ProgramData\.zreglib
[2007/12/04 20:12:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/11/29 16:30:28 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/11/28 15:52:32 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/11/21 17:12:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2007/09/17 19:33:41 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/09/09 14:52:36 | 000,183,296 | ---- | C] () -- C:\Users\Ovenmitt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/08 12:51:58 | 000,023,888 | ---- | C] () -- C:\Users\Ovenmitt\AppData\Roaming\UserTile.png
[2007/05/08 10:17:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1272.dll
[2007/05/08 09:06:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/10 05:54:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/06 05:02:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,351,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,626,976 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,107,714 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 01:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 01:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/19 00:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 00:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/09 18:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004/09/16 14:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2003/11/16 03:48:02 | 000,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2003/11/16 03:48:00 | 001,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2003/11/15 10:54:18 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2002/10/06 16:42:58 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll

========== LOP Check ==========

[2008/12/31 21:39:28 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\CoreCodec
[2008/06/22 06:35:09 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\DAEMON Tools
[2007/09/08 15:51:07 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\JCreator
[2007/09/28 14:05:28 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\Nexon
[2007/09/08 12:51:58 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\PeerNetworking
[2009/08/03 07:00:11 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\RenPy
[2008/06/14 08:35:09 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\Secret of the Solstice
[2008/11/04 17:08:37 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\SlySoft
[2008/08/23 22:17:39 | 000,000,000 | ---D | M] -- C:\Users\Spatula\AppData\Roaming\DAEMON Tools
[2011/12/22 22:22:48 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AFD.SYS >
[2008/01/18 23:57:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2008/01/18 23:57:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys

< MD5 for: AFD.SYS.MUI >
[2006/11/02 06:41:18 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=3B69705A572F1638ED5F081437A15A55 -- C:\Windows\System32\drivers\en-US\afd.sys.mui
[2006/11/02 06:41:18 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=3B69705A572F1638ED5F081437A15A55 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.0.6000.16386_en-us_49b1fe5f817b8a13\afd.sys.mui

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2006/11/02 02:57:20 | 000,184,320 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{453D4B25-5BDA-4367-8EE3-D79FD7C8EE1E}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{DA131B7A-6BE7-425D-A35A-7684ECB2B9B7}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2006/11/02 02:57:26 | 000,035,840 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 04 01 02 01 05 01 03 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 5
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/11/02 03:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-06 06:48:26

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall >

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Activation Assistant for the 2007 Microsoft Office suites]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\avast]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CD Audio Reader Filter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CDex]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CloneCD]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_HDAUDIO]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30A5]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DC-Bass Source]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectVobSub]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DScaler 5 Mpeg Decoders_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ffdshow_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Giraffic]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gmask 1.70 English]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GOM Player]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HaaliMkx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDMI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HOMESTUDENTR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HPOOVClient-3572475 Uninstaller]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ImageViewer_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{97A96172-A963-4A37-9FFB-DA6805BB915A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InterActual Player]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IrfanView]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IvanView]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JCreator LE_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M953297]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MapleStory]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MONOGRAM AMR Splitter/Decoder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Movies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (2.0.0.11)]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSDN Library for Microsoft Visual Studio 2008 Express Editions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenSource Flash Video Splitter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealMedia]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 12.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafeConnect]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SHOUTcast Source]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST6UNST #1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SynTPDeinstKey]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tetris Planet_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Core Media Player]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Veoh Video Compass]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinAce Archiver]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoomPlayer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00170409-78E1-11D2-B60F-006097C998E7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0394CDC8-FABD-4ed8-B104-03393876DFDF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{07287123-B8AC-41CE-8346-3D777245C35B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D397393-9B50-4c52-84D5-77E344289F87}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15DD1D3C-8386-47D4-91A4-2D25FAFE1255}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18D10072035C4515918F7E37EAFAACFC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21E62565-8639-457C-B64C-A3FF0A8B4D80}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{228C6B46-64E2-404E-898A-EF0830603EF4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{254C37AA-6B72-4300-84F6-98A82419187E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216024FF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{32A3A4F4-B792-11D6-A78A-00B0D0160020}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{34D2AB40-150D-475D-AE32-BD23FB5EE355}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F7AED3-0C7D-4582-99F6-484A515C73F2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45D707E9-F3C4-11D9-A373-0050BAE317E1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56C64E81-FC93-4cb9-9EBF-953662950D3B}_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57752979-A1C9-4C02-856B-FBB27AC4E02C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62369F2F77534556AEF4C58152E3BDE5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{669D4A35-146B-4314-89F1-1AC3D7B88367}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6D52C408-B09A-4520-9B18-475B81D393F1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DE13770-01B7-4366-8DA6-48237793F445}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7585478E9D9B42108671C12F8714CEFE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83FFCFC7-88C6-41c6-8752-958A45325C82}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8ADC27DB-E2C8-446C-A576-166C05C2DD24}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8ADFC4160D694100B5B8A22DE9DCABD9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8C6027FD-53DC-446D-BB75-CACD7028A134}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0409-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{01D4CA59-7070-4420-9BCC-0EFA7C5D76BE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{536FB502-775F-4494-BACE-C02CC90B7A5B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{5729F1AE-5895-468F-9165-BAD161C9E982}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{5C497F0B-2061-4CC9-A61C-6B45B867354D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{643C12A2-AF9A-4712-B8BE-3B7650AFE00A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{65EA4836-B5A3-4C1D-8883-0C35E471003A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7F207DCA-3399-40CB-A968-6E5991B1421A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8588DD11-6BD7-4400-B55C-DD5AB74B43E1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BF3F1CBD-B05C-4644-AE43-6EE0FCC227A4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CD769337-C8AC-46DB-A7DC-643E50089263}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D75E6D0C-BADF-4F41-98B2-0C0F02C15062}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{97A96172-A963-4A37-9FFB-DA6805BB915A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{980A182F-E0A2-4A40-94C1-AE0C1235902E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C5770C-1C90-42E7-9B74-D47CFAF14621}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A80000000002}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B13A7C41581B411290FBC0395694E2A9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B222E134-CF77-43A3-AF7B-DE8618EB2862}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4C0A315-07FB-39F9-85CD-8CE20C019350}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B7050CBDB2504B34BC2A9CA0A692CC29}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C523D256-313D-4866-B36A-F3DE528246EF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D050D7362D214723AD585B541FFB6C11}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E4D02EF2-6F12-4BE9-9928-2F27DA01A915}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E56D39F8-2A9F-44B4-B068-A72E45A073E6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EC2A8F27-4FBF-4E41-B27B-FE822511B761}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE6097DD-05F4-4178-9719-D3170BF098E8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}]

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall >

< C:\Windows\assembly\tmp\U\*.* /s >

< >

< End of report >
  • 0

#12
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

Please click Start, then type command prompt, above this you will see c:\ Command Prompt, right click on it and click Run as administrator.

The black DOS box should now appear. Please type C:\ then press Enter

Now copy the line in the box below and then paste it after the C:\ prompt. Then press Enter


copy c:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys c:\windows\system32\Drivers


Answer Y if prompted, it should say 1 file copied.

Now we need to correct the registry issues for afd.sys.
Download the attached zip file to your desktop
Extract the Afd reg fix file to your desktop
Right click the file and select merge
Attached File  afd reg fix.zip   611bytes   98 downloads


Now reboot the computer.


Step 2.

Test to see if you know have an internet connection. If you do then go to step 5. If not then do the following:

Re run farbar service scanner

Posted Image
Tick "Internet services" and "Windows Firewall" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.



Step 3.

Download Windows Repair (all in one) from this site

Install the program then run

Go to step 2 and allow it to run Disc check
Posted Image
Once that is done then go to step 3 and allow it to run SFC
Posted Image
On the start repairs tab select advanced mode and click start
Posted Image
Select the items in the red surround (remove the ticks from the rest ) and tick restart system when finished then click Start
Posted Image

Reboot the computer after it finishes if it does not reboot itself.


Step 4.

Try to connect to the internet now. If it does work go on to step 5.

If it does not please note any error messages you receive and post in your next reply

Now go on to step 5.


Step 5.

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and paste it in your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image


Step 6.

Please post:

FSS.txt (if run)
Error messages (if noted)
AVP malware removal log

Also attach:

Avptool_sysinfo.zip


Please tell me how the computer is running and what issues remain!
  • 0

#13
Gilfindel

Gilfindel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Replacing the afd.sys file seems to have fixed the Internet issue. It looks like everything is functioning properly now. The only thing found in the virus scan was in one of the system backup copies.

Status: Deleted (events: 1)
12/24/2011 3:06:29 PM Deleted malware HackTool.Win32.PassDic.cy D:\HP\RECOVERY\RestoreWiz.exe Medium

Attached Files


  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

  • Re-run AVPTool
  • Select the Manual Disinfection tab and press Script execution
    Posted Image
  • Where it states Insert text script in the following box copy the below script and press Run script
    Copy from Begin until End
    Posted Image
    begin 
    SetAVZPMStatus(True); 
    SearchRootkit(true, true); 
    SetAVZGuardStatus(True); 
    QuarantineFile('C:\Windows\Downloaded Program Files\installer.ocx','');
    QuarantineFile('progman.exe','');
    QuarantineFile('C:\Windows\System32\Drivers\sppf.sys','');
    QuarantineFile('C:\Windows\System32\Drivers\dump_msahci.sys','');
    QuarantineFile('C:\Windows\System32\Drivers\dump_dumpata.sys','');
    DeleteFile('C:\Users\Ovenmitt\AppData\Local\temp\_uninst_80587260.bat');
    DeleteFile('C:\Windows\system32\DRIVERS\5205086drv.sys');
    BC_ImportDeletedList; 
    ExecuteSysClean; 
    BC_Activate; 
    RebootWindows(true); 
    end.

  • Your system will reboot on completion, if it does not please do so yourself
  • On completion please run another analysis scan and attach the zip file


Step 2.

Re run OTL from your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    sptd.sys
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open one notepad window, OTL.Txt.
  • Post the log


What issues remain with your computer?
  • 0

#15
Gilfindel

Gilfindel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Near as I can tell, everything is working fine. The Kaspersky scan found nothing; here'sthe OTL report:

OTL logfile created on: 12/25/2011 5:04:47 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ovenmitt\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.50 Mb Total Physical Memory | 320.39 Mb Available Physical Memory | 31.61% Memory free
2.23 Gb Paging File | 1.23 Gb Available in Paging File | 55.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.62 Gb Total Space | 21.25 Gb Free Space | 30.96% Space Free | Partition Type: NTFS
Drive D: | 5.91 Gb Total Space | 0.95 Gb Free Space | 16.06% Space Free | Partition Type: NTFS

Computer Name: LOKI | User Name: Ovenmitt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/24 18:29:37 | 000,717,296 | ---- | M] () -- C:\Users\Ovenmitt\AppData\Local\temp\RarSFX0\5205086.exe
PRC - [2011/12/24 18:29:28 | 000,457,736 | ---- | M] (Kaspersky Lab) -- C:\Users\Ovenmitt\AppData\Local\temp\1162604\5205086.exe
PRC - [2011/12/20 14:34:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ovenmitt\Desktop\OTL.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/09/19 04:31:10 | 002,221,200 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2011/09/19 04:30:52 | 003,663,488 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_Giraffic.exe
PRC - [2009/10/15 11:14:26 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/07/17 21:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/08 06:11:12 | 000,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/11/13 15:48:54 | 003,411,968 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
PRC - [2007/07/12 03:00:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/04/23 12:00:34 | 000,103,968 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2007/04/09 09:44:58 | 000,206,368 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2006/09/28 13:21:04 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/24 18:29:37 | 000,717,296 | ---- | M] () -- C:\Users\Ovenmitt\AppData\Local\temp\RarSFX0\5205086.exe
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/08/08 06:10:48 | 000,081,920 | ---- | M] () -- C:\Program Files\DAEMON Tools Lite\Lang\ENU.dll
MOD - [2007/05/08 09:06:38 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/11/24 16:33:18 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/09/19 04:31:10 | 002,221,200 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/04/23 12:00:34 | 000,103,968 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2006/06/26 10:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Unknown | Running] -- -- (5205086drv)
DRV - [2011/12/25 13:54:57 | 000,010,240 | ---- | M] (Zaitsev Oleg, 2006) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ujy2odk2.sys -- (ujy2odk2)
DRV - [2011/12/25 13:54:57 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uty2odk2.sys -- (uty2odk2)
DRV - [2011/12/25 13:54:27 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\uzy2odk2.sys -- (uzy2odk2)
DRV - [2011/12/24 18:27:44 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\36414514.sys -- (36414514)
DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/06/22 06:35:10 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/05/15 16:21:16 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/06/15 11:25:46 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/02/15 18:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/11/02 08:43:50 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/09/25 17:19:52 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/08/04 11:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 10:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2004/10/05 10:40:18 | 000,015,872 | ---- | M] (Interlex Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMLaunch\BuddyVM.sys -- ({09BB444F-B2E2-4009-BAF2-7B727681223E})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...SARIO&pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
IE - HKU\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-707605045-4109517109-592397696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Ovenmitt\AppData\Roaming\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ovenmitt\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ovenmitt\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/10 07:35:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/30 20:50:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/30 20:50:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Ovenmitt\Program Files\DNA [2008/08/31 22:21:34 | 000,000,000 | ---D | M]

[2011/12/22 17:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions
[2009/10/14 15:23:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/06 19:36:58 | 000,000,000 | ---D | M] (PageRage Community Toolbar) -- C:\Users\Ovenmitt\AppData\Roaming\mozilla\Firefox\Profiles\3ukka615.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
[2011/12/22 17:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/04 20:12:22 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2008/08/31 22:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\OVENMITT\PROGRAM FILES\DNA
[2007/11/28 13:12:01 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2007/11/28 13:12:02 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2007/11/28 13:12:03 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2007/11/28 13:12:04 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2007/11/28 13:12:04 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2011/03/09 20:14:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/02 10:21:15 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ovenmitt\AppData\Local\Google\Chrome\Application\8.0.552.215\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Ovenmitt\AppData\Local\Google\Chrome\Application\8.0.552.215\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ovenmitt\AppData\Local\Google\Chrome\Application\8.0.552.215\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: BitTorrent DNA Plug-in (Enabled) = C:\Program Files\BitTorrent_DNA\npbtdna.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: VeohTV Plugin (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: NPVeohVersion2 plugin (Enabled) = C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ovenmitt\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/22 17:16:15 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-707605045-4109517109-592397696-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-707605045-4109517109-592397696-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-707605045-4109517109-592397696-1000..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - Startup: C:\Users\Ovenmitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_36414514.lnk = C:\Users\Ovenmitt\AppData\Local\temp\_uninst_36414514.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-707605045-4109517109-592397696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs...ameLauncher.CAB (Wizard101GameLauncher)
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} http://218be9f87d470...=/dl_applet.cab (Installer.InstallControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{453D4B25-5BDA-4367-8EE3-D79FD7C8EE1E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA131B7A-6BE7-425D-A35A-7684ECB2B9B7}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ovenmitt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/15 07:37:05 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | --S- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:322657bdb1)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/25 13:54:57 | 000,010,240 | ---- | C] (Zaitsev Oleg, 2006) -- C:\Windows\System32\drivers\ujy2odk2.sys
[2011/12/25 13:51:16 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\36414514.sys
[2011/12/24 09:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/12/22 17:15:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/21 17:44:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/21 17:44:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/21 17:44:40 | 000,000,000 | ---D | C] -- C:\Users\Ovenmitt\AppData\Local\temp
[2011/12/21 16:51:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/21 16:51:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/21 16:51:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/12/21 16:51:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/21 16:51:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/21 16:51:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/21 16:50:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/21 16:46:17 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ovenmitt\Desktop\tdsskiller.exe
[2011/12/21 16:46:12 | 004,347,226 | R--- | C] (Swearware) -- C:\Users\Ovenmitt\Desktop\ComboFix.exe
[2011/12/20 14:39:47 | 000,000,000 | ---D | C] -- C:\Users\Ovenmitt\Desktop\RK_Quarantine
[2011/12/20 14:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/12/20 14:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2011/12/20 14:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2011/12/20 14:37:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ovenmitt\Desktop\OTL.exe
[2011/12/20 14:37:19 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Ovenmitt\Desktop\aswMBR.exe
[2011/12/17 10:54:13 | 000,000,000 | ---D | C] -- C:\Users\Ovenmitt\Desktop\FUN!
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/25 17:02:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-707605045-4109517109-592397696-1000UA.job
[2011/12/25 16:57:33 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/25 16:57:33 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/25 14:05:30 | 000,626,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/25 14:05:30 | 000,107,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/25 13:58:36 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/12/25 13:57:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/25 13:57:18 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/25 13:54:57 | 000,010,240 | ---- | M] (Zaitsev Oleg, 2006) -- C:\Windows\System32\drivers\ujy2odk2.sys
[2011/12/25 13:54:57 | 000,007,168 | ---- | M] () -- C:\Windows\System32\drivers\uty2odk2.sys
[2011/12/25 13:54:27 | 000,011,264 | ---- | M] () -- C:\Windows\System32\drivers\uzy2odk2.sys
[2011/12/25 13:52:32 | 000,000,806 | ---- | M] () -- C:\Users\Ovenmitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_36414514.lnk
[2011/12/24 18:27:44 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\36414514.sys
[2011/12/24 15:12:29 | 000,022,163 | ---- | M] () -- C:\Users\Ovenmitt\Desktop\avptool_sysinfo.zip
[2011/12/24 09:52:00 | 108,764,424 | ---- | M] () -- C:\Users\Ovenmitt\Desktop\setup_11.0.0.1245.x01_2011_12_24_18_27.exe
[2011/12/22 18:29:10 | 000,001,680 | ---- | M] () -- C:\Users\Ovenmitt\Desktop\afd reg fix.reg
[2011/12/22 17:16:15 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/12/22 17:15:52 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-707605045-4109517109-592397696-1000Core.job
[2011/12/21 16:43:58 | 000,080,384 | ---- | M] () -- C:\Users\Ovenmitt\Desktop\MBRCheck.exe
[2011/12/21 16:43:22 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ovenmitt\Desktop\tdsskiller.exe
[2011/12/21 16:42:20 | 004,347,226 | R--- | M] (Swearware) -- C:\Users\Ovenmitt\Desktop\ComboFix.exe
[2011/12/20 14:34:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ovenmitt\Desktop\OTL.exe
[2011/12/20 14:33:54 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Ovenmitt\Desktop\aswMBR.exe
[2011/12/20 14:31:44 | 000,771,072 | ---- | M] () -- C:\Users\Ovenmitt\Desktop\RogueKiller.exe
[2011/12/20 14:28:36 | 000,823,346 | ---- | M] () -- C:\Users\Ovenmitt\Desktop\USBVaccine.zip
[2011/12/10 19:20:25 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/10 07:35:13 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 12:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/25 13:54:51 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\uty2odk2.sys
[2011/12/25 13:54:26 | 000,011,264 | ---- | C] () -- C:\Windows\System32\drivers\uzy2odk2.sys
[2011/12/25 13:52:32 | 000,000,806 | ---- | C] () -- C:\Users\Ovenmitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_36414514.lnk
[2011/12/24 15:17:46 | 000,022,163 | ---- | C] () -- C:\Users\Ovenmitt\Desktop\avptool_sysinfo.zip
[2011/12/24 09:54:26 | 108,764,424 | ---- | C] () -- C:\Users\Ovenmitt\Desktop\setup_11.0.0.1245.x01_2011_12_24_18_27.exe
[2011/12/24 09:46:57 | 000,001,680 | ---- | C] () -- C:\Users\Ovenmitt\Desktop\afd reg fix.reg
[2011/12/22 17:39:36 | 000,330,663 | ---- | C] () -- C:\Users\Ovenmitt\Desktop\FSS.exe
[2011/12/21 16:51:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/21 16:51:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/21 16:51:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/21 16:51:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/21 16:51:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/21 16:46:26 | 000,080,384 | ---- | C] () -- C:\Users\Ovenmitt\Desktop\MBRCheck.exe
[2011/12/20 14:39:03 | 000,823,346 | ---- | C] () -- C:\Users\Ovenmitt\Desktop\USBVaccine.zip
[2011/12/20 14:37:30 | 000,771,072 | ---- | C] () -- C:\Users\Ovenmitt\Desktop\RogueKiller.exe
[2011/12/19 20:31:21 | 1063,378,944 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/10 01:50:27 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2009/10/14 18:10:31 | 000,000,096 | ---- | C] () -- C:\Users\Ovenmitt\AppData\Local\fusioncache.dat
[2009/06/04 14:53:31 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/03/15 11:32:12 | 000,001,356 | ---- | C] () -- C:\Users\Ovenmitt\AppData\Local\d3d9caps.dat
[2009/01/16 17:52:47 | 000,000,071 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/01/01 01:24:17 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/06/02 13:08:40 | 000,000,041 | --S- | C] () -- C:\ProgramData\.zreglib
[2007/12/04 20:12:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/11/29 16:30:28 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/11/28 15:52:32 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/11/21 17:12:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2007/09/17 19:33:41 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/09/09 14:52:36 | 000,183,296 | ---- | C] () -- C:\Users\Ovenmitt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/08 12:51:58 | 000,023,888 | ---- | C] () -- C:\Users\Ovenmitt\AppData\Roaming\UserTile.png
[2007/05/08 10:17:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1272.dll
[2007/05/08 09:06:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/10 05:54:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/06 05:02:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,351,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,626,976 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,107,714 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 01:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 01:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/19 00:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 00:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/09 18:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004/09/16 14:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2003/11/16 03:48:02 | 000,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2003/11/16 03:48:00 | 001,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2003/11/15 10:54:18 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2002/10/06 16:42:58 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll

========== LOP Check ==========

[2008/12/31 21:39:28 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\CoreCodec
[2008/06/22 06:35:09 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\DAEMON Tools
[2007/09/08 15:51:07 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\JCreator
[2007/09/28 14:05:28 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\Nexon
[2007/09/08 12:51:58 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\PeerNetworking
[2009/08/03 07:00:11 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\RenPy
[2008/06/14 08:35:09 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\Secret of the Solstice
[2008/11/04 17:08:37 | 000,000,000 | ---D | M] -- C:\Users\Ovenmitt\AppData\Roaming\SlySoft
[2008/08/23 22:17:39 | 000,000,000 | ---D | M] -- C:\Users\Spatula\AppData\Roaming\DAEMON Tools
[2011/12/25 13:56:02 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: SPTD.SYS >
[2008/06/22 06:35:10 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2006/11/02 02:57:20 | 000,184,320 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{453D4B25-5BDA-4367-8EE3-D79FD7C8EE1E}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{DA131B7A-6BE7-425D-A35A-7684ECB2B9B7}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2006/11/02 02:57:26 | 000,035,840 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 04 01 02 01 05 01 03 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 5
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/11/02 03:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-25 19:29:38

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall >

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Activation Assistant for the 2007 Microsoft Office suites]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\avast]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CD Audio Reader Filter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CDex]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CloneCD]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_HDAUDIO]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30A5]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DC-Bass Source]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectVobSub]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DScaler 5 Mpeg Decoders_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ffdshow_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Giraffic]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gmask 1.70 English]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GOM Player]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HaaliMkx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDMI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HOMESTUDENTR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HPOOVClient-3572475 Uninstaller]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ImageViewer_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{97A96172-A963-4A37-9FFB-DA6805BB915A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InterActual Player]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IrfanView]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IvanView]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JCreator LE_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M953297]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MapleStory]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MONOGRAM AMR Splitter/Decoder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Movies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (2.0.0.11)]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSDN Library for Microsoft Visual Studio 2008 Express Editions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenSource Flash Video Splitter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealMedia]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 12.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafeConnect]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SHOUTcast Source]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST6UNST #1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SynTPDeinstKey]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tetris Planet_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Core Media Player]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Veoh Video Compass]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinAce Archiver]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoomPlayer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00170409-78E1-11D2-B60F-006097C998E7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0394CDC8-FABD-4ed8-B104-03393876DFDF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{07287123-B8AC-41CE-8346-3D777245C35B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D397393-9B50-4c52-84D5-77E344289F87}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15DD1D3C-8386-47D4-91A4-2D25FAFE1255}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18D10072035C4515918F7E37EAFAACFC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21E62565-8639-457C-B64C-A3FF0A8B4D80}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{228C6B46-64E2-404E-898A-EF0830603EF4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{254C37AA-6B72-4300-84F6-98A82419187E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216024FF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{32A3A4F4-B792-11D6-A78A-00B0D0160020}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{34D2AB40-150D-475D-AE32-BD23FB5EE355}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F7AED3-0C7D-4582-99F6-484A515C73F2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45D707E9-F3C4-11D9-A373-0050BAE317E1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56C64E81-FC93-4cb9-9EBF-953662950D3B}_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57752979-A1C9-4C02-856B-FBB27AC4E02C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62369F2F77534556AEF4C58152E3BDE5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{669D4A35-146B-4314-89F1-1AC3D7B88367}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6D52C408-B09A-4520-9B18-475B81D393F1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DE13770-01B7-4366-8DA6-48237793F445}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7585478E9D9B42108671C12F8714CEFE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83FFCFC7-88C6-41c6-8752-958A45325C82}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8ADC27DB-E2C8-446C-A576-166C05C2DD24}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8ADFC4160D694100B5B8A22DE9DCABD9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8C6027FD-53DC-446D-BB75-CACD7028A134}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0409-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{01D4CA59-7070-4420-9BCC-0EFA7C5D76BE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{536FB502-775F-4494-BACE-C02CC90B7A5B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{567103D1-96CD-4B76-93B9-2681A187DEFF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{5C497F0B-2061-4CC9-A61C-6B45B867354D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{643C12A2-AF9A-4712-B8BE-3B7650AFE00A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7F207DCA-3399-40CB-A968-6E5991B1421A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{AEA16A27-0B97-4670-818F-A98D06EC0A6F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B7873DF5-9E1C-45EE-8895-D29C6AE01202}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BF3F1CBD-B05C-4644-AE43-6EE0FCC227A4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C20964A7-5181-45E5-9E82-72F5D400DEBF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CD769337-C8AC-46DB-A7DC-643E50089263}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{97A96172-A963-4A37-9FFB-DA6805BB915A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{980A182F-E0A2-4A40-94C1-AE0C1235902E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C5770C-1C90-42E7-9B74-D47CFAF14621}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A80000000002}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B13A7C41581B411290FBC0395694E2A9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B222E134-CF77-43A3-AF7B-DE8618EB2862}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4C0A315-07FB-39F9-85CD-8CE20C019350}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B7050CBDB2504B34BC2A9CA0A692CC29}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C523D256-313D-4866-B36A-F3DE528246EF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D050D7362D214723AD585B541FFB6C11}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E4D02EF2-6F12-4BE9-9928-2F27DA01A915}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E56D39F8-2A9F-44B4-B068-A72E45A073E6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EC2A8F27-4FBF-4E41-B27B-FE822511B761}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE6097DD-05F4-4178-9719-D3170BF098E8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}]

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall >

< C:\Windows\assembly\tmp\U\*.* /s >

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP