Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

google redirects and everything

Started by jokerbane , Dec 29 2011 05:42 AM

  • Please log in to reply

#1
jokerbane
Posted 29 December 2011 - 05:42 AM

jokerbane

    Member

  • Member
  • PipPip
  • 11 posts
hello it all started when i had the windows 7 antivirus 2012 on my system somehow i deleted using several programs... i have used microsoft security essentials, malware, spy bot and a few others it gets rid of it yes BUT when i goto reboot my computer it says error cannot load windows and i have to restore the computer i have done this over and over sometimes my computer wont boot up this time it took about 2 hours it said windows had to repair files i do not know what else to do can you please please help me


OTL logfile created on: 12/29/2011 6:33:27 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\kidsbride08\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 46.35% Memory free
3.49 Gb Paging File | 2.28 Gb Available in Paging File | 65.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.02 Gb Total Space | 125.87 Gb Free Space | 57.47% Space Free | Partition Type: NTFS

Computer Name: KIDSBRIDE08-PC | User Name: kidsbride08 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/29 06:30:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\kidsbride08\Desktop\OTL.exe
PRC - [2011/12/29 05:17:52 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/07/13 20:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2007/05/16 10:18:00 | 001,856,544 | ---- | M] (Uniblue Software) -- C:\Program Files (x86)\Uniblue\RegistryBooster 2\RegistryBooster.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/29 05:17:54 | 000,316,928 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2011/12/29 05:17:54 | 000,275,968 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2011/12/29 05:17:54 | 000,168,448 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2011/12/29 05:17:54 | 000,099,840 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2011/12/29 05:17:54 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2011/12/29 05:17:54 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2011/12/29 05:17:54 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2011/12/29 05:17:54 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2011/12/29 05:17:54 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2011/12/29 05:17:54 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll
MOD - [2011/12/29 05:17:53 | 000,783,360 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
MOD - [2011/12/29 05:17:53 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2011/12/29 05:17:53 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2011/08/18 23:13:59 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2007/05/15 16:08:02 | 005,959,680 | ---- | M] () -- C:\Program Files (x86)\Uniblue\RegistryBooster 2\RegistryBooster.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/10 22:29:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/05 12:50:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2010/01/27 16:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010/03/10 22:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/10 21:34:06 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/22 15:00:12 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/05 19:49:04 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/27 20:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/07 22:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 22:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/10/05 11:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/01 13:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/08/23 21:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/10/09 10:21:04 | 000,082,480 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (sbtis)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002/09/16 16:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "PageRage Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.10.01
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.367
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "http://search.freeca...&type=62781&p="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.FilmFanatic.com/Plugin: C:\Program Files (x86)\FilmFanaticEI\Installr\1.bin\NPpaEISB.dll (FilmFanatic)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\kidsbride08\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\kidsbride08\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: [INSTALLDIR]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/27 07:29:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/25 04:49:13 | 000,000,000 | ---D | M]

[2011/02/20 02:54:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kidsbride08\AppData\Roaming\mozilla\Extensions
[2011/02/20 02:54:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kidsbride08\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/12/17 02:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kidsbride08\AppData\Roaming\mozilla\Firefox\Profiles\dcn0wi6c.default\extensions
[2011/12/17 02:52:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\kidsbride08\AppData\Roaming\mozilla\Firefox\Profiles\dcn0wi6c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/09 13:55:18 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\kidsbride08\AppData\Roaming\mozilla\Firefox\Profiles\dcn0wi6c.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/03/04 23:16:31 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\kidsbride08\AppData\Roaming\mozilla\Firefox\Profiles\dcn0wi6c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/12/16 15:26:20 | 000,001,919 | ---- | M] () -- C:\Users\kidsbride08\AppData\Roaming\Mozilla\Firefox\Profiles\dcn0wi6c.default\searchplugins\bing-zugo.xml
[2010/11/23 12:02:06 | 000,000,919 | ---- | M] () -- C:\Users\kidsbride08\AppData\Roaming\Mozilla\Firefox\Profiles\dcn0wi6c.default\searchplugins\conduit.xml
[2011/12/27 00:39:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/30 20:30:25 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2011/09/03 14:41:39 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/01/03 00:29:03 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
() (No name found) -- C:\USERS\KIDSBRIDE08\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DCN0WI6C.DEFAULT\EXTENSIONS\{AFE43E80-0ABC-4DF2-81A0-3FE44B74ABE8}.XPI
() (No name found) -- C:\USERS\KIDSBRIDE08\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DCN0WI6C.DEFAULT\EXTENSIONS\[email protected]
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\kidsbride08\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\kidsbride08\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\kidsbride08\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: FilmFanatic Installer Plugin Stub (Enabled) = C:\Program Files (x86)\FilmFanaticEI\Installr\1.bin\NPpaEISB.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\kidsbride08\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\kidsbride08\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\kidsbride08\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\kidsbride08\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2011/12/17 01:34:37 | 000,438,419 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15104 more lines...
O2:64bit: - BHO: (Gacela) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Gacela\x64\Gacela2.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKCU..\Run: [Uniblue RegistryBooster2] c:\program files (x86)\uniblue\registrybooster 2\StartRegistryBooster.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : About Gacela - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Gacela\x64\Gacela2.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1894257E-2D89-4205-9E74-E0338942FE0F}: DhcpNameServer = 40.5.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D19ECD7A-0C56-41AB-A195-28C2A21B5C07}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1601b060-d8f6-11df-b445-c80aa98f00ce}\Shell - "" = AutoRun
O33 - MountPoints2\{1601b060-d8f6-11df-b445-c80aa98f00ce}\Shell\AutoRun\command - "" = H:\ToolLauncher-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck xmnt2002 /bat="C:\Windows\TEMP\PQ_BATCH.PQB" /win="C:\Windows" /dbg="C:\Windows\TEMP\PQ_DEBUG.TXT" /ver=262144 /prd="PartitionMagic")
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/29 06:30:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\kidsbride08\Desktop\OTL.exe
[2011/12/29 06:25:47 | 000,646,144 | ---- | C] (OldTimer Tools) -- C:\Users\kidsbride08\Desktop\OTS.exe
[2011/12/29 06:24:09 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\kidsbride08\Desktop\OTM.exe
[2011/12/29 06:12:51 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\Desktop\registery back up
[2011/12/29 06:12:20 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\Desktop\erunt
[2011/12/28 20:21:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/28 00:59:14 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\AppData\Roaming\Avira
[2011/12/27 17:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/12/27 17:07:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/12/27 02:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/27 00:37:56 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\AppData\Local\Apps
[2011/12/27 00:37:54 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\AppData\Local\Deployment
[2011/12/26 23:50:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/25 07:08:03 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\AppData\Roaming\Sunbelt
[2011/12/25 06:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2011/12/25 06:11:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/12/25 05:15:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/12/25 04:49:22 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\AppData\Local\Microsoft Help
[2011/12/25 04:22:41 | 000,082,480 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\sbtis.sys
[2011/12/25 04:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sunbelt Software
[2011/12/25 00:38:29 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\AppData\Roaming\Malwarebytes
[2011/12/25 00:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/25 00:38:23 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/25 00:37:56 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\AppData\Roaming\GlarySoft
[2011/12/25 00:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2011/12/25 00:35:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2011/12/25 00:25:41 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/25 00:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2011/12/24 22:31:10 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/12/21 05:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2011/12/21 03:59:07 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2011/12/21 03:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP
[2011/12/21 03:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2011/12/17 03:45:28 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\AppData\Roaming\Uniblue
[2011/12/17 03:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2011/12/17 03:20:07 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\AppData\Roaming\Roxio Log Files
[2011/12/17 01:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/17 01:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/12/17 01:21:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/12/16 21:25:24 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/12/16 21:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/16 21:02:15 | 000,000,000 | ---D | C] -- C:\Windows\system64

========== Files - Modified Within 30 Days ==========

[2011/12/29 06:30:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\kidsbride08\Desktop\OTL.exe
[2011/12/29 06:25:47 | 000,646,144 | ---- | M] (OldTimer Tools) -- C:\Users\kidsbride08\Desktop\OTS.exe
[2011/12/29 06:24:09 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\kidsbride08\Desktop\OTM.exe
[2011/12/29 06:20:02 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4260624938-2356598229-4035547618-1001UA.job
[2011/12/29 06:12:08 | 000,513,320 | ---- | M] () -- C:\Users\kidsbride08\Desktop\erunt.zip
[2011/12/29 05:17:54 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/12/29 05:06:18 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 05:06:18 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 05:03:37 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/29 05:03:37 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/29 05:03:37 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/29 04:57:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/29 04:57:15 | 1405,272,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/27 16:27:51 | 000,002,056 | ---- | M] () -- C:\Users\kidsbride08\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/27 00:44:22 | 000,002,352 | ---- | M] () -- C:\Users\kidsbride08\Desktop\Google Chrome.lnk
[2011/12/27 00:39:27 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/26 23:33:35 | 000,009,604 | ---- | M] () -- C:\Users\kidsbride08\AppData\Local\c44sq8hl1q4e
[2011/12/26 23:33:35 | 000,009,604 | ---- | M] () -- C:\ProgramData\c44sq8hl1q4e
[2011/12/25 05:44:09 | 000,352,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/25 04:20:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4260624938-2356598229-4035547618-1001Core.job
[2011/12/25 00:36:31 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/12/25 00:36:25 | 000,000,976 | ---- | M] () -- C:\Users\kidsbride08\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2011/12/25 00:25:41 | 000,001,849 | ---- | M] () -- C:\Users\kidsbride08\Desktop\CCleaner.lnk
[2011/12/25 00:03:37 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2011/12/24 16:27:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\5MOrQs.dat
[2011/12/24 16:27:13 | 000,029,184 | ---- | M] () -- C:\Windows\SysWow64\xmwA5Yw.com
[2011/12/17 03:28:28 | 000,000,228 | ---- | M] () -- C:\Windows\tasks\0.job
[2011/12/17 02:04:44 | 000,000,910 | ---- | M] () -- C:\Windows\wininit.ini
[2011/12/17 01:34:37 | 000,438,419 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/17 01:33:40 | 000,438,419 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111217-013437.backup
[2011/12/16 21:25:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/12/16 21:01:38 | 000,331,264 | ---- | M] () -- C:\Users\kidsbride08\AppData\Local\khm.exe
[2011/12/16 21:01:38 | 000,331,264 | ---- | M] () -- C:\Users\kidsbride08\AppData\Local\eqw.exe
[2011/12/03 00:21:24 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForkidsbride08.job

========== Files Created - No Company Name ==========

[2011/12/29 06:12:07 | 000,513,320 | ---- | C] () -- C:\Users\kidsbride08\Desktop\erunt.zip
[2011/12/29 05:17:54 | 000,001,805 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011/12/29 05:17:54 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/12/27 00:44:22 | 000,002,352 | ---- | C] () -- C:\Users\kidsbride08\Desktop\Google Chrome.lnk
[2011/12/27 00:39:27 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/26 22:07:34 | 000,009,604 | ---- | C] () -- C:\Users\kidsbride08\AppData\Local\c44sq8hl1q4e
[2011/12/26 22:07:34 | 000,009,604 | ---- | C] () -- C:\ProgramData\c44sq8hl1q4e
[2011/12/25 00:36:31 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/12/25 00:36:25 | 000,000,976 | ---- | C] () -- C:\Users\kidsbride08\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2011/12/25 00:25:41 | 000,001,849 | ---- | C] () -- C:\Users\kidsbride08\Desktop\CCleaner.lnk
[2011/12/25 00:03:37 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2011/12/24 16:27:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\5MOrQs.dat
[2011/12/24 16:27:24 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\xmwA5Yw.com
[2011/12/17 03:28:28 | 000,000,228 | ---- | C] () -- C:\Windows\tasks\0.job
[2011/12/17 02:04:39 | 000,000,910 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/16 21:25:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/12/16 21:01:38 | 000,331,264 | ---- | C] () -- C:\Users\kidsbride08\AppData\Local\khm.exe
[2011/12/16 21:01:38 | 000,331,264 | ---- | C] () -- C:\Users\kidsbride08\AppData\Local\eqw.exe
[2011/06/16 00:47:10 | 000,008,704 | ---- | C] () -- C:\Users\kidsbride08\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/17 03:40:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/05/17 03:33:48 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/05/17 03:33:48 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/03/30 06:40:15 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/02/23 15:15:02 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/10/07 22:57:03 | 000,000,000 | ---D | M] -- C:\Users\kidsbride08\AppData\Roaming\AVG10
[2011/03/04 23:16:30 | 000,000,000 | ---D | M] -- C:\Users\kidsbride08\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/02/11 21:34:48 | 000,000,000 | ---D | M] -- C:\Users\kidsbride08\AppData\Roaming\eMusic
[2010/10/11 05:00:24 | 000,000,000 | ---D | M] -- C:\Users\kidsbride08\AppData\Roaming\Faerie Solitaire
[2011/01/21 16:39:44 | 000,000,000 | ---D | M] -- C:\Users\kidsbride08\AppData\Roaming\FrostWire
[2011/12/25 04:52:38 | 000,000,000 | ---D | M] -- C:\Users\kidsbride08\AppData\Roaming\GlarySoft
[2011/02/20 10:56:11 | 000,000,000 | ---D | M] -- C:\Users\kidsbride08\AppData\Roaming\LimeWire
[2011/03/30 17:43:02 | 000,000,000 | ---D | M] -- C:\Users\kidsbride08\AppData\Roaming\Opera
[2011/07/07 20:44:58 | 000,000,000 | ---D | M] -- C:\Users\kidsbride08\AppData\Roaming\PFStaticIP
[2011/03/17 02:28:46 | 000,000,000 | ---D | M] -- C:\Users\kidsbride08\AppData\Roaming\Pogo Games
[2011/12/21 03:07:04 | 000,000,000 | ---D | M] -- C:\Users\kidsbride08\AppData\Roaming\Uniblue
[2011/12/29 07:11:23 | 000,000,000 | ---D | M] -- C:\Users\kidsbride08\AppData\Roaming\uTorrent
[2011/12/17 03:28:28 | 000,000,228 | ---- | M] () -- C:\Windows\Tasks\0.job
[2011/12/25 00:36:31 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011/04/25 20:51:33 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:30E0D641
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:3CC01EE7

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 29 December 2011 - 03:55 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. Make sure that the column with the partition size is visible.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#3
jokerbane
Posted 29 December 2011 - 10:37 PM

jokerbane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
COMBOFIX

ComboFix 11-12-29.05 - kidsbride08 12/29/2011 21:50:17.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.1084 [GMT -5:00]
Running from: c:\users\kidsbride08\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Kaspersky Anti-Virus *Disabled/Outdated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Kaspersky Anti-Virus *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FilmFanaticEI
c:\program files (x86)\FilmFanaticEI\Installr\1.bin\NPpaEISb.dll
c:\program files (x86)\FilmFanaticEI\Installr\1.bin\paEIPlug.dll
c:\users\kidsbride08\AppData\Local\eqw.exe
c:\users\kidsbride08\AppData\Local\khm.exe
c:\users\kidsbride08\AppData\Roaming\Mozilla\Firefox\Profiles\dcn0wi6c.default\searchplugins\bing-zugo.xml
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\keywords
c:\windows\assembly\temp\kwrd.dll
c:\windows\system32\consrv.dll
c:\windows\system32\java.exe
c:\windows\System64
c:\windows\SysWow64\xmwA5Yw.com
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-28 05:59 . 2011-12-28 05:59 -------- d-----w- c:\users\kidsbride08\AppData\Roaming\Avira
2011-12-27 22:07 . 2011-12-27 22:07 -------- d-----w- c:\programdata\Avira
2011-12-27 22:07 . 2011-12-27 22:07 -------- d-----w- c:\program files (x86)\Avira
2011-12-27 07:22 . 2011-12-30 03:40 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-27 05:39 . 2011-12-21 07:24 121816 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-12-27 05:39 . 2011-12-21 07:24 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-27 05:39 . 2011-12-21 04:30 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-27 05:39 . 2011-12-21 04:30 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-27 05:39 . 2011-12-21 04:30 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-27 05:37 . 2011-12-30 03:33 -------- d-----w- c:\users\kidsbride08\AppData\Local\Apps
2011-12-27 05:37 . 2011-12-27 05:41 -------- d-----w- c:\users\kidsbride08\AppData\Local\Deployment
2011-12-27 04:50 . 2011-12-29 12:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-25 12:08 . 2011-12-25 12:08 -------- d-----w- c:\users\kidsbride08\AppData\Roaming\Sunbelt
2011-12-25 11:49 . 2011-12-25 11:49 -------- d-----w- c:\programdata\Sunbelt
2011-12-25 09:49 . 2011-12-25 09:49 -------- d-----w- c:\users\kidsbride08\AppData\Local\Microsoft Help
2011-12-25 09:22 . 2008-10-09 15:21 82480 ----a-w- c:\windows\system32\drivers\sbtis.sys
2011-12-25 09:22 . 2011-12-25 11:41 -------- d-----w- c:\program files (x86)\Sunbelt Software
2011-12-25 05:38 . 2011-12-25 05:38 -------- d-----w- c:\users\kidsbride08\AppData\Roaming\Malwarebytes
2011-12-25 05:38 . 2011-12-25 05:38 -------- d-----w- c:\programdata\Malwarebytes
2011-12-25 05:38 . 2010-01-07 21:07 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-25 05:37 . 2011-12-25 09:52 -------- d-----w- c:\users\kidsbride08\AppData\Roaming\GlarySoft
2011-12-25 05:35 . 2011-12-25 05:36 -------- d-----w- c:\program files (x86)\Glary Utilities
2011-12-25 05:25 . 2011-12-25 05:25 -------- d-----w- c:\program files (x86)\CCleaner
2011-12-25 03:31 . 2011-12-27 21:54 -------- d-----w- C:\found.000
2011-12-21 10:18 . 2011-12-30 03:28 -------- d-----w- c:\programdata\Recovery
2011-12-21 08:59 . 2011-12-30 03:41 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-12-21 08:57 . 2011-12-21 08:57 -------- d-----w- c:\program files (x86)\MSSOAP
2011-12-17 08:45 . 2011-12-21 08:07 -------- d-----w- c:\users\kidsbride08\AppData\Roaming\Uniblue
2011-12-17 08:44 . 2011-12-30 03:41 -------- d-----w- c:\program files (x86)\Uniblue
2011-12-17 08:20 . 2011-12-17 08:20 -------- d-----w- c:\users\kidsbride08\AppData\Roaming\Roxio Log Files
2011-12-17 06:23 . 2011-12-27 22:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-17 06:23 . 2011-12-17 08:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-12-17 06:21 . 2011-12-17 06:21 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-12-17 02:25 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-17 02:25 . 2011-12-21 11:52 -------- d-----w- c:\program files\AVAST Software
2011-12-15 03:49 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 03:48 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 03:48 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 03:48 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 03:48 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 03:48 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-05 15:17 . 2011-01-14 15:54 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-14 03:20 . 2010-12-21 04:17 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-11-14 03:19 . 2010-12-21 03:11 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-11-14 03:08 . 2010-12-21 03:09 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-11-14 03:08 . 2010-12-20 20:51 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-18 03:32 . 2011-10-18 03:32 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-18 03:21 . 2010-12-20 20:51 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-18 03:08 . 2010-12-20 20:51 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster2"="c:\program files (x86)\uniblue\registrybooster 2\StartRegistryBooster.exe" [2007-05-16 99872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck xmnt2002 /bat=c:\windows\TEMP\PQ_BATCH.PQB /win=c:\windows /dbg=c:\Windows\TEMP\PQ_DEBUG.TXT /ver=262144 /prd=PartitionMagic\0autocheck autochk *
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-02-05 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-17 c:\windows\Tasks\0.job
- c:\program files (x86)\internet explorer\iexplore.exe [2011-06-08 22:59]
.
2011-12-25 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-12-25 04:01]
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4260624938-2356598229-4035547618-1001Core.job
- c:\users\kidsbride08\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-26 05:59]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4260624938-2356598229-4035547618-1001UA.job
- c:\users\kidsbride08\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-26 05:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF17569.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D19ECD7A-0C56-41AB-A195-28C2A21B5C07}: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D19ECD7A-0C56-41AB-A195-28C2A21B5C07}\16563627D636: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D19ECD7A-0C56-41AB-A195-28C2A21B5C07}\74C6F62616C6355796475675962756C6563737: DhcpNameServer = 4.2.2.1
TCP: Interfaces\{D19ECD7A-0C56-41AB-A195-28C2A21B5C07}\C696E6B6379737: DhcpNameServer = 66.76.227.40 208.180.42.68
TCP: Interfaces\{D19ECD7A-0C56-41AB-A195-28C2A21B5C07}\D6164747: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D19ECD7A-0C56-41AB-A195-28C2A21B5C07}\F48696F60255E69667562737964797: DhcpNameServer = 132.235.64.1 132.235.64.2
FF - ProfilePath - c:\users\kidsbride08\AppData\Roaming\Mozilla\Firefox\Profiles\dcn0wi6c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - PageRage Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62781&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc,
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
ShellIconOverlayIdentifiers-{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2011-12-29 22:08:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-30 03:08
.
Pre-Run: 135,092,277,248 bytes free
Post-Run: 134,470,774,784 bytes free
.
- - End Of File - - CDDC8499F6AA49244495F7B686BA6618



TDSSKiller

22:11:16.0159 2040 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
22:11:16.0580 2040 ============================================================
22:11:16.0580 2040 Current date / time: 2011/12/29 22:11:16.0580
22:11:16.0580 2040 SystemInfo:
22:11:16.0580 2040
22:11:16.0580 2040 OS Version: 6.1.7600 ServicePack: 0.0
22:11:16.0580 2040 Product type: Workstation
22:11:16.0580 2040 ComputerName: KIDSBRIDE08-PC
22:11:16.0580 2040 UserName: kidsbride08
22:11:16.0580 2040 Windows directory: C:\Windows
22:11:16.0580 2040 System windows directory: C:\Windows
22:11:16.0580 2040 Running under WOW64
22:11:16.0580 2040 Processor architecture: Intel x64
22:11:16.0580 2040 Number of processors: 1
22:11:16.0580 2040 Page size: 0x1000
22:11:16.0580 2040 Boot type: Normal boot
22:11:16.0580 2040 ============================================================
22:11:17.0969 2040 Initialize success
22:11:33.0210 2256 ============================================================
22:11:33.0210 2256 Scan started
22:11:33.0210 2256 Mode: Manual;
22:11:33.0210 2256 ============================================================
22:11:35.0160 2256 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:11:35.0175 2256 1394ohci - ok
22:11:35.0347 2256 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:11:35.0347 2256 ACPI - ok
22:11:35.0456 2256 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:11:35.0456 2256 AcpiPmi - ok
22:11:35.0643 2256 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:11:35.0659 2256 adp94xx - ok
22:11:35.0737 2256 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:11:35.0753 2256 adpahci - ok
22:11:35.0815 2256 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:11:35.0815 2256 adpu320 - ok
22:11:36.0018 2256 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
22:11:36.0033 2256 AFD - ok
22:11:36.0111 2256 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:11:36.0111 2256 agp440 - ok
22:11:36.0283 2256 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:11:36.0283 2256 aliide - ok
22:11:36.0345 2256 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:11:36.0345 2256 amdide - ok
22:11:36.0517 2256 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:11:36.0517 2256 AmdK8 - ok
22:11:36.0845 2256 amdkmdag (f284da3156166b45d02acc3c228ade1e) C:\Windows\system32\DRIVERS\atipmdag.sys
22:11:36.0985 2256 amdkmdag - ok
22:11:37.0172 2256 amdkmdap (91e1daf0193bd2ab90b1b35c987237fe) C:\Windows\system32\DRIVERS\atikmpag.sys
22:11:37.0172 2256 amdkmdap - ok
22:11:37.0328 2256 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:11:37.0328 2256 AmdPPM - ok
22:11:37.0375 2256 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
22:11:37.0375 2256 amdsata - ok
22:11:37.0469 2256 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:11:37.0469 2256 amdsbs - ok
22:11:37.0531 2256 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
22:11:37.0531 2256 amdxata - ok
22:11:37.0625 2256 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:11:37.0625 2256 AppID - ok
22:11:37.0890 2256 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:11:37.0890 2256 arc - ok
22:11:37.0937 2256 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:11:37.0952 2256 arcsas - ok
22:11:38.0030 2256 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:11:38.0030 2256 AsyncMac - ok
22:11:38.0139 2256 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:11:38.0139 2256 atapi - ok
22:11:38.0358 2256 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
22:11:38.0405 2256 athr - ok
22:11:38.0592 2256 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
22:11:38.0592 2256 AtiPcie - ok
22:11:38.0795 2256 AVGIDSEH (656366fd0c0e2481a89196fb3d1be49a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
22:11:38.0795 2256 AVGIDSEH - ok
22:11:38.0982 2256 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:11:38.0982 2256 b06bdrv - ok
22:11:39.0091 2256 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:11:39.0091 2256 b57nd60a - ok
22:11:39.0263 2256 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:11:39.0263 2256 Beep - ok
22:11:39.0465 2256 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:11:39.0465 2256 blbdrive - ok
22:11:39.0528 2256 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
22:11:39.0528 2256 bowser - ok
22:11:39.0590 2256 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:11:39.0590 2256 BrFiltLo - ok
22:11:39.0637 2256 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:11:39.0637 2256 BrFiltUp - ok
22:11:39.0684 2256 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:11:39.0684 2256 Brserid - ok
22:11:39.0731 2256 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:11:39.0731 2256 BrSerWdm - ok
22:11:39.0746 2256 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:11:39.0746 2256 BrUsbMdm - ok
22:11:39.0793 2256 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:11:39.0793 2256 BrUsbSer - ok
22:11:40.0308 2256 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:11:40.0308 2256 BTHMODEM - ok
22:11:40.0355 2256 catchme - ok
22:11:40.0495 2256 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:11:40.0495 2256 cdfs - ok
22:11:40.0667 2256 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:11:40.0682 2256 cdrom - ok
22:11:40.0745 2256 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:11:40.0760 2256 circlass - ok
22:11:40.0807 2256 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:11:40.0823 2256 CLFS - ok
22:11:41.0010 2256 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:11:41.0010 2256 CmBatt - ok
22:11:41.0072 2256 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:11:41.0072 2256 cmdide - ok
22:11:41.0135 2256 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
22:11:41.0150 2256 CNG - ok
22:11:41.0306 2256 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:11:41.0306 2256 Compbatt - ok
22:11:41.0369 2256 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:11:41.0369 2256 CompositeBus - ok
22:11:41.0509 2256 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:11:41.0509 2256 crcdisk - ok
22:11:41.0743 2256 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
22:11:41.0743 2256 DfsC - ok
22:11:41.0821 2256 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:11:41.0837 2256 discache - ok
22:11:41.0915 2256 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:11:41.0915 2256 Disk - ok
22:11:42.0008 2256 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:11:42.0008 2256 drmkaud - ok
22:11:42.0071 2256 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
22:11:42.0071 2256 DXGKrnl - ok
22:11:42.0242 2256 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:11:42.0320 2256 ebdrv - ok
22:11:42.0507 2256 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:11:42.0523 2256 elxstor - ok
22:11:42.0570 2256 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:11:42.0570 2256 ErrDev - ok
22:11:42.0632 2256 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:11:42.0648 2256 exfat - ok
22:11:42.0679 2256 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:11:42.0695 2256 fastfat - ok
22:11:42.0757 2256 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:11:42.0757 2256 fdc - ok
22:11:42.0913 2256 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:11:42.0929 2256 FileInfo - ok
22:11:42.0975 2256 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:11:42.0975 2256 Filetrace - ok
22:11:43.0022 2256 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:11:43.0022 2256 flpydisk - ok
22:11:43.0085 2256 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:11:43.0100 2256 FltMgr - ok
22:11:43.0241 2256 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:11:43.0241 2256 FsDepends - ok
22:11:43.0350 2256 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:11:43.0350 2256 Fs_Rec - ok
22:11:43.0475 2256 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:11:43.0475 2256 fvevol - ok
22:11:43.0615 2256 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:11:43.0615 2256 gagp30kx - ok
22:11:43.0724 2256 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:11:43.0724 2256 GEARAspiWDM - ok
22:11:43.0787 2256 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:11:43.0787 2256 hcw85cir - ok
22:11:43.0880 2256 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:11:43.0896 2256 HdAudAddService - ok
22:11:43.0943 2256 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:11:43.0943 2256 HDAudBus - ok
22:11:43.0989 2256 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:11:44.0005 2256 HidBatt - ok
22:11:44.0067 2256 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:11:44.0067 2256 HidBth - ok
22:11:44.0114 2256 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:11:44.0114 2256 HidIr - ok
22:11:44.0255 2256 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:11:44.0255 2256 HidUsb - ok
22:11:44.0504 2256 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:11:44.0504 2256 HpSAMD - ok
22:11:44.0598 2256 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:11:44.0629 2256 HTTP - ok
22:11:44.0738 2256 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:11:44.0738 2256 hwpolicy - ok
22:11:44.0879 2256 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:11:44.0894 2256 i8042prt - ok
22:11:45.0066 2256 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
22:11:45.0081 2256 iaStorV - ok
22:11:45.0300 2256 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:11:45.0456 2256 igfx - ok
22:11:45.0596 2256 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:11:45.0596 2256 iirsp - ok
22:11:45.0752 2256 IntcAzAudAddService (a3bcbd0f710580a07d1b929d787d36ce) C:\Windows\system32\drivers\RTKVHD64.sys
22:11:45.0815 2256 IntcAzAudAddService - ok
22:11:45.0939 2256 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:11:45.0955 2256 intelide - ok
22:11:46.0002 2256 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:11:46.0002 2256 intelppm - ok
22:11:46.0064 2256 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:11:46.0064 2256 IpFilterDriver - ok
22:11:46.0127 2256 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:11:46.0142 2256 IPMIDRV - ok
22:11:46.0251 2256 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:11:46.0251 2256 IPNAT - ok
22:11:46.0423 2256 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:11:46.0423 2256 IRENUM - ok
22:11:46.0548 2256 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:11:46.0548 2256 isapnp - ok
22:11:46.0688 2256 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:11:46.0704 2256 iScsiPrt - ok
22:11:46.0813 2256 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:11:46.0813 2256 kbdclass - ok
22:11:46.0969 2256 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:11:46.0969 2256 kbdhid - ok
22:11:47.0141 2256 kl1 (db449f50e5141458eb58e64ffac4863f) C:\Windows\system32\DRIVERS\kl1.sys
22:11:47.0156 2256 kl1 - ok
22:11:47.0219 2256 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
22:11:47.0219 2256 KSecDD - ok
22:11:47.0265 2256 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
22:11:47.0265 2256 KSecPkg - ok
22:11:47.0359 2256 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:11:47.0359 2256 ksthunk - ok
22:11:47.0593 2256 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:11:47.0593 2256 lltdio - ok
22:11:47.0811 2256 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:11:47.0811 2256 LSI_FC - ok
22:11:47.0858 2256 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:11:47.0858 2256 LSI_SAS - ok
22:11:47.0921 2256 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:11:47.0921 2256 LSI_SAS2 - ok
22:11:48.0030 2256 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:11:48.0030 2256 LSI_SCSI - ok
22:11:48.0092 2256 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:11:48.0092 2256 luafv - ok
22:11:48.0155 2256 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:11:48.0155 2256 megasas - ok
22:11:48.0233 2256 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:11:48.0248 2256 MegaSR - ok
22:11:48.0295 2256 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:11:48.0311 2256 Modem - ok
22:11:48.0389 2256 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:11:48.0389 2256 monitor - ok
22:11:48.0560 2256 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:11:48.0560 2256 mouclass - ok
22:11:48.0747 2256 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:11:48.0747 2256 mouhid - ok
22:11:48.0810 2256 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:11:48.0810 2256 mountmgr - ok
22:11:48.0872 2256 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
22:11:48.0872 2256 mpio - ok
22:11:48.0903 2256 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:11:48.0903 2256 mpsdrv - ok
22:11:48.0966 2256 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:11:48.0966 2256 MRxDAV - ok
22:11:49.0044 2256 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:11:49.0044 2256 mrxsmb - ok
22:11:49.0091 2256 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:11:49.0091 2256 mrxsmb10 - ok
22:11:49.0137 2256 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:11:49.0153 2256 mrxsmb20 - ok
22:11:49.0184 2256 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
22:11:49.0200 2256 msahci - ok
22:11:49.0247 2256 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
22:11:49.0247 2256 msdsm - ok
22:11:49.0356 2256 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:11:49.0356 2256 Msfs - ok
22:11:49.0434 2256 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:11:49.0434 2256 mshidkmdf - ok
22:11:49.0496 2256 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:11:49.0496 2256 msisadrv - ok
22:11:49.0668 2256 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:11:49.0668 2256 MSKSSRV - ok
22:11:49.0715 2256 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:11:49.0715 2256 MSPCLOCK - ok
22:11:49.0777 2256 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:11:49.0777 2256 MSPQM - ok
22:11:49.0824 2256 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:11:49.0824 2256 MsRPC - ok
22:11:49.0871 2256 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:11:49.0871 2256 mssmbios - ok
22:11:49.0949 2256 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:11:49.0949 2256 MSTEE - ok
22:11:50.0011 2256 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:11:50.0011 2256 MTConfig - ok
22:11:50.0073 2256 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:11:50.0073 2256 Mup - ok
22:11:50.0214 2256 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:11:50.0229 2256 NativeWifiP - ok
22:11:50.0417 2256 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:11:50.0417 2256 NDIS - ok
22:11:50.0479 2256 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:11:50.0479 2256 NdisCap - ok
22:11:50.0588 2256 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:11:50.0588 2256 NdisTapi - ok
22:11:50.0775 2256 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:11:50.0775 2256 Ndisuio - ok
22:11:50.0822 2256 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:11:50.0838 2256 NdisWan - ok
22:11:50.0885 2256 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:11:50.0885 2256 NDProxy - ok
22:11:50.0963 2256 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:11:50.0963 2256 NetBIOS - ok
22:11:51.0009 2256 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:11:51.0025 2256 NetBT - ok
22:11:51.0353 2256 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
22:11:51.0493 2256 netw5v64 - ok
22:11:51.0633 2256 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:11:51.0649 2256 nfrd960 - ok
22:11:51.0743 2256 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:11:51.0758 2256 Npfs - ok
22:11:51.0836 2256 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:11:51.0836 2256 nsiproxy - ok
22:11:51.0945 2256 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
22:11:52.0008 2256 Ntfs - ok
22:11:52.0055 2256 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:11:52.0055 2256 Null - ok
22:11:52.0117 2256 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
22:11:52.0133 2256 nvraid - ok
22:11:52.0195 2256 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
22:11:52.0195 2256 nvstor - ok
22:11:52.0257 2256 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:11:52.0257 2256 nv_agp - ok
22:11:52.0335 2256 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:11:52.0335 2256 ohci1394 - ok
22:11:52.0413 2256 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:11:52.0413 2256 Parport - ok
22:11:52.0460 2256 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
22:11:52.0460 2256 partmgr - ok
22:11:52.0523 2256 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:11:52.0523 2256 pci - ok
22:11:52.0554 2256 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:11:52.0554 2256 pciide - ok
22:11:52.0601 2256 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:11:52.0616 2256 pcmcia - ok
22:11:52.0647 2256 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:11:52.0647 2256 pcw - ok
22:11:52.0710 2256 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:11:52.0710 2256 PEAUTH - ok
22:11:52.0835 2256 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:11:52.0835 2256 PptpMiniport - ok
22:11:52.0866 2256 PQNTDrv - ok
22:11:52.0913 2256 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:11:52.0913 2256 Processor - ok
22:11:52.0975 2256 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:11:52.0991 2256 Psched - ok
22:11:53.0131 2256 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:11:53.0178 2256 ql2300 - ok
22:11:53.0334 2256 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:11:53.0334 2256 ql40xx - ok
22:11:53.0396 2256 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:11:53.0396 2256 QWAVEdrv - ok
22:11:53.0427 2256 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:11:53.0427 2256 RasAcd - ok
22:11:53.0521 2256 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:11:53.0521 2256 RasAgileVpn - ok
22:11:53.0583 2256 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:11:53.0583 2256 Rasl2tp - ok
22:11:53.0630 2256 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:11:53.0630 2256 RasPppoe - ok
22:11:53.0708 2256 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:11:53.0708 2256 RasSstp - ok
22:11:53.0755 2256 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:11:53.0755 2256 rdbss - ok
22:11:53.0786 2256 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:11:53.0802 2256 rdpbus - ok
22:11:53.0833 2256 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:11:53.0833 2256 RDPCDD - ok
22:11:53.0942 2256 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:11:53.0942 2256 RDPENCDD - ok
22:11:54.0005 2256 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:11:54.0005 2256 RDPREFMP - ok
22:11:54.0067 2256 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
22:11:54.0083 2256 RDPWD - ok
22:11:54.0176 2256 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
22:11:54.0176 2256 rdyboost - ok
22:11:54.0332 2256 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:11:54.0348 2256 rspndr - ok
22:11:54.0457 2256 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\system32\Drivers\RtsUStor.sys
22:11:54.0473 2256 RSUSBSTOR - ok
22:11:54.0629 2256 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:11:54.0644 2256 RTL8167 - ok
22:11:54.0722 2256 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:11:54.0738 2256 sbp2port - ok
22:11:54.0941 2256 sbtis (f9c85b83954b976702aa8e61b77d9c68) C:\Windows\system32\drivers\sbtis.sys
22:11:54.0956 2256 sbtis - ok
22:11:55.0019 2256 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:11:55.0019 2256 scfilter - ok
22:11:55.0206 2256 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
22:11:55.0221 2256 sdbus - ok
22:11:55.0409 2256 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:11:55.0409 2256 secdrv - ok
22:11:55.0487 2256 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:11:55.0487 2256 Serenum - ok
22:11:55.0533 2256 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:11:55.0549 2256 Serial - ok
22:11:55.0596 2256 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:11:55.0611 2256 sermouse - ok
22:11:55.0689 2256 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
22:11:55.0689 2256 sffdisk - ok
22:11:55.0736 2256 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:11:55.0736 2256 sffp_mmc - ok
22:11:55.0814 2256 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:11:55.0814 2256 sffp_sd - ok
22:11:55.0924 2256 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:11:55.0924 2256 sfloppy - ok
22:11:56.0080 2256 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:11:56.0095 2256 SiSRaid2 - ok
22:11:56.0173 2256 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:11:56.0173 2256 SiSRaid4 - ok
22:11:56.0329 2256 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:11:56.0329 2256 Smb - ok
22:11:56.0548 2256 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:11:56.0563 2256 spldr - ok
22:11:56.0641 2256 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
22:11:56.0641 2256 srv - ok
22:11:56.0672 2256 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
22:11:56.0688 2256 srv2 - ok
22:11:56.0750 2256 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:11:56.0750 2256 SrvHsfHDA - ok
22:11:56.0922 2256 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:11:56.0953 2256 SrvHsfV92 - ok
22:11:57.0125 2256 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:11:57.0156 2256 SrvHsfWinac - ok
22:11:57.0218 2256 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
22:11:57.0218 2256 srvnet - ok
22:11:57.0312 2256 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:11:57.0312 2256 stexstor - ok
22:11:57.0359 2256 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:11:57.0359 2256 swenum - ok
22:11:57.0530 2256 SynTP (91853f78b68f9f036670291f5edd4eae) C:\Windows\system32\DRIVERS\SynTP.sys
22:11:57.0546 2256 SynTP - ok
22:11:57.0718 2256 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
22:11:57.0827 2256 Tcpip - ok
22:11:58.0264 2256 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
22:11:58.0279 2256 TCPIP6 - ok
22:11:58.0342 2256 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:11:58.0342 2256 tcpipreg - ok
22:11:58.0404 2256 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:11:58.0404 2256 TDPIPE - ok
22:11:58.0435 2256 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:11:58.0435 2256 TDTCP - ok
22:11:58.0498 2256 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:11:58.0513 2256 tdx - ok
22:11:58.0544 2256 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:11:58.0544 2256 TermDD - ok
22:11:58.0607 2256 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:11:58.0622 2256 tssecsrv - ok
22:11:58.0700 2256 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:11:58.0700 2256 tunnel - ok
22:11:58.0763 2256 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:11:58.0778 2256 uagp35 - ok
22:11:58.0841 2256 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
22:11:58.0856 2256 udfs - ok
22:11:58.0919 2256 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:11:58.0934 2256 uliagpkx - ok
22:11:59.0012 2256 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:11:59.0012 2256 umbus - ok
22:11:59.0059 2256 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:11:59.0059 2256 UmPass - ok
22:11:59.0153 2256 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
22:11:59.0153 2256 USBAAPL64 - ok
22:11:59.0215 2256 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\drivers\usbccgp.sys
22:11:59.0215 2256 usbccgp - ok
22:11:59.0262 2256 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:11:59.0262 2256 usbcir - ok
22:11:59.0340 2256 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
22:11:59.0340 2256 usbehci - ok
22:11:59.0512 2256 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
22:11:59.0512 2256 usbfilter - ok
22:11:59.0683 2256 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
22:11:59.0699 2256 usbhub - ok
22:11:59.0730 2256 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys
22:11:59.0730 2256 usbohci - ok
22:11:59.0777 2256 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:11:59.0777 2256 usbprint - ok
22:11:59.0824 2256 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:11:59.0824 2256 USBSTOR - ok
22:11:59.0917 2256 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
22:11:59.0933 2256 usbuhci - ok
22:12:00.0089 2256 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
22:12:00.0089 2256 usbvideo - ok
22:12:00.0198 2256 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:12:00.0198 2256 vdrvroot - ok
22:12:00.0370 2256 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:12:00.0385 2256 vga - ok
22:12:00.0432 2256 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:12:00.0432 2256 VgaSave - ok
22:12:00.0479 2256 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:12:00.0494 2256 vhdmp - ok
22:12:00.0541 2256 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:12:00.0541 2256 viaide - ok
22:12:00.0588 2256 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
22:12:00.0588 2256 volmgr - ok
22:12:00.0697 2256 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:12:00.0697 2256 volmgrx - ok
22:12:00.0838 2256 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:12:00.0838 2256 volsnap - ok
22:12:00.0947 2256 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:12:00.0962 2256 vsmraid - ok
22:12:01.0103 2256 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:12:01.0103 2256 vwifibus - ok
22:12:01.0290 2256 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:12:01.0290 2256 vwififlt - ok
22:12:01.0399 2256 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:12:01.0415 2256 vwifimp - ok
22:12:01.0555 2256 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:12:01.0571 2256 WacomPen - ok
22:12:01.0742 2256 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:12:01.0742 2256 WANARP - ok
22:12:01.0774 2256 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:12:01.0774 2256 Wanarpv6 - ok
22:12:01.0945 2256 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:12:01.0945 2256 Wd - ok
22:12:02.0023 2256 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:12:02.0039 2256 Wdf01000 - ok
22:12:02.0242 2256 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:12:02.0242 2256 WfpLwf - ok
22:12:02.0288 2256 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:12:02.0288 2256 WIMMount - ok
22:12:02.0522 2256 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
22:12:02.0522 2256 WinUsb - ok
22:12:02.0585 2256 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:12:02.0585 2256 WmiAcpi - ok
22:12:02.0678 2256 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:12:02.0678 2256 ws2ifsl - ok
22:12:02.0756 2256 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
22:12:02.0756 2256 WudfPf - ok
22:12:02.0819 2256 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:12:02.0819 2256 WUDFRd - ok
22:12:02.0928 2256 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
22:12:02.0944 2256 yukonw7 - ok
22:12:03.0037 2256 MBR (0x1B8) (d1527ff5ad1666f72aec2fe7108f6213) \Device\Harddisk0\DR0
22:12:03.0053 2256 \Device\Harddisk0\DR0 - ok
22:12:03.0084 2256 Boot (0x1200) (42dd3ce2e20085b6d0fd24b00e380e7a) \Device\Harddisk0\DR0\Partition0
22:12:03.0084 2256 \Device\Harddisk0\DR0\Partition0 - ok
22:12:03.0100 2256 Boot (0x1200) (e5549d47eb8ea18c2892d85790efd70f) \Device\Harddisk0\DR0\Partition1
22:12:03.0100 2256 \Device\Harddisk0\DR0\Partition1 - ok
22:12:03.0131 2256 Boot (0x1200) (9f0a15be5d2481a8e882cd25316f3d89) \Device\Harddisk0\DR0\Partition2
22:12:03.0131 2256 \Device\Harddisk0\DR0\Partition2 - ok
22:12:03.0146 2256 Boot (0x1200) (d4452a3ec9d3b51990c821fbcd31e381) \Device\Harddisk0\DR0\Partition3
22:12:03.0146 2256 \Device\Harddisk0\DR0\Partition3 - ok
22:12:03.0162 2256 ============================================================
22:12:03.0162 2256 Scan finished
22:12:03.0162 2256 ============================================================
22:12:03.0162 2208 Detected object count: 0
22:12:03.0162 2208 Actual detected object count: 0
22:12:43.0816 0824 Deinitialize success
  • 0

#4
jokerbane
Posted 29 December 2011 - 10:40 PM

jokerbane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2011-12-29 22:13:25
-----------------------------
22:13:25.535 OS Version: Windows x64 6.1.7600
22:13:25.535 Number of processors: 1 586 0x603
22:13:25.535 ComputerName: KIDSBRIDE08-PC UserName: kidsbride08
22:13:26.908 Initialize success
22:15:29.151 AVAST engine defs: 11122901
22:15:44.455 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
22:15:44.455 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 11
22:15:44.502 Disk 0 MBR read successfully
22:15:44.502 Disk 0 MBR scan
22:15:44.517 Disk 0 unknown MBR code
22:15:44.533 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
22:15:44.548 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 224286 MB offset 409600
22:15:44.580 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13898 MB offset 459735040
22:15:44.611 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 109 MB offset 488183808
22:15:44.626 Service scanning
22:15:45.703 Modules scanning
22:15:45.718 Scan finished successfully
22:16:30.100 Disk 0 MBR has been saved successfully to "C:\Users\kidsbride08\Desktop\MBR.dat"
22:16:30.100 The log file has been saved successfully to "C:\Users\kidsbride08\Desktop\aswMBR.txt"



Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.30.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
kidsbride08 :: KIDSBRIDE08-PC [administrator]

Protection: Disabled

12/29/2011 10:19:24 PM
mbam-log-2011-12-29 (22-19-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 173753
Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




OTL logfile created on: 12/29/2011 10:26:51 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\kidsbride08\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 58.17% Memory free
3.49 Gb Paging File | 2.70 Gb Available in Paging File | 77.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.02 Gb Total Space | 125.21 Gb Free Space | 57.17% Space Free | Partition Type: NTFS

Computer Name: KIDSBRIDE08-PC | User Name: kidsbride08 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/27 00:49:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\kidsbride08\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/10 22:29:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/05 12:50:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2010/01/27 16:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010/03/10 22:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/10 21:34:06 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/22 15:00:12 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/05 19:49:04 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/27 20:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/07 22:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 22:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/10/05 11:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/01 13:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/08/23 21:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/10/09 10:21:04 | 000,082,480 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (sbtis)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002/09/16 16:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "PageRage Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.10.01
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.367
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "http://search.freeca...&type=62781&p="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.FilmFanatic.com/Plugin: C:\Program Files (x86)\FilmFanaticEI\Installr\1.bin\NPpaEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\kidsbride08\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\kidsbride08\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: [INSTALLDIR]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/29 22:41:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/25 04:49:13 | 000,000,000 | ---D | M]

[2011/02/20 02:54:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kidsbride08\AppData\Roaming\mozilla\Extensions
[2011/02/20 02:54:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kidsbride08\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/12/17 02:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kidsbride08\AppData\Roaming\mozilla\Firefox\Profiles\dcn0wi6c.default\extensions
[2011/12/17 02:52:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\kidsbride08\AppData\Roaming\mozilla\Firefox\Profiles\dcn0wi6c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/09 13:55:18 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\kidsbride08\AppData\Roaming\mozilla\Firefox\Profiles\dcn0wi6c.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/03/04 23:16:31 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\kidsbride08\AppData\Roaming\mozilla\Firefox\Profiles\dcn0wi6c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/11/23 12:02:06 | 000,000,919 | ---- | M] () -- C:\Users\kidsbride08\AppData\Roaming\Mozilla\Firefox\Profiles\dcn0wi6c.default\searchplugins\conduit.xml
[2011/12/29 22:32:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/30 20:30:25 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2011/09/03 14:41:39 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/01/03 00:29:03 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
() (No name found) -- C:\USERS\KIDSBRIDE08\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DCN0WI6C.DEFAULT\EXTENSIONS\{AFE43E80-0ABC-4DF2-81A0-3FE44B74ABE8}.XPI
() (No name found) -- C:\USERS\KIDSBRIDE08\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DCN0WI6C.DEFAULT\EXTENSIONS\[email protected]
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\kidsbride08\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\kidsbride08\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\kidsbride08\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: FilmFanatic Installer Plugin Stub (Enabled) = C:\Program Files (x86)\FilmFanaticEI\Installr\1.bin\NPpaEISB.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\kidsbride08\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\kidsbride08\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\kidsbride08\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\kidsbride08\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2011/12/29 22:01:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Gacela) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Gacela\x64\Gacela2.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKCU..\Run: [Uniblue RegistryBooster2] c:\Program Files (x86)\Uniblue\RegistryBooster 2\StartRegistryBooster.exe (Uniblue Software)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : About Gacela - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Gacela\x64\Gacela2.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\pnrpnsp.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1894257E-2D89-4205-9E74-E0338942FE0F}: DhcpNameServer = 40.5.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D19ECD7A-0C56-41AB-A195-28C2A21B5C07}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck xmnt2002 /bat=C:\Windows\TEMP\PQ_BATCH.PQB /win=C:\Windows /dbg=C:\Windows\TEMP\PQ_DEBUG.TXT /ver=262144 /prd=PartitionMagic)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/29 22:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/29 22:08:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/29 21:48:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/29 21:48:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/29 21:48:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/29 21:48:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/29 21:47:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/29 21:44:19 | 000,061,440 | ---- | C] ( ) -- C:\Users\kidsbride08\Desktop\VEW.exe
[2011/12/29 21:43:16 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\kidsbride08\Desktop\mbam-setup-1.60.0.1800.exe
[2011/12/29 21:42:07 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Users\kidsbride08\Desktop\aswMBR.exe
[2011/12/29 21:41:39 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\kidsbride08\Desktop\tdsskiller.exe
[2011/12/29 21:41:09 | 004,356,196 | R--- | C] (Swearware) -- C:\Users\kidsbride08\Desktop\ComboFix.exe
[2011/12/28 20:21:19 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/12/28 00:59:14 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\AppData\Roaming\Avira
[2011/12/27 17:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/12/27 17:07:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/12/27 02:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/27 00:49:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\kidsbride08\Desktop\OTL.exe
[2011/12/27 00:37:56 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\AppData\Local\Apps
[2011/12/27 00:37:54 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\AppData\Local\Deployment
[2011/12/26 23:50:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/25 07:08:03 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\AppData\Roaming\Sunbelt
[2011/12/25 06:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2011/12/25 06:11:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/12/25 05:15:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/12/25 04:49:22 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\AppData\Local\Microsoft Help
[2011/12/25 04:22:41 | 000,082,480 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\sbtis.sys
[2011/12/25 04:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sunbelt Software
[2011/12/25 04:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistryBooster 2
[2011/12/25 00:38:29 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\AppData\Roaming\Malwarebytes
[2011/12/25 00:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/25 00:38:23 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/25 00:37:56 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\AppData\Roaming\GlarySoft
[2011/12/25 00:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2011/12/25 00:35:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2011/12/25 00:25:41 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/25 00:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2011/12/24 22:31:10 | 000,000,000 | ---D | C] -- C:\found.000
[2011/12/21 05:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2011/12/21 03:59:07 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2011/12/21 03:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP
[2011/12/21 03:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2011/12/17 03:45:28 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\AppData\Roaming\Uniblue
[2011/12/17 03:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2011/12/17 03:20:07 | 000,000,000 | ---D | C] -- C:\Users\kidsbride08\AppData\Roaming\Roxio Log Files
[2011/12/17 01:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/17 01:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/12/17 01:21:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/12/16 21:25:24 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/12/16 21:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/15 12:51:52 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/15 12:51:51 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/15 12:51:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/15 12:51:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/15 12:51:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/15 12:51:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/15 12:51:45 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/15 12:51:45 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/15 12:51:44 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/15 12:51:44 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/15 12:51:42 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/14 22:49:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 22:48:51 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 22:48:51 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

========== Files - Modified Within 30 Days ==========

[2011/12/29 22:20:02 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4260624938-2356598229-4035547618-1001UA.job
[2011/12/29 22:18:27 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/29 22:16:30 | 000,000,512 | ---- | M] () -- C:\Users\kidsbride08\Desktop\MBR.dat
[2011/12/29 22:11:40 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 22:11:40 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 22:08:19 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/29 22:08:19 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/29 22:08:19 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/29 22:01:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/29 22:01:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/29 22:01:26 | 1405,272,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/29 21:44:20 | 000,061,440 | ---- | M] ( ) -- C:\Users\kidsbride08\Desktop\VEW.exe
[2011/12/29 21:43:32 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\kidsbride08\Desktop\mbam-setup-1.60.0.1800.exe
[2011/12/29 21:42:16 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Users\kidsbride08\Desktop\aswMBR.exe
[2011/12/29 21:41:40 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\kidsbride08\Desktop\tdsskiller.exe
[2011/12/29 21:41:13 | 004,356,196 | R--- | M] (Swearware) -- C:\Users\kidsbride08\Desktop\ComboFix.exe
[2011/12/29 21:37:25 | 000,002,056 | ---- | M] () -- C:\Users\kidsbride08\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/27 00:49:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\kidsbride08\Desktop\OTL.exe
[2011/12/27 00:44:22 | 000,002,352 | ---- | M] () -- C:\Users\kidsbride08\Desktop\Google Chrome.lnk
[2011/12/27 00:39:27 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/26 23:33:35 | 000,009,604 | ---- | M] () -- C:\Users\kidsbride08\AppData\Local\c44sq8hl1q4e
[2011/12/26 23:33:35 | 000,009,604 | ---- | M] () -- C:\ProgramData\c44sq8hl1q4e
[2011/12/25 05:44:09 | 000,352,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/25 04:20:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4260624938-2356598229-4035547618-1001Core.job
[2011/12/25 04:11:57 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster 2.lnk
[2011/12/25 00:36:31 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/12/25 00:36:25 | 000,000,976 | ---- | M] () -- C:\Users\kidsbride08\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2011/12/25 00:25:41 | 000,001,849 | ---- | M] () -- C:\Users\kidsbride08\Desktop\CCleaner.lnk
[2011/12/25 00:03:37 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2011/12/24 16:27:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\5MOrQs.dat
[2011/12/17 03:28:28 | 000,000,228 | ---- | M] () -- C:\Windows\tasks\0.job
[2011/12/17 02:04:44 | 000,000,910 | ---- | M] () -- C:\Windows\wininit.ini
[2011/12/17 01:33:40 | 000,438,419 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111217-013437.backup
[2011/12/16 21:25:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/12/29 22:18:27 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/29 22:16:30 | 000,000,512 | ---- | C] () -- C:\Users\kidsbride08\Desktop\MBR.dat
[2011/12/29 21:48:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/29 21:48:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/29 21:48:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/29 21:48:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/29 21:48:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/27 00:44:22 | 000,002,352 | ---- | C] () -- C:\Users\kidsbride08\Desktop\Google Chrome.lnk
[2011/12/27 00:39:27 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/26 22:07:34 | 000,009,604 | ---- | C] () -- C:\Users\kidsbride08\AppData\Local\c44sq8hl1q4e
[2011/12/26 22:07:34 | 000,009,604 | ---- | C] () -- C:\ProgramData\c44sq8hl1q4e
[2011/12/25 04:11:57 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster 2.lnk
[2011/12/25 00:36:31 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/12/25 00:36:25 | 000,000,976 | ---- | C] () -- C:\Users\kidsbride08\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2011/12/25 00:25:41 | 000,001,849 | ---- | C] () -- C:\Users\kidsbride08\Desktop\CCleaner.lnk
[2011/12/25 00:03:37 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2011/12/24 16:27:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\5MOrQs.dat
[2011/12/17 03:28:28 | 000,000,228 | ---- | C] () -- C:\Windows\tasks\0.job
[2011/12/17 02:04:39 | 000,000,910 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/16 21:25:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/06/16 00:47:10 | 000,008,704 | ---- | C] () -- C:\Users\kidsbride08\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/17 03:40:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/05/17 03:33:48 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/05/17 03:33:48 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/03/30 06:40:15 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/02/23 15:15:02 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:30E0D641
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:3CC01EE7

< End of report >
  • 0

#5
jokerbane
Posted 29 December 2011 - 11:02 PM

jokerbane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL Extras logfile created on: 12/29/2011 10:26:51 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\kidsbride08\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 58.17% Memory free
3.49 Gb Paging File | 2.70 Gb Available in Paging File | 77.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.02 Gb Total Space | 125.21 Gb Free Space | 57.17% Space Free | Partition Type: NTFS

Computer Name: KIDSBRIDE08-PC | User Name: kidsbride08 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "c:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "c:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{477EE3A9-4B53-0F22-DB40-277ED46E9E72}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
"{C3F0426C-175D-39B7-7A14-D6B21952DE5E}" = ATI Catalyst Install Manager
"{E6BC696E-5E96-4C1B-9371-379AF3A46B6B}" = HP Wireless Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AD3D4FC-0B19-B2F2-376A-E6BF36BA342B}" = ccc-core-static
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1E27900B-E594-DCA9-10DB-C87A8318991C}" = CCC Help French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{31F4E558-F8A8-170E-BD85-BAD4EE739991}" = CCC Help Hungarian
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5124C3E2-5BE8-3FFA-F958-CF0C99961566}" = CCC Help Swedish
"{53839C74-42E0-72E8-0369-C9713A319A26}" = Catalyst Control Center InstallProxy
"{54F17069-7E87-A85A-9078-6F5B06AF21A3}" = CCC Help German
"{6048D442-6C92-D73C-D248-02C1D4038C3E}" = CCC Help Finnish
"{608A6E25-720C-8171-F887-F7664A23CA0C}" = CCC Help Norwegian
"{60FA1132-0486-41F9-B747-6D308C284D1C}" = Catalyst Control Center - Branding
"{60FAD0EE-2F87-FAEB-FE05-0CDCF8179884}" = CCC Help Thai
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6CAABDBA-F58D-565C-D36E-6D573B1B8E44}" = Catalyst Control Center Graphics Light
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7908E6E5-4BBC-756D-A235-2CFCC142685D}" = CCC Help English
"{854DDB9E-D488-065B-9FEF-18C159E451AF}" = Catalyst Control Center Graphics Previews Vista
"{85BCA864-BDC8-9299-C6AC-C032301D018C}" = Catalyst Control Center Graphics Full New
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87553C1A-35F4-142A-AC88-86B663F7F136}" = CCC Help Czech
"{88146D95-5AEC-96BD-3107-A59328CE35BF}" = CCC Help Chinese Traditional
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B8797ED-6E75-FEBA-7210-90A2462B5DA7}" = CCC Help Japanese
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90C2329F-2EE2-5035-21B8-14F2F240D976}" = CCC Help Turkish
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.4 MUI
"{B75E2857-9A0D-EE0D-B332-A05FBECDDB83}" = Catalyst Control Center Graphics Previews Common
"{BA8D33B9-40B5-BC33-1F48-C2ADC90ABA95}" = CCC Help Italian
"{BD50BAF8-8DBD-C054-ACAA-EB7300A09B5F}" = CCC Help Korean
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3CBA627-2962-C9B2-6698-C89658757EB9}" = Catalyst Control Center Localization All
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE8F47D8-1C4D-48F3-F9F3-3D5DFCC75C24}" = Catalyst Control Center Core Implementation
"{CF4EFF53-CA7D-9479-3E18-AB6253497A95}" = CCC Help Russian
"{D19E881A-4A1E-A947-717F-B8DA93AE2EDA}" = CCC Help Chinese Standard
"{D89D0D05-670D-D6C5-71DA-7C52F754F75F}" = CCC Help Dutch
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{E3148F44-518B-3232-58CA-77DB808E255F}" = Catalyst Control Center Graphics Full Existing
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EC67E77D-7873-A1B1-17E1-263E10748EEF}" = CCC Help Danish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F220D637-1086-83C2-EA21-25AF1FE47BEC}" = CCC Help Polish
"{F4693A78-2E6C-2A26-B833-E13A4A5DACB4}" = CCC Help Greek
"{FD122F1F-A640-082D-F4CB-F01259A956B6}" = CCC Help Portuguese
"{FDE722A1-1AEF-0641-D5D1-BA4C464BAB4C}" = CCC Help Spanish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner (remove only)
"Glary Utilities_is1" = Glary Utilities 2.19.0.800
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"uTorrent" = µTorrent

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/21/2011 3:53:24 AM | Computer Name = kidsbride08-PC | Source = System Restore | ID = 8193
Description =

Error - 12/21/2011 4:03:10 AM | Computer Name = kidsbride08-PC | Source = System Restore | ID = 8193
Description =

Error - 12/21/2011 4:05:46 AM | Computer Name = kidsbride08-PC | Source = System Restore | ID = 8193
Description =

Error - 12/21/2011 4:06:44 AM | Computer Name = kidsbride08-PC | Source = System Restore | ID = 8193
Description =

Error - 12/21/2011 4:18:11 AM | Computer Name = kidsbride08-PC | Source = System Restore | ID = 8193
Description =

Error - 12/21/2011 6:52:41 PM | Computer Name = kidsbride08-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description =

Error - 12/21/2011 6:54:23 PM | Computer Name = kidsbride08-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 12/25/2011 1:24:53 AM | Computer Name = kidsbride08-PC | Source = System Restore | ID = 8193
Description =

Error - 12/25/2011 5:37:35 AM | Computer Name = kidsbride08-PC | Source = EventSystem | ID = 4621
Description =

Error - 12/25/2011 6:07:29 AM | Computer Name = kidsbride08-PC | Source = MsiInstaller | ID = 11905
Description =

[ Hewlett-Packard Events ]
Error - 10/20/2010 9:29:58 PM | Computer Name = kidsbride08-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

[ HP Wireless Assistant Events ]
Error - 12/29/2011 10:51:19 PM | Computer Name = kidsbride08-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/29/2011 10:51:35 PM | Computer Name = kidsbride08-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/29/2011 10:52:05 PM | Computer Name = kidsbride08-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/29/2011 10:54:53 PM | Computer Name = kidsbride08-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/29/2011 10:55:08 PM | Computer Name = kidsbride08-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/29/2011 10:56:15 PM | Computer Name = kidsbride08-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/29/2011 10:57:06 PM | Computer Name = kidsbride08-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/29/2011 10:57:37 PM | Computer Name = kidsbride08-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/29/2011 10:58:28 PM | Computer Name = kidsbride08-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/29/2011 10:58:43 PM | Computer Name = kidsbride08-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ Media Center Events ]
Error - 11/11/2011 11:27:26 AM | Computer Name = kidsbride08-PC | Source = MCUpdate | ID = 0
Description = 10:27:24 AM - Error connecting to the internet. 10:27:25 AM - Unable
to contact server..

Error - 11/11/2011 11:27:42 AM | Computer Name = kidsbride08-PC | Source = MCUpdate | ID = 0
Description = 10:27:31 AM - Error connecting to the internet. 10:27:31 AM - Unable
to contact server..

Error - 11/11/2011 11:31:17 PM | Computer Name = kidsbride08-PC | Source = MCUpdate | ID = 0
Description = 10:31:17 PM - Error connecting to the internet. 10:31:17 PM - Unable
to contact server..

Error - 11/11/2011 11:31:34 PM | Computer Name = kidsbride08-PC | Source = MCUpdate | ID = 0
Description = 10:31:22 PM - Error connecting to the internet. 10:31:22 PM - Unable
to contact server..

Error - 11/12/2011 11:08:38 AM | Computer Name = kidsbride08-PC | Source = MCUpdate | ID = 0
Description = 10:08:37 AM - Error connecting to the internet. 10:08:38 AM - Unable
to contact server..

Error - 11/12/2011 11:09:01 AM | Computer Name = kidsbride08-PC | Source = MCUpdate | ID = 0
Description = 10:08:45 AM - Error connecting to the internet. 10:08:45 AM - Unable
to contact server..

Error - 11/12/2011 11:39:56 PM | Computer Name = kidsbride08-PC | Source = MCUpdate | ID = 0
Description = 10:39:56 PM - Error connecting to the internet. 10:39:56 PM - Unable
to contact server..

Error - 11/12/2011 11:40:12 PM | Computer Name = kidsbride08-PC | Source = MCUpdate | ID = 0
Description = 10:40:01 PM - Error connecting to the internet. 10:40:01 PM - Unable
to contact server..

Error - 11/13/2011 11:38:32 AM | Computer Name = kidsbride08-PC | Source = MCUpdate | ID = 0
Description = 10:38:31 AM - Error connecting to the internet. 10:38:32 AM - Unable
to contact server..

Error - 11/13/2011 11:38:47 AM | Computer Name = kidsbride08-PC | Source = MCUpdate | ID = 0
Description = 10:38:37 AM - Error connecting to the internet. 10:38:37 AM - Unable
to contact server..

[ System Events ]
Error - 12/29/2011 11:00:05 PM | Computer Name = kidsbride08-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/29/2011 11:00:16 PM | Computer Name = kidsbride08-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/29/2011 11:01:20 PM | Computer Name = kidsbride08-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\PQNTDrv.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 12/29/2011 11:01:45 PM | Computer Name = kidsbride08-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 12/29/2011 11:01:46 PM | Computer Name = kidsbride08-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 12/29/2011 11:01:47 PM | Computer Name = kidsbride08-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 12/29/2011 11:01:47 PM | Computer Name = kidsbride08-PC | Source = Service Control Manager | ID = 7003
Description = The Internet Connection Sharing (ICS) service depends the following
service: BFE. This service might not be installed.

Error - 12/29/2011 11:03:01 PM | Computer Name = kidsbride08-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 12/29/2011 11:04:34 PM | Computer Name = kidsbride08-PC | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
error: %%2

Error - 12/29/2011 11:04:34 PM | Computer Name = kidsbride08-PC | Source = Service Control Manager | ID = 7000
Description = The HP Wireless Assistant Service service failed to start due to the
following error: %%31


< End of report >


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 29/12/2011 11:28:50 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/12/2011 3:55:16 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The HP Health Check Service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 30/12/2011 3:54:06 AM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Log: 'System' Date/Time: 30/12/2011 3:53:07 AM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 30/12/2011 3:53:07 AM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 30/12/2011 3:53:03 AM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 30/12/2011 3:53:03 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

Log: 'System' Date/Time: 30/12/2011 3:52:40 AM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\SystemRoot\SysWow64\Drivers\PQNTDrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/12/2011 3:52:16 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/12/2011 12:02:10 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Attached Thumbnails

  • scrren shot.jpg

  • 0

#6
RKinner
Posted 29 December 2011 - 11:54 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Uninstall
Java™ 6 Update 17 (64-bit) -Get latest from Java.com use 64 bit IE
Java™ 6 Update 22 - get latest from java.com
Adobe Reader 9.4.4 MUI - get latest from adobe
Adobe Flash Player 10 ActiveX - get latest from adobe use IE
Adobe Flash Player 10 Plugin - get latest from adobe use Firefox or Chrome
Uniblue RegistryBooster 2 Registry does not need boosting
µTorrent - P2P is dangerous.

Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: [INSTALLDIR]
O2:64bit: - BHO: (Gacela) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Gacela\x64\Gacela2.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKCU..\Run: [Uniblue RegistryBooster2] c:\Program Files (x86)\Uniblue\RegistryBooster 2\StartRegistryBooster.exe (Uniblue Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : About Gacela - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Gacela\x64\Gacela2.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL File not found
[2011/12/26 22:07:34 | 000,009,604 | ---- | C] () -- C:\Users\kidsbride08\AppData\Local\c44sq8hl1q4e
[2011/12/26 22:07:34 | 000,009,604 | ---- | C] () -- C:\ProgramData\c44sq8hl1q4e
[2011/12/24 16:27:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\5MOrQs.dat
[2011/12/21 03:59:07 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2011/12/25 04:11:57 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster 2.lnk
[2011/12/25 00:36:31 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/12/26 23:33:35 | 000,009,604 | ---- | M] () -- C:\Users\kidsbride08\AppData\Local\c44sq8hl1q4e
[2011/12/26 23:33:35 | 000,009,604 | ---- | M] () -- C:\ProgramData\c44sq8hl1q4e
[2011/12/17 03:28:28 | 000,000,228 | ---- | C] () -- C:\Windows\tasks\0.job
[2011/12/17 02:04:39 | 000,000,910 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/16 21:25:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg /c
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

This will also create a file winsock2.reg on your desktop. This is an insurance file so just leave it for now.

Start, (All) Programs, Accessories then right click on Command Prompt and select Run As Admin. Type with an Enter after the line:
netsh winsock reset catalog

Then reboot. See if you can get on line. If not rightclick on the winsock2.reg file and allow it to merge then reboot. That should fix it. If not the latest Restore Point should work for you.


Looks like the malware is gone but it damaged your registry a bit.


BFE. This service might not be installed.



Download and Save the attached BFE64.zip file. Right click on it and Extract All. This will create a folder called BFE64. Inside the folder will be two files. BFE64.reg and mpssvc.reg.

Right click on BFE64.reg and select MERGE. Allow it to merge into the registry. Report any errors you get.

Right click on mpssvc.reg and select MERGE. Allow it to merge into the registry. Report any errors you get.

Reboot.

Start, (All) Programs, Accessories then right click on Command Prompt and select Run As Admin.

Type with an Enter after each line:

net  start  bfe

(We want it to say
"The requested service has already been started

More help is available by typing NET HELPMSG 2182"

but it likely will say Access Denied. If you get Access Denied then:

Go into regedit, (Start, Search, regedit, doubleclick, Continue) navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
(Find HKEY_LOCAL_MACHINE\SYSTEM and click on the + in front of it. Find CurrentControlSet and click on its plus. Click on Services) then right click on Services and select Permissions then click Add.
Type in
NT Service\bfe
and click on Check Name. (It will change your typing to BFE ) OK. You should be back on the first Permissions page. Now select BFE on the permission page and click on the first box to the right of Full Control (Allow column). Then Apply. Reboot and do the 
net  start  bfe
command again and see if BFE has already been started.

Start, (All) Programs, Accessories then right click on Command Prompt and select Run As Admin.

Type with an Enter after each line:

net  start  bfe

(also check the mpssvc which is Windows Firewall)

net  start  mpssvc

Ron
  • 0

#7
jokerbane
Posted 30 December 2011 - 01:44 AM

jokerbane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ron
thank you very much everything to be fine now everything you told me to do worked just fine and seems to be no problems if i can ask you a couple of things first what is a good uninstall program i saw when i ran a few programs for you it said sunbelt i unistalled that a while ago and a few other things also what is a good program used to update stuff on my pc i remember back in the day was a good program called cnet catch up that scanned your whole pc and showed you what needed updating and last a good program for cleaning out your pc but again i want to tell you how grateful i am and yo saved me throwing it out the window thank you again

Edited by jokerbane, 30 December 2011 - 01:50 AM.

  • 0

#8
RKinner
Posted 30 December 2011 - 02:07 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
The freeware version of Revo Uninstaller seems to be pretty good:
http://www.revounins...e_download.html

To keep files uptodate you can try FileHippo's Updatechecker
http://www.filehippo.../updatechecker/
or Secunia PSI
http://secunia.com/v...nning/personal/

We need to make sure the Windows Firewall services is working. Also the Security Center.

Right click on (My) Computer and select Manage then Services and Applications then Services and scroll down in the right pane. See if you see Security Center and also Windows Firewall. Are they both there and Started?

Let's also check your alarms to see if there is any other damage:


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.



Ron
  • 0

#9
jokerbane
Posted 30 December 2011 - 03:02 AM

jokerbane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
the firewall was fine but i did not see the security

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/12/2011 3:58:49 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/12/2011 8:26:58 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The HP Health Check Service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 30/12/2011 8:23:55 AM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\SystemRoot\SysWow64\Drivers\PQNTDrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/12/2011 8:23:29 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.



Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/12/2011 4:00:09 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#10
RKinner
Posted 30 December 2011 - 11:07 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Download and Save the Attached file:

mpssvc fix(1).zip

Right click on it and Extract All.

Right click on the .reg file and Merge.

Reboot and see if you have Security Center in Services - is it Started?



Your PowerQuest PartitionMagic 8.0 is not happy. Doesn't seem like its driver is qualified for 64 bit

\SystemRoot\SysWow64\Drivers\PQNTDrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Something called the HP Health Check Service is not happy. This is something you can download from HP support or if you don't need it you can just go into Services, find it then right click on it and change the Startup Type: to Disabled. Apply.

The HP Health Check Service service failed to start due to the following error: The system cannot find the file specified.


I don't see an anti-virus. Just a fragment from AVG.
Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe

Run the Avg Remover

Download and Save the free Avast installer.
http://www.avast.com...ivirus-download


Install the free Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

The log file can be found in text form in C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt or C:\ProgramData\Avast Software\Avast5\report\aswboot.txt. If you can find it copy and paste it.
  • 0

Advertisements

#11
jokerbane
Posted 31 December 2011 - 07:57 PM

jokerbane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
i checked i still did not see security services all i found was security account managaer is it labeled just security services and partition magic i unistalled and same with hp i also downloaded microsoft security essentials before i saw this what scan did you want me to do with that
  • 0

#12
RKinner
Posted 31 December 2011 - 09:46 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
It's called Security Center

Appears it has gotten lost.

Download and Save the attached mscsvc.zip file. Right click on it and Extract All. Right click on mscsvc.reg and Install.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after the line:

sc start mscsvc

(Does it start or say it is already started or do you get a different Error?)
  • 0

#13
jokerbane
Posted 01 January 2012 - 01:28 AM

jokerbane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
hello i did what you said and it says this

The specified service does not exist as an installed service.
  • 0

#14
RKinner
Posted 01 January 2012 - 02:08 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Did it give you an error when you tried to Merge it?

Copy the next line:

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc > \junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the line should appear. Hit Enter.

Type:

notepad \junk.txt

It should say something like:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
"DisplayName"="@%SystemRoot%\\System32\\wscsvc.dll,-200"
"ErrorControl"=dword:00000001
"ImagePath"= etc.

Does it or does it say it couldn't find it. If it couldn't find it then you will need to take ownership of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services

Start, Run, regedit, OK

Locate HKEY_LOCAL_MACHINE

and click on the + in front of it.

Now find SYSTEM

and click on its +

Now find CurrentControlSet

and click on its +

Now find Services and just click on it.

Right click on Services and select Permissions.

Click Advanced, and then click the Owner tab.

Under Change owner to,
Select Administrators then click OK.

You should be back at the Permissions page. Click on Administrators then verify that Full Control is checked in the Allow column at the bottom.

Close regedit.

Right click on mscsvc.reg and Merge.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after the line:

sc start mscsvc


Then Does it work this time?
  • 0

#15
jokerbane
Posted 01 January 2012 - 10:56 PM

jokerbane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ok when i copied it to notepad this is what it said

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc
Type REG_DWORD 0x20
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
DependOnService REG_MULTI_SZ RpcSs\0WinMgmt
ObjectName REG_SZ NT AUTHORITY\LocalService
RequiredPrivileges REG_MULTI_SZ SeChangeNotifyPrivilege\0SeImpersonatePrivilege
DelayedAutoStart REG_DWORD 0x1
FailureActions REG_BINARY 805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
DisplayName REG_SZ @%SystemRoot%\System32\wscsvc.dll,-200
Description REG_SZ @%SystemRoot%\System32\wscsvc.dll,-201
ServiceSidType REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Security


when i did ownership and merged the file then went in to command prompt and tried to start it it said this

[SC] StartService: OpenService FAILED 1060:
The specified service does not exist as an installed service.



also do you have any idea why now all of the sudden i cant change anything in my excel documents or wordpad everything is opening up in compatability mode and i cant save anything or edit anything
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP