Jump to content

Google Redirect


Recommended Posts

So I'm fairly confident I have the Google Redirect virus, although nothing I've scanned with so far has found it. I mean, my newfound education of these other 2,000 search sites wasn't something I chose to learn about...

I figured you guys are the pros right so here's what I got:

I ran defogger twice as I never got an error and I never got the reboot message, so I figured I misclicked something. Attached the log file just in case, and I rebooted anyways although I never got the message and proceeded like normal.

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Kate at 2:28:41 on 2011-07-22

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6142.4319 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Windows\system32\UI0Detect.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

C:\Users\Kate\AppData\Local\Apps\2.0\6LDE7PE0.Z0K\9TKOW100.7J0\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\SysWOW64\ctfmon.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Kate\Desktop\j881kuyi.exe

C:\Users\Kate\Desktop\dds.scr

C:\Windows\SysWOW64\WSCRIPT.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

StartupFolder: C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\cqjbz7mz.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 60667

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}

FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}

FF - Ext: XUL Cache: {9e15fe74-a6df-4ac9-af10-02aaaca9f6a4} - %profile%\extensions\{9e15fe74-a6df-4ac9-af10-02aaaca9f6a4}

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-7-20 42184]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-7-6 375176]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-1-11 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-1-30 366640]

R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2011-4-22 6438264]

R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-10 136176]

S2 THREADORDER32;Thread Ordering Server ;C:\Windows\system32\sqmapi32.exe --> C:\Windows\system32\sqmapi32.exe [?]

S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2011-1-27 21712]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-2-6 25640]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-10 136176]

S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-1-25 30528]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]

S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2011-1-25 72304]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]

S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 430424]

.

=============== Created Last 30 ================

.

2011-07-21 00:40:04 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-07-21 00:39:59 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-07-21 00:39:28 40112 ----a-w- C:\Windows\avastSS.scr

2011-07-21 00:39:12 -------- d-----w- C:\ProgramData\AVAST Software

2011-07-21 00:39:12 -------- d-----w- C:\Program Files\AVAST Software

2011-07-19 10:36:28 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5C681ADB-7B5D-4AF3-8050-0E212B6A13B2}\mpengine.dll

2011-07-19 06:31:02 -------- d-----w- C:\Windows\System32\appmgmt

2011-07-19 06:25:38 -------- d-----w- C:\Users\Kate\AppData\Local\PreEmptive Solutions

2011-07-19 03:36:59 -------- d-----w- C:\Program Files (x86)\REM

2011-07-17 01:22:39 -------- d-----w- C:\Users\Kate\AppData\Local\ElevatedDiagnostics

2011-07-14 12:11:09 -------- d-----w- C:\ProgramData\EA Games

2011-07-14 10:00:17 -------- d--h--w- C:\Windows\PIF

2011-07-14 10:00:17 -------- d-----w- C:\ProgramData\Media Center Programs

2011-07-07 05:13:56 -------- d-----w- C:\Program Files (x86)\Carina Software

2011-07-03 02:54:01 -------- d-----w- C:\Users\Kate\AppData\Local\SCE

2011-07-01 03:36:39 -------- d-s---w- C:\Windows\SysWow64\Microsoft

2011-06-24 01:39:24 -------- d-----w- C:\Program Files (x86)\StarCraft II

.

==================== Find3M ====================

.

2011-07-07 00:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-07 00:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-07-06 21:33:18 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll

2011-07-06 21:33:06 80768 ----a-w- C:\Windows\System32\LMIinit.dll

2011-07-06 21:33:06 33152 ----a-w- C:\Windows\System32\LMIport.dll

2011-07-03 02:53:38 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-26 04:50:40 30528 ----a-w- C:\Windows\GVTDrv64.sys

2011-06-26 04:50:25 25640 ----a-w- C:\Windows\gdrv.sys

2011-06-23 22:29:06 25640 ----a-w- C:\Windows\etdrv.sys

2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys

2011-06-08 18:06:32 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak

2011-06-06 19:23:18 1649016 ----a-w- C:\Windows\System32\Wacom_Tablet.dll

2011-06-06 19:23:18 1355128 ----a-w- C:\Windows\SysWow64\Wacom_Tablet.dll

2011-06-06 19:23:18 1336696 ----a-w- C:\Windows\System32\Wintab32.dll

2011-06-06 19:23:18 1100664 ----a-w- C:\Windows\SysWow64\Wintab32.dll

2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe

2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-05-25 00:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll

2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll

2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll

2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll

2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll

2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll

2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe

2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe

2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe

2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll

2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll

2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll

2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll

2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll

2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll

2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe

2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe

2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe

2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-05-01 04:51:17 255352 ----a-w- C:\Windows\SysWow64\awrdscdc.ax

2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-04-27 09:48:16 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll

2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

.

============= FINISH: 2:30:18.65 ===============

Attach.zip

mbam-log-2011-07-21 (07-48-14).txt

defogger_disable.log

Link to post
Share on other sites

hi :welcome:

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

Step 1

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Things I would like to see in your reply:

  • aswMBR log
  • OTL.txt and Extras.txt

Link to post
Share on other sites

aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software

Run date: 2011-07-23 17:57:33

-----------------------------

17:57:33.310 OS Version: Windows x64 6.1.7601 Service Pack 1

17:57:33.310 Number of processors: 4 586 0x403

17:57:33.310 ComputerName: KATE-PC UserName: Kate

17:57:35.291 Initialize success

17:57:35.385 AVAST engine defs: 11072302

17:57:40.080 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

17:57:40.080 Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953865MB BusType: 3

17:57:40.096 Disk 0 MBR read successfully

17:57:40.096 Disk 0 MBR scan

17:57:40.096 Disk 0 Windows 7 default MBR code

17:57:40.096 Service scanning

17:57:41.796 Modules scanning

17:57:41.796 Disk 0 trace - called modules:

17:57:41.796 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

17:57:41.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80062a3060]

17:57:41.796 3 CLASSPNP.SYS[fffff8800165a43f] -> nt!IofCallDriver -> [0xfffffa8005302670]

17:57:41.796 5 ACPI.sys[fffff88000ed47a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005331060]

17:57:42.935 AVAST engine scan C:\Windows

17:57:44.667 AVAST engine scan C:\Windows\system32

17:58:36.771 AVAST engine scan C:\Windows\system32\drivers

17:58:48.954 AVAST engine scan C:\Users\Kate

18:07:16.922 AVAST engine scan C:\ProgramData

18:10:34.105 Scan finished successfully

18:26:07.798 Disk 0 MBR has been saved successfully to "C:\Users\Kate\Desktop\MBR.dat"

18:26:07.801 The log file has been saved successfully to "C:\Users\Kate\Desktop\aswMBR.txt"

Link to post
Share on other sites

OTL logfile created on: 7/23/2011 6:28:32 PM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Kate\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.38 Gb Available Physical Memory | 56.37% Memory free

11.99 Gb Paging File | 9.25 Gb Available in Paging File | 77.11% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 662.63 Gb Free Space | 71.14% Space Free | Partition Type: NTFS

Drive D: | 158.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KATE-PC | User Name: Kate | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/23 17:57:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Kate\Desktop\OTL.scr

PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/07/04 06:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/06/23 17:04:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

========== Modules (SafeList) ==========

MOD - [2011/07/23 17:57:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Kate\Desktop\OTL.scr

MOD - [2011/07/04 06:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll

MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2011/06/06 14:23:18 | 006,438,264 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)

SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2010/04/06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/07/06 16:32:58 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)

SRV - [2011/07/06 16:32:52 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2011/02/02 03:20:02 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/01/11 19:04:04 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)

SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010/01/18 21:31:26 | 000,072,304 | R--- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011/07/06 16:33:18 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV:64bit: - [2011/07/04 06:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/23 00:13:22 | 000,920,864 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/01/11 19:04:04 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV:64bit: - [2011/01/11 19:04:00 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010/11/17 07:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)

DRV:64bit: - [2010/11/02 16:07:54 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV:64bit: - [2010/10/25 10:59:32 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV:64bit: - [2010/10/25 10:59:28 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2010/04/27 12:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)

DRV:64bit: - [2010/03/22 04:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2010/01/27 03:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2010/01/26 22:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)

DRV:64bit: - [2009/12/17 17:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2009/11/20 06:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2009/11/20 06:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2009/08/09 16:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2011/06/25 23:50:40 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)

DRV - [2011/06/25 23:50:25 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2011/06/23 17:29:06 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)

DRV - [2011/01/27 06:21:43 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)

DRV - [2011/01/11 19:04:04 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)

DRV - [2008/11/14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 68 02 02 A1 45 57 4B B0 04 6B 79 4B C0 69 E1 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 68 02 02 A1 45 57 4B B0 04 6B 79 4B C0 69 E1 [binary data]

IE - HKU\S-1-5-21-178733886-2313030153-1870758614-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-178733886-2313030153-1870758614-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-178733886-2313030153-1870758614-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 25 16 B3 3B 47 CC 01 [binary data]

IE - HKU\S-1-5-21-178733886-2313030153-1870758614-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 68 02 02 A1 45 57 4B B0 04 6B 79 4B C0 69 E1 [binary data]

IE - HKU\S-1-5-21-178733886-2313030153-1870758614-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-178733886-2313030153-1870758614-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0

FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9

FF - prefs.js..extensions.enabledItems: {9e15fe74-a6df-4ac9-af10-02aaaca9f6a4}:1.0

FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 60667

FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/26 17:54:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/04/07 17:37:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/20 19:39:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/23 22:07:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/23 17:04:12 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/26 17:54:24 | 000,000,000 | ---D | M]

[2011/01/25 21:51:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kate\AppData\Roaming\Mozilla\Extensions

[2011/07/23 18:05:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\cqjbz7mz.default\extensions

[2011/07/16 16:59:36 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\cqjbz7mz.default\extensions\{9e15fe74-a6df-4ac9-af10-02aaaca9f6a4}

[2011/05/12 09:20:38 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\cqjbz7mz.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}

[2011/07/14 03:47:51 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\cqjbz7mz.default\extensions\LogMeInClient@logmein.com

[2011/05/31 19:00:21 | 000,000,000 | ---D | M] (LogMeIn, Inc. Rescue Technician Console) -- C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\cqjbz7mz.default\extensions\TechnicianConsole@logmeinrescue.com

[2011/05/20 12:56:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/04/07 17:37:42 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES (X86)\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}

[2011/07/20 19:39:36 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2010/03/27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll

O1 HOSTS File: ([2011/04/07 17:06:24 | 000,000,922 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found

O4 - Startup: C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-178733886-2313030153-1870758614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-21-178733886-2313030153-1870758614-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-178733886-2313030153-1870758614-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-178733886-2313030153-1870758614-1000\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-178733886-2313030153-1870758614-1000\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/09/07 19:08:01 | 000,000,051 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{8cd975ec-6d33-11e0-887f-1c6f659eec6e}\Shell - "" = AutoRun

O33 - MountPoints2\{8cd975ec-6d33-11e0-887f-1c6f659eec6e}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe

O33 - MountPoints2\{8e088fcf-2fa2-11e0-879d-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{8e088fcf-2fa2-11e0-879d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2007/10/10 11:15:30 | 000,364,544 | R--- | M] (Carina Software )

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/23 17:57:17 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Kate\Desktop\OTL.scr

[2011/07/22 02:06:43 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\Kate\Desktop\dds.scr

[2011/07/21 13:15:19 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kate\Desktop\HijackThis.exe

[2011/07/20 19:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2011/07/20 19:40:12 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2011/07/20 19:40:11 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2011/07/20 19:40:07 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys

[2011/07/20 19:40:05 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2011/07/20 19:40:04 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2011/07/20 19:39:59 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2011/07/20 19:39:58 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2011/07/20 19:39:28 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2011/07/20 19:39:22 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2011/07/20 19:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2011/07/20 19:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2011/07/20 19:28:31 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Kate\Desktop\aswMBR.exe

[2011/07/19 01:31:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

[2011/07/19 01:25:38 | 000,000,000 | ---D | C] -- C:\Users\Kate\AppData\Local\PreEmptive Solutions

[2011/07/18 22:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REM

[2011/07/18 22:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REM

[2011/07/18 22:28:37 | 000,000,000 | ---D | C] -- C:\Users\Kate\Desktop\E-Series-Mobile-Viewer-ver-1

[2011/07/16 20:22:39 | 000,000,000 | ---D | C] -- C:\Users\Kate\AppData\Local\ElevatedDiagnostics

[2011/07/14 07:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Games

[2011/07/14 05:00:32 | 000,000,000 | ---D | C] -- C:\Users\Kate\Documents\EA Games

[2011/07/14 05:00:17 | 000,000,000 | -H-D | C] -- C:\Windows\PIF

[2011/07/14 05:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs

[2011/07/12 03:28:04 | 000,000,000 | ---D | C] -- C:\Users\Kate\Desktop\Rawr WPF 4.2.1

[2011/07/07 00:15:05 | 000,000,000 | ---D | C] -- C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Carina Software

[2011/07/07 00:13:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Carina Software

[2011/07/02 21:54:01 | 000,000,000 | ---D | C] -- C:\Users\Kate\AppData\Local\SCE

[2011/06/30 22:36:39 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft

[2011/06/28 16:49:49 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet

[2011/06/23 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II

[2011/06/23 20:39:24 | 000,000,000 | ---D | C] -- C:\Users\Kate\Documents\StarCraft II

[2011/06/23 20:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II

[2011/06/23 20:39:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II

========== Files - Modified Within 30 Days ==========

[2011/07/23 18:26:07 | 000,000,512 | ---- | M] () -- C:\Users\Kate\Desktop\MBR.dat

[2011/07/23 18:00:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/23 17:57:20 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Kate\Desktop\aswMBR.exe

[2011/07/23 17:57:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Kate\Desktop\OTL.scr

[2011/07/23 14:43:09 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/23 14:43:09 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/23 10:00:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/22 15:02:46 | 000,202,457 | ---- | M] () -- C:\Users\Kate\Desktop\johnsontravis.pdf

[2011/07/22 12:59:10 | 000,001,228 | ---- | M] () -- C:\Users\Kate\Desktop\World of Warcraft.lnk

[2011/07/22 05:19:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/22 05:19:31 | 534,945,791 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/22 02:38:47 | 000,004,568 | ---- | M] () -- C:\Users\Kate\Desktop\Attach.zip

[2011/07/22 02:26:02 | 000,302,592 | ---- | M] () -- C:\Users\Kate\Desktop\j881kuyi.exe

[2011/07/22 02:06:46 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\Kate\Desktop\dds.scr

[2011/07/22 02:04:06 | 000,000,000 | ---- | M] () -- C:\Users\Kate\defogger_reenable

[2011/07/22 02:02:45 | 000,050,477 | ---- | M] () -- C:\Users\Kate\Desktop\Defogger.exe

[2011/07/21 13:15:21 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kate\Desktop\HijackThis.exe

[2011/07/21 12:19:03 | 000,876,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/07/21 12:19:03 | 000,728,916 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/07/21 12:19:03 | 000,146,874 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/07/20 19:40:14 | 000,001,876 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2011/07/20 19:39:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2011/07/20 19:32:18 | 056,727,728 | ---- | M] () -- C:\Users\Kate\Desktop\setup_av_free.exe

[2011/07/20 13:42:29 | 000,001,456 | ---- | M] () -- C:\Users\Kate\AppData\Local\Adobe Save for Web 12.0 Prefs

[2011/07/20 13:37:39 | 000,082,319 | ---- | M] () -- C:\Users\Kate\Desktop\Summer Sizzler - 10% off Graphic.ai

[2011/07/19 21:58:20 | 000,001,168 | ---- | M] () -- C:\Users\Kate\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2011/07/19 21:58:20 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/18 22:37:02 | 000,001,864 | ---- | M] () -- C:\Users\Public\Desktop\REM.lnk

[2011/07/18 22:36:48 | 000,001,916 | ---- | M] () -- C:\Users\Kate\Desktop\NetView.lnk

[2011/07/18 22:36:39 | 004,644,288 | ---- | M] () -- C:\Users\Kate\Desktop\NetViewInstaller_2_1_8_12-update26022010.zip

[2011/07/18 22:28:31 | 000,219,217 | ---- | M] () -- C:\Users\Kate\Desktop\E-Series-Mobile-Viewer-ver-1.zip

[2011/07/16 16:59:37 | 000,000,094 | ---- | M] () -- C:\Windows\SysWow64\1521774577

[2011/07/14 04:52:03 | 018,886,071 | ---- | M] () -- C:\Users\Kate\Desktop\UOEnhancedSetup_4_0_10_1.exe

[2011/07/14 04:50:05 | 000,000,218 | ---- | M] () -- C:\Users\Kate\Desktop\Day of Defeat.url

[2011/07/13 07:19:38 | 006,103,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/07/12 12:16:57 | 012,081,958 | ---- | M] () -- C:\Users\Kate\Desktop\LogMeIn.zip

[2011/07/12 03:28:16 | 000,001,104 | ---- | M] () -- C:\Users\Kate\Desktop\Rawr.WPF.exe - Shortcut.lnk

[2011/07/12 03:27:59 | 010,586,032 | ---- | M] () -- C:\Users\Kate\Desktop\Rawr WPF 4.2.1.zip

[2011/07/11 20:47:29 | 000,378,329 | ---- | M] () -- C:\Users\Kate\Desktop\TheUndermineJournal.zip

[2011/07/07 14:49:20 | 000,006,966 | ---- | M] () -- C:\Users\Kate\AppData\Roaming\363E.314

[2011/07/07 00:15:05 | 000,003,185 | ---- | M] () -- C:\Users\Kate\Desktop\SkyGazer 4.lnk

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/07/06 16:33:18 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll

[2011/07/06 16:33:06 | 000,080,768 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll

[2011/07/06 16:33:06 | 000,033,152 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll

[2011/07/05 10:35:50 | 000,002,263 | ---- | M] () -- C:\Users\Kate\Desktop\SearchToolbar.png

[2011/07/05 10:35:43 | 000,014,480 | ---- | M] () -- C:\Users\Kate\Desktop\SignUpForm.png

[2011/07/05 10:34:55 | 003,108,533 | ---- | M] () -- C:\Users\Kate\Desktop\New Compressed (zipped) Folder.zip

[2011/07/04 06:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2011/07/04 06:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2011/07/04 06:43:42 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2011/07/04 06:36:56 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2011/07/04 06:36:54 | 000,288,088 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2011/07/04 06:35:28 | 000,045,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2011/07/04 06:32:35 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys

[2011/07/04 06:32:24 | 000,064,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2011/07/04 06:32:14 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2011/07/02 22:05:07 | 000,000,000 | ---- | M] () -- C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2011/07/02 21:53:30 | 000,002,373 | ---- | M] () -- C:\Users\Kate\Desktop\EverQuest.lnk

[2011/06/29 19:34:33 | 001,530,520 | ---- | M] () -- C:\Users\Kate\Desktop\wubi.exe

[2011/06/27 20:38:19 | 000,001,800 | ---- | M] () -- C:\Users\Kate\Desktop\SHOKZ.lnk

[2011/06/26 20:27:43 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk

[2011/06/26 11:16:21 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011/06/25 23:50:40 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys

[2011/06/25 23:50:40 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref

[2011/06/25 08:20:34 | 000,000,600 | ---- | M] () -- C:\Users\Kate\AppData\Local\PUTTY.RND

[2011/06/23 20:47:51 | 000,007,619 | ---- | M] () -- C:\Users\Kate\AppData\Local\Resmon.ResmonCfg

[2011/06/23 20:44:18 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk

========== Files Created - No Company Name ==========

[2011/07/23 18:26:07 | 000,000,512 | ---- | C] () -- C:\Users\Kate\Desktop\MBR.dat

[2011/07/22 15:02:46 | 000,202,457 | ---- | C] () -- C:\Users\Kate\Desktop\johnsontravis.pdf

[2011/07/22 02:38:47 | 000,004,568 | ---- | C] () -- C:\Users\Kate\Desktop\Attach.zip

[2011/07/22 02:25:57 | 000,302,592 | ---- | C] () -- C:\Users\Kate\Desktop\j881kuyi.exe

[2011/07/22 02:04:06 | 000,000,000 | ---- | C] () -- C:\Users\Kate\defogger_reenable

[2011/07/22 02:02:44 | 000,050,477 | ---- | C] () -- C:\Users\Kate\Desktop\Defogger.exe

[2011/07/20 19:40:14 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2011/07/20 19:39:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

[2011/07/20 19:31:31 | 056,727,728 | ---- | C] () -- C:\Users\Kate\Desktop\setup_av_free.exe

[2011/07/20 13:37:38 | 000,082,319 | ---- | C] () -- C:\Users\Kate\Desktop\Summer Sizzler - 10% off Graphic.ai

[2011/07/19 21:58:20 | 000,001,168 | ---- | C] () -- C:\Users\Kate\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2011/07/19 21:58:20 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/18 22:37:02 | 000,001,864 | ---- | C] () -- C:\Users\Public\Desktop\REM.lnk

[2011/07/18 22:36:48 | 000,001,916 | ---- | C] () -- C:\Users\Kate\Desktop\NetView.lnk

[2011/07/18 22:36:38 | 004,644,288 | ---- | C] () -- C:\Users\Kate\Desktop\NetViewInstaller_2_1_8_12-update26022010.zip

[2011/07/18 22:28:31 | 000,219,217 | ---- | C] () -- C:\Users\Kate\Desktop\E-Series-Mobile-Viewer-ver-1.zip

[2011/07/16 16:59:36 | 000,000,094 | ---- | C] () -- C:\Windows\SysWow64\1521774577

[2011/07/14 04:51:23 | 018,886,071 | ---- | C] () -- C:\Users\Kate\Desktop\UOEnhancedSetup_4_0_10_1.exe

[2011/07/14 04:50:05 | 000,000,218 | ---- | C] () -- C:\Users\Kate\Desktop\Day of Defeat.url

[2011/07/12 12:16:56 | 012,081,958 | ---- | C] () -- C:\Users\Kate\Desktop\LogMeIn.zip

[2011/07/12 03:27:54 | 010,586,032 | ---- | C] () -- C:\Users\Kate\Desktop\Rawr WPF 4.2.1.zip

[2011/07/11 20:47:27 | 000,378,329 | ---- | C] () -- C:\Users\Kate\Desktop\TheUndermineJournal.zip

[2011/07/07 01:21:05 | 000,006,966 | ---- | C] () -- C:\Users\Kate\AppData\Roaming\363E.314

[2011/07/07 00:15:05 | 000,003,185 | ---- | C] () -- C:\Users\Kate\Desktop\SkyGazer 4.lnk

[2011/07/06 11:52:08 | 000,000,312 | ---- | C] () -- C:\Users\Kate\Desktop\Curse Client.appref-ms

[2011/07/05 18:29:46 | 000,001,104 | ---- | C] () -- C:\Users\Kate\Desktop\Rawr.WPF.exe - Shortcut.lnk

[2011/07/05 10:35:50 | 000,002,263 | ---- | C] () -- C:\Users\Kate\Desktop\SearchToolbar.png

[2011/07/05 10:35:43 | 000,014,480 | ---- | C] () -- C:\Users\Kate\Desktop\SignUpForm.png

[2011/07/05 10:34:54 | 003,108,533 | ---- | C] () -- C:\Users\Kate\Desktop\New Compressed (zipped) Folder.zip

[2011/07/02 22:05:07 | 000,000,000 | ---- | C] () -- C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2011/07/02 21:53:30 | 000,002,403 | ---- | C] () -- C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EverQuest.lnk

[2011/07/02 21:53:30 | 000,002,373 | ---- | C] () -- C:\Users\Kate\Desktop\EverQuest.lnk

[2011/06/29 19:34:32 | 001,530,520 | ---- | C] () -- C:\Users\Kate\Desktop\wubi.exe

[2011/06/27 20:38:19 | 000,001,800 | ---- | C] () -- C:\Users\Kate\Desktop\SHOKZ.lnk

[2011/06/26 11:16:21 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011/06/25 08:17:34 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref

[2011/06/23 20:39:24 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk

[2011/06/06 15:30:08 | 000,000,600 | ---- | C] () -- C:\Users\Kate\AppData\Local\PUTTY.RND

[2011/05/26 00:05:31 | 000,188,968 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011/05/19 16:48:18 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2011/05/19 12:11:32 | 000,000,132 | ---- | C] () -- C:\Users\Kate\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011/05/18 13:54:50 | 000,001,456 | ---- | C] () -- C:\Users\Kate\AppData\Local\Adobe Save for Web 12.0 Prefs

[2011/05/18 13:33:19 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI

[2011/05/16 15:29:50 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\XVIDVFW.DLL

[2011/05/16 15:29:49 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\XVIDCORE.DLL

[2011/05/16 15:29:44 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\TMPXVFW.DLL

[2011/05/16 15:29:44 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\AMD422CODEC.DLL

[2011/05/16 15:29:37 | 000,581,632 | ---- | C] () -- C:\Windows\SysWow64\TMPXCORE.DLL

[2011/04/27 00:49:30 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat

[2011/03/30 16:18:44 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI

[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/02/24 23:20:02 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI

[2011/02/11 13:20:04 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2011/01/27 06:09:33 | 000,007,619 | ---- | C] () -- C:\Users\Kate\AppData\Local\Resmon.ResmonCfg

[2011/01/26 17:49:59 | 000,221,291 | ---- | C] () -- C:\Windows\hpoins19.dat

[2011/01/26 17:49:59 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat

[2011/01/25 21:42:01 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys

[2011/01/25 21:34:58 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe

[2011/01/25 21:29:29 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2011/01/25 21:24:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/01/25 19:49:52 | 000,888,564 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/01/25 19:43:36 | 000,921,665 | ---- | C] () -- C:\Windows\SysWow64\msvcrt-ruby18.dll

[2011/01/25 19:43:36 | 000,271,264 | ---- | C] () -- C:\Windows\SysWow64\vbrun100.dll

[2011/01/25 19:43:36 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll

[2011/01/25 19:43:36 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\pythonw.exe

[2011/01/25 19:43:36 | 000,026,624 | ---- | C] () -- C:\Windows\SysWow64\python.exe

[2011/01/25 19:43:36 | 000,020,537 | ---- | C] () -- C:\Windows\SysWow64\rubyw.exe

[2011/01/25 19:43:36 | 000,020,536 | ---- | C] () -- C:\Windows\SysWow64\ruby.exe

[2009/08/27 02:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe

[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/07/16 19:22:02 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\BitTorrent

[2011/06/02 16:59:21 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/06/08 18:51:32 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1

[2011/07/20 17:43:44 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\FileZilla

[2011/02/03 11:29:19 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\GetRightToGo

[2011/06/03 19:32:16 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\ImgBurn

[2011/05/18 13:33:19 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\PACE Anti-Piracy

[2011/05/02 02:47:59 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\QuickScan

[2011/02/17 02:40:25 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\RIFT

[2011/05/25 19:30:26 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2011/06/11 23:39:43 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Wizards of the Coast

[2011/07/19 02:01:34 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >

[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2010/12/14 22:39:25 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2010/12/14 22:37:08 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2010/12/14 22:39:25 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2010/12/14 22:37:08 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2010/12/14 22:39:25 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2010/12/14 22:37:08 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2010/12/14 22:39:25 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2010/12/14 22:37:08 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >

[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe

[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >

[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >

[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2010/12/14 22:39:25 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2010/12/14 22:39:25 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/23 17:04:11 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/23 17:04:11 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/23 17:04:11 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/06/23 17:04:11 | 000,912,344 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/06/23 17:04:11 | 000,912,344 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/23 17:04:11 | 000,912,344 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/20 12:58:12 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/20 12:58:12 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/20 12:58:12 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/20 12:58:12 | 000,748,336 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/05/20 12:58:12 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/06/23 17:04:11 | 000,552,464 | ---- | M] (Mozilla Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/06/23 17:04:11 | 000,552,464 | ---- | M] (Mozilla Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/06/23 17:04:11 | 000,552,464 | ---- | M] (Mozilla Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2011/06/23 17:04:11 | 000,912,344 | ---- | M] (Mozilla Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/06/23 17:04:11 | 000,912,344 | ---- | M] (Mozilla Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011/06/23 17:04:11 | 000,912,344 | ---- | M] (Mozilla Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/20 12:58:12 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/20 12:58:12 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/20 12:58:12 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/20 12:58:12 | 000,748,336 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/05/20 12:58:12 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 1243 bytes -> C:\ProgramData\Microsoft:0cWayhtTqWsnlzTei7tvH4

@Alternate Data Stream - 1212 bytes -> C:\Program Files\Common Files\Microsoft Shared:TaxrtRDR4e0er5YAX9JhT3r0tC

@Alternate Data Stream - 1117 bytes -> C:\ProgramData\Microsoft:PIKndDeu46tcgMms6INuCQqdBNb6l

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 7/23/2011 6:28:32 PM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Kate\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.38 Gb Available Physical Memory | 56.37% Memory free

11.99 Gb Paging File | 9.25 Gb Available in Paging File | 77.11% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 662.63 Gb Free Space | 71.14% Space Free | Partition Type: NTFS

Drive D: | 158.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KATE-PC | User Name: Kate | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-178733886-2313030153-1870758614-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\iCall\iCall.exe" = C:\Program Files (x86)\iCall\iCall.exe:*:Enabled:iCall

"C:\Program Files (x86)\iCall\iCall.exe" = C:\Program Files (x86)\iCall\iCall.exe:*:Enabled:iCall

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)

"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer

"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8

"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes

"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)

"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer

"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java 6 Update 21 (64-bit)

"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{4A85E8AD-6CF6-D3D1-2280-420452F5E1EE}" = ATI AVIVO64 Codecs

"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files

"{537056B7-32A4-4408-9B54-0341963C7C9C}" = UltraMon

"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English

"{6AB4EC25-677C-4735-5623-1CCC90E759E4}" = ccc-utility64

"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8125F749-B244-4F7B-811E-532165C5F2D5}" = Microsoft SQL Server 2008 RsFx Driver

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)

"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{A9417107-5107-C6E7-9649-CF3294E9C491}" = WMV9/VC-1 Video Playback

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B

"{C0C690C8-F335-4BA4-A2AD-675EAD1DFA90}" = Microsoft SQL Server 2008 Setup Support Files

"{C3AF5BD8-30D5-41F5-AF61-705D98146B0F}" = Microsoft SQL Server 2008 Native Client

"{C5970161-E13E-6661-BBDA-A08268313C83}" = ATI Catalyst Install Manager

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)

"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared

"{E6456858-8C0C-35CE-96B8-AFFCD205C9FC}" = AMD Drag and Drop Transcoding

"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64

"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services

"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services

"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0

"CCleaner" = CCleaner

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56

"CPUID HWMonitor_is1" = CPUID HWMonitor 1.17

"DriverAgent.exe" = DriverAgent by eSupport.com

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Smart Web Printing" = HP Smart Web Printing 4.51

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPOCR" = OCR Software by I.R.I.S. 13.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0

"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)

"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"Recuva" = Recuva

"Wacom Tablet Driver" = Wacom Tablet

"WinRAR archiver" = WinRAR 4.00 beta 7 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{011E0BAD-DC62-DF83-4D19-D110C61FE679}" = CCC Help Chinese Traditional

"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0AC457CB-3661-B42F-6181-5D1305C1475A}" = CCC Help Finnish

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework

"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1

"{0E86AF86-F103-A148-7070-0596A5FCEAD7}" = CCC Help French

"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F7CFAB6-A7FC-31E5-2917-989B06B09270}" = CCC Help Turkish

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21

"{2888EBA9-91E6-D3EF-FC6D-7B3C2B045CAE}" = CCC Help English

"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types

"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools

"{2EA64D86-61D9-40A4-A89F-D4E6DEDD301D}" = Catalyst Control Center Localization All

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{3411B11D-91D6-B456-0FAE-24BF99868231}" = Catalyst Control Center Graphics Previews Common

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{35A33CA3-9B1B-3653-6C71-0ADB85E96154}" = ccc-core-static

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy

"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1

"{401A4D76-C360-2084-F163-1FABD851D314}" = CCC Help Thai

"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition

"{43461D82-2DD5-B2D7-886D-5C1A52C09904}" = CCC Help Polish

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax

"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4B61C9AE-3FDD-9DB7-4247-7D96A03C018D}" = CCC Help German

"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport

"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects

"{5165FA54-2957-4BC9-44CC-D21BDCE9D9E6}" = CCC Help Japanese

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI

"{557090F6-9174-B562-71CF-70FD6C7F9895}" = Application Profiles

"{57573545-74EB-46D2-B362-AA05364E4ED8}" = LogMeIn

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{58374E01-D455-ABAE-CD3A-548911E1CAAD}" = CCC Help Swedish

"{59B734CE-69E9-F555-380C-0B9D880F4E95}" = CCC Help Hungarian

"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher

"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{665815D4-1F82-D581-E762-A2E0A15E6512}" = CCC Help Dutch

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319

"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime

"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service

"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06

"{803259ED-7A67-4CB5-B6D7-281ED371091B}" = LogMeIn

"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D1CB4C2-283E-39A7-2AFA-6D3320E012A8}" = CCC Help Chinese Standard

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007

"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)

"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007

"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{93703800-E668-1370-1756-2003BA060281}" = CCC Help Russian

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95A837D2-EB2E-9F85-1DB8-01B8337DFC08}" = CCC Help Czech

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B0F9788-3141-4009-846E-52E59843E963}" = SimCity™ Societies

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C8692DA-9451-AA41-404A-72308CAE1BF5}" = CCC Help Spanish

"{9CF2ECFE-5242-B513-5DB4-A751BD735DD2}" = CCC Help Danish

"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5

"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio

"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)

"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4

"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online

"{AFBDAB2A-EA6B-43F2-B6DE-C3E9CBBCD282}_is1" = REM

"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS

"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{B7B28A98-604D-4D1F-888F-CAC53E5E19BE}" = SkyGazer 4

"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU

"{BC92AA6F-2DAF-1BA2-7C86-1DBBA6423C5F}" = CCC Help Norwegian

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser

"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D17772DB-061D-CF9A-7A82-E8C047195259}" = CCC Help Portuguese

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D1C7BB12-BE01-11DC-AAC9-EEBA55D89593}" = SimCity™ Societies Destinations

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D5507048-ED32-BEE8-431D-303F741DE073}" = CCC Help Italian

"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DA427272-904E-4EC2-BCC8-07B39B8EFA78}" = PC DVR-4-Net

"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime

"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DECCD21C-4BCC-1326-0EF3-7E87C97E14D9}" = CCC Help Greek

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project

"{E60B8506-DDC7-433d-AF9E-999D0F543C4A}" = 2570_Help

"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext

"{E8B708FF-D116-0D4D-DC14-72827A219D54}" = HydraVision

"{EA7FE7AB-34AE-4e14-84C5-187E6EC0AB9B}" = 2570

"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE™ Creature Creator Trial Edition

"{EFD21D05-4618-D72A-464F-B0D1911617A7}" = CCC Help Korean

"{F01A9563-2A27-6ABC-2E04-03B7873DF7E0}" = Catalyst Control Center InstallProxy

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F45B17BD-460F-4501-AE52-F286D1CB749F}" = RemoteAgent

"{F66D5732-C2A6-4f88-B8FE-AEDA10355FBD}" = 2570Trb

"{FBB02B04-C034-4382-A3F6-57416E2752C4}" = Adobe Creative Suite 5 Master Collection

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AudibleManager" = AudibleManager

"avast" = avast! Free Antivirus

"BitTorrent" = BitTorrent

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"Cisco Connect" = Cisco Connect

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"EADM" = EA Download Manager

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EVE" = EVE Online (remove only)

"FileZilla Client" = FileZilla Client 3.5.0

"ImgBurn" = ImgBurn

"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1

"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1

"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800

"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU

"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools

"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)

"NetView" = XMViwer (remove only)

"OpenAL" = OpenAL

"SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client Setup Files 4.0 (x64) (remove only)

"StarCraft II" = StarCraft II

"Steam App 20" = Team Fortress Classic

"Steam App 30" = Day of Defeat

"Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat

"VirtualCloneDrive" = VirtualCloneDrive

"VISPRO" = Microsoft Office Visio Professional 2007

"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin

"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin

"WinLiveSuite" = Windows Live Essentials

"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-178733886-2313030153-1870758614-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"090215de958f1060" = Curse Client

"3444834559.elitistjerks.com" = Rawr

"NCsoft-Aion" = Aion

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 7/11/2011 10:31:50 PM | Computer Name = Kate-PC | Source = Application Error | ID = 1000

Description = Faulting application name: Dreamweaver.exe, version: 11.0.0.4909,

time stamp: 0x4bb5abaf Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000005 Fault offset: 0x27402527 Faulting process id:

0x5f4 Faulting application start time: 0x01cc403bd4defc09 Faulting application path:

C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe Faulting module

path: unknown Report Id: 187d210a-ac2f-11e0-b91d-1c6f659eec6e

Error - 7/12/2011 4:28:00 AM | Computer Name = Kate-PC | Source = Application Hang | ID = 1002

Description = The program Rawr.WPF.exe version 4.2.0.0 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1148 Start

Time: 01cc406d8e628eda Termination Time: 6 Application Path: C:\Users\Kate\Desktop\Rawr

WPF 4.2.0\Rawr.WPF.exe Report Id: d88d963a-ac60-11e0-b91d-1c6f659eec6e

Error - 7/12/2011 7:08:50 PM | Computer Name = Kate-PC | Source = Application Hang | ID = 1002

Description = The program SndVol.exe version 6.1.7601.17514 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1070 Start

Time: 01cc40e10363bd6e Termination Time: 3 Application Path: C:\Windows\system32\SndVol.exe

Report

Id: e57120b8-acdb-11e0-b91d-1c6f659eec6e

Error - 7/12/2011 7:09:16 PM | Computer Name = Kate-PC | Source = Application Hang | ID = 1002

Description = The program WoW.exe version 4.2.0.14333 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 11e0 Start Time:

01cc40cd27c8e729 Termination Time: 363 Application Path: C:\Users\Public\Games\World

of Warcraft\WoW.exe Report Id:

Error - 7/16/2011 5:36:30 AM | Computer Name = Kate-PC | Source = Application Error | ID = 1000

Description = Faulting application name: java.exe, version: 6.0.210.7, time stamp:

0x4c417649 Faulting module name: java.dll, version: 6.0.210.7, time stamp: 0x4c41a940

Exception

code: 0xc0000005 Fault offset: 0x00004e20 Faulting process id: 0xf40 Faulting application

start time: 0x01cc439bd6bad0fe Faulting application path: C:\Program Files (x86)\Java\jre6\bin\java.exe

Faulting

module path: C:\Program Files (x86)\Java\jre6\bin\java.dll Report Id: 159c94ae-af8f-11e0-9508-1c6f659eec6e

Error - 7/17/2011 1:37:17 AM | Computer Name = Kate-PC | Source = Application Hang | ID = 1002

Description = The program Launcher.exe version 4.2.0.2506 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 960 Start

Time: 01cc44438e1ea72e Termination Time: 5 Application Path: C:\Users\Public\Games\World

of Warcraft\Launcher.exe Report Id: d3ba3452-b036-11e0-9508-1c6f659eec6e

Error - 7/18/2011 11:37:44 PM | Computer Name = Kate-PC | Source = Application Hang | ID = 1002

Description = The program REM.exe version 1.0.1.2 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: d5c Start Time:

01cc45c520c5fe0c Termination Time: 7 Application Path: C:\Program Files (x86)\REM\REM.exe

Report

Id: 73c6f5fa-b1b8-11e0-bbe9-1c6f659eec6e

Error - 7/18/2011 11:38:14 PM | Computer Name = Kate-PC | Source = Application Hang | ID = 1002

Description = The program DvrPlayer.exe version 2.1.8.12 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1384 Start

Time: 01cc45c522d92e63 Termination Time: 19 Application Path: C:\Program Files (x86)\NetView\DvrPlayer.exe

Report

Id: 86dfb2df-b1b8-11e0-bbe9-1c6f659eec6e

Error - 7/19/2011 3:01:05 AM | Computer Name = Kate-PC | Source = Application Hang | ID = 1002

Description = The program Launcher.exe version 4.2.0.2506 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: ed0 Start

Time: 01cc45e197785078 Termination Time: 4 Application Path: C:\Users\Public\Games\World

of Warcraft\Launcher.exe Report Id: dddb6c3b-b1d4-11e0-bbe9-1c6f659eec6e

Error - 7/20/2011 1:02:44 AM | Computer Name = Kate-PC | Source = Application Error | ID = 1000

Description = Faulting application name: SkyGazer4.exe, version: 4.0.5.0, time stamp:

0x470a2c65 Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time

stamp: 0x4cf4536a Exception code: 0xc0000005 Fault offset: 0x64cdbb89 Faulting process

id: 0x7f0 Faulting application start time: 0x01cc46949c733cde Faulting application

path: C:\Program Files (x86)\Carina Software\SkyGazer 4\SkyGazer4.exe Faulting module

path: QuickTime.qts Report Id: 80238da5-b28d-11e0-9523-1c6f659eec6e

[ System Events ]

Error - 7/19/2011 3:03:34 AM | Computer Name = Kate-PC | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

the service) after the unexpected termination of the IKE and AuthIP IPsec Keying

Modules service, but this action failed with the following error: %%1056

Error - 7/19/2011 3:03:34 AM | Computer Name = Kate-PC | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

the service) after the unexpected termination of the Windows Management Instrumentation

service, but this action failed with the following error: %%1056

Error - 7/19/2011 3:03:34 AM | Computer Name = Kate-PC | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

the service) after the unexpected termination of the Multimedia Class Scheduler

service, but this action failed with the following error: %%1056

Error - 7/19/2011 8:25:32 PM | Computer Name = Kate-PC | Source = Service Control Manager | ID = 7000

Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 7/19/2011 11:43:58 PM | Computer Name = Kate-PC | Source = DCOM | ID = 10010

Description =

Error - 7/21/2011 1:35:01 AM | Computer Name = Kate-PC | Source = DCOM | ID = 10010

Description =

Error - 7/21/2011 1:17:31 PM | Computer Name = Kate-PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 7/21/2011 7:27:46 PM | Computer Name = Kate-PC | Source = DCOM | ID = 10010

Description =

Error - 7/22/2011 3:14:50 AM | Computer Name = Kate-PC | Source = DCOM | ID = 10010

Description =

Error - 7/22/2011 4:52:26 AM | Computer Name = Kate-PC | Source = DCOM | ID = 10010

Description =

< End of report >

Link to post
Share on other sites

hi

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 68 02 02 A1 45 57 4B B0 04 6B 79 4B C0 69 E1 [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 68 02 02 A1 45 57 4B B0 04 6B 79 4B C0 69 E1 [binary data]
    IE - HKU\S-1-5-21-178733886-2313030153-1870758614-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 25 16 B3 3B 47 CC 01 [binary data]
    IE - HKU\S-1-5-21-178733886-2313030153-1870758614-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 68 02 02 A1 45 57 4B B0 04 6B 79 4B C0 69 E1 [binary data]
    IE - HKU\S-1-5-21-178733886-2313030153-1870758614-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 60667
    [2011/07/16 16:59:36 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\cqjbz7mz.default\extensions\{9e15fe74-a6df-4ac9-af10-02aaaca9f6a4}
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O33 - MountPoints2\{8cd975ec-6d33-11e0-887f-1c6f659eec6e}\Shell - "" = AutoRun
    O33 - MountPoints2\{8cd975ec-6d33-11e0-887f-1c6f659eec6e}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
    O33 - MountPoints2\{8e088fcf-2fa2-11e0-879d-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{8e088fcf-2fa2-11e0-879d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2007/10/10 11:15:30 | 000,364,544 | R--- | M] (Carina Software )

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Things I would like to see in your reply:

  • OTL log
  • TDSSkiller log

Link to post
Share on other sites

Just want to thank you aliB for all your help! I was totally clueless as to how to remove this virus since the programs I usually use didn't take care of it. Would you mind explaining some of these other programs you're using? I'm very interested in what they are, and how you identified (if you have) the location of the virus itself or even the .exe name.

Thank you!

Johnson Digital

All processes killed

========== OTL ==========

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!

HKU\S-1-5-21-178733886-2313030153-1870758614-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!

HKU\S-1-5-21-178733886-2313030153-1870758614-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!

HKU\S-1-5-21-178733886-2313030153-1870758614-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Prefs.js: "127.0.0.1" removed from network.proxy.http

Prefs.js: 60667 removed from network.proxy.http_port

C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\cqjbz7mz.default\extensions\{9e15fe74-a6df-4ac9-af10-02aaaca9f6a4}\defaults\preferences folder moved successfully.

C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\cqjbz7mz.default\extensions\{9e15fe74-a6df-4ac9-af10-02aaaca9f6a4}\defaults folder moved successfully.

C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\cqjbz7mz.default\extensions\{9e15fe74-a6df-4ac9-af10-02aaaca9f6a4}\chrome folder moved successfully.

C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\cqjbz7mz.default\extensions\{9e15fe74-a6df-4ac9-af10-02aaaca9f6a4} folder moved successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cd975ec-6d33-11e0-887f-1c6f659eec6e}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cd975ec-6d33-11e0-887f-1c6f659eec6e}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cd975ec-6d33-11e0-887f-1c6f659eec6e}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cd975ec-6d33-11e0-887f-1c6f659eec6e}\ not found.

File F:\TL-Bootstrap.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e088fcf-2fa2-11e0-879d-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e088fcf-2fa2-11e0-879d-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e088fcf-2fa2-11e0-879d-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e088fcf-2fa2-11e0-879d-806e6f6e6963}\ not found.

File D:\Setup.exe not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Kate\Desktop\cmd.bat deleted successfully.

C:\Users\Kate\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56502 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Kate

->Temp folder emptied: 23913714 bytes

->Temporary Internet Files folder emptied: 38159860 bytes

->Java cache emptied: 6600594 bytes

->FireFox cache emptied: 106401573 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 72142 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 504921 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes

RecycleBin emptied: 955267874 bytes

Total Files Cleaned = 1,079.00 mb

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Kate

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 07252011_001644

Files\Folders moved on Reboot...

C:\Users\Kate\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Kate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E4EW9OTD\addons-tracker-v4[1].htm moved successfully.

C:\Users\Kate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E4EW9OTD\background_button_green_full[1].png moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

++++++++++++++++++++++++++++++++++++++++++++++++++

++++++++++++++++++++++++++++++++++++++++++++++++++

++++++++++++++++OTL ABOVE, TDSS BELOW+++++++++++++

++++++++++++++++++++++++++++++++++++++++++++++++++

2011/07/25 00:22:31.0609 5680 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/25 00:22:31.0936 5680 ================================================================================

2011/07/25 00:22:31.0936 5680 SystemInfo:

2011/07/25 00:22:31.0936 5680

2011/07/25 00:22:31.0936 5680 OS Version: 6.1.7601 ServicePack: 1.0

2011/07/25 00:22:31.0936 5680 Product type: Workstation

2011/07/25 00:22:31.0936 5680 ComputerName: KATE-PC

2011/07/25 00:22:31.0936 5680 UserName: Kate

2011/07/25 00:22:31.0936 5680 Windows directory: C:\Windows

2011/07/25 00:22:31.0936 5680 System windows directory: C:\Windows

2011/07/25 00:22:31.0936 5680 Running under WOW64

2011/07/25 00:22:31.0936 5680 Processor architecture: Intel x64

2011/07/25 00:22:31.0936 5680 Number of processors: 4

2011/07/25 00:22:31.0936 5680 Page size: 0x1000

2011/07/25 00:22:31.0936 5680 Boot type: Normal boot

2011/07/25 00:22:31.0936 5680 ================================================================================

2011/07/25 00:22:32.0747 5680 Initialize success

2011/07/25 00:22:35.0415 3812 ================================================================================

2011/07/25 00:22:35.0415 3812 Scan started

2011/07/25 00:22:35.0415 3812 Mode: Manual;

2011/07/25 00:22:35.0415 3812 ================================================================================

2011/07/25 00:22:38.0223 3812 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

2011/07/25 00:22:38.0239 3812 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

2011/07/25 00:22:38.0270 3812 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

2011/07/25 00:22:38.0301 3812 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/07/25 00:22:38.0317 3812 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/07/25 00:22:38.0348 3812 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/07/25 00:22:38.0395 3812 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

2011/07/25 00:22:38.0410 3812 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

2011/07/25 00:22:38.0441 3812 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

2011/07/25 00:22:38.0535 3812 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

2011/07/25 00:22:38.0566 3812 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys

2011/07/25 00:22:38.0597 3812 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/07/25 00:22:38.0941 3812 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/07/25 00:22:39.0097 3812 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys

2011/07/25 00:22:39.0175 3812 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/07/25 00:22:39.0237 3812 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

2011/07/25 00:22:39.0253 3812 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/07/25 00:22:39.0268 3812 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

2011/07/25 00:22:39.0315 3812 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

2011/07/25 00:22:39.0346 3812 AppleCharger (301aa64f9643bc453d90a66c4c0e7204) C:\Windows\system32\DRIVERS\AppleCharger.sys

2011/07/25 00:22:39.0362 3812 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/07/25 00:22:39.0377 3812 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/07/25 00:22:39.0424 3812 aswFsBlk (55353cd0da287b2c3782485740965b54) C:\Windows\system32\drivers\aswFsBlk.sys

2011/07/25 00:22:39.0471 3812 aswMonFlt (b38061cdefb71361e0c7547ac60527e8) C:\Windows\system32\drivers\aswMonFlt.sys

2011/07/25 00:22:39.0487 3812 aswRdr (91e7aca95933633b2557f47cdfdb74c3) C:\Windows\system32\drivers\aswRdr.sys

2011/07/25 00:22:39.0518 3812 aswSnx (2b15499f68fad60ce69264a327e9b0f0) C:\Windows\system32\drivers\aswSnx.sys

2011/07/25 00:22:39.0533 3812 aswSP (4d939ecb19dc930056593390d1c87c43) C:\Windows\system32\drivers\aswSP.sys

2011/07/25 00:22:39.0549 3812 aswTdi (d633426c5a207ce21767569aa4946891) C:\Windows\system32\drivers\aswTdi.sys

2011/07/25 00:22:39.0565 3812 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/25 00:22:39.0596 3812 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

2011/07/25 00:22:39.0643 3812 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys

2011/07/25 00:22:39.0674 3812 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/07/25 00:22:39.0689 3812 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/07/25 00:22:39.0721 3812 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/07/25 00:22:39.0736 3812 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/07/25 00:22:39.0783 3812 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/25 00:22:39.0799 3812 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/07/25 00:22:39.0814 3812 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/07/25 00:22:39.0830 3812 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/07/25 00:22:39.0845 3812 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/07/25 00:22:39.0861 3812 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/07/25 00:22:39.0861 3812 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/07/25 00:22:39.0892 3812 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/07/25 00:22:39.0908 3812 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/25 00:22:39.0939 3812 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

2011/07/25 00:22:39.0986 3812 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/07/25 00:22:40.0064 3812 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/07/25 00:22:40.0111 3812 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/07/25 00:22:40.0142 3812 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

2011/07/25 00:22:40.0282 3812 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

2011/07/25 00:22:40.0298 3812 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/07/25 00:22:40.0329 3812 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

2011/07/25 00:22:40.0423 3812 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys

2011/07/25 00:22:40.0438 3812 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/07/25 00:22:40.0501 3812 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

2011/07/25 00:22:40.0547 3812 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

2011/07/25 00:22:40.0563 3812 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/07/25 00:22:40.0579 3812 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/07/25 00:22:40.0625 3812 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

2011/07/25 00:22:40.0672 3812 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys

2011/07/25 00:22:40.0688 3812 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

2011/07/25 00:22:40.0719 3812 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/07/25 00:22:40.0781 3812 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS

2011/07/25 00:22:40.0828 3812 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/25 00:22:40.0875 3812 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/07/25 00:22:40.0969 3812 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys

2011/07/25 00:22:41.0078 3812 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/07/25 00:22:41.0125 3812 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

2011/07/25 00:22:41.0203 3812 etdrv (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys

2011/07/25 00:22:41.0249 3812 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/07/25 00:22:41.0281 3812 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/07/25 00:22:41.0327 3812 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/25 00:22:41.0359 3812 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/07/25 00:22:41.0374 3812 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/07/25 00:22:41.0405 3812 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/25 00:22:41.0483 3812 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

2011/07/25 00:22:41.0530 3812 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/07/25 00:22:41.0561 3812 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/25 00:22:41.0655 3812 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

2011/07/25 00:22:41.0671 3812 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/07/25 00:22:41.0780 3812 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys

2011/07/25 00:22:41.0811 3812 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/07/25 00:22:41.0873 3812 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys

2011/07/25 00:22:41.0889 3812 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/07/25 00:22:41.0936 3812 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

2011/07/25 00:22:41.0951 3812 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

2011/07/25 00:22:41.0967 3812 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/07/25 00:22:41.0983 3812 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/07/25 00:22:41.0983 3812 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/07/25 00:22:41.0998 3812 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

2011/07/25 00:22:42.0029 3812 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

2011/07/25 00:22:42.0061 3812 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

2011/07/25 00:22:42.0107 3812 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

2011/07/25 00:22:42.0123 3812 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

2011/07/25 00:22:42.0170 3812 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

2011/07/25 00:22:42.0217 3812 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/07/25 00:22:42.0295 3812 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\Windows\system32\drivers\RTKVHD64.sys

2011/07/25 00:22:42.0326 3812 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

2011/07/25 00:22:42.0341 3812 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/25 00:22:42.0373 3812 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/25 00:22:42.0388 3812 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

2011/07/25 00:22:42.0419 3812 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/07/25 00:22:42.0435 3812 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/07/25 00:22:42.0451 3812 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

2011/07/25 00:22:42.0466 3812 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

2011/07/25 00:22:42.0482 3812 JRAID (1c368c1a2733dcc5b8e15420aa2b0f6d) C:\Windows\system32\DRIVERS\jraid.sys

2011/07/25 00:22:42.0497 3812 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/07/25 00:22:42.0513 3812 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/07/25 00:22:42.0544 3812 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/25 00:22:42.0560 3812 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

2011/07/25 00:22:42.0575 3812 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/07/25 00:22:42.0607 3812 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/25 00:22:42.0716 3812 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys

2011/07/25 00:22:42.0747 3812 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys

2011/07/25 00:22:42.0778 3812 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys

2011/07/25 00:22:42.0794 3812 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/07/25 00:22:42.0809 3812 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/07/25 00:22:42.0825 3812 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/07/25 00:22:42.0841 3812 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/07/25 00:22:42.0856 3812 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/07/25 00:22:42.0903 3812 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys

2011/07/25 00:22:42.0919 3812 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/07/25 00:22:42.0934 3812 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/07/25 00:22:42.0950 3812 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/07/25 00:22:42.0965 3812 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/25 00:22:42.0965 3812 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2011/07/25 00:22:42.0981 3812 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/25 00:22:43.0012 3812 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

2011/07/25 00:22:43.0028 3812 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

2011/07/25 00:22:43.0059 3812 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/25 00:22:43.0090 3812 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

2011/07/25 00:22:43.0137 3812 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/25 00:22:43.0199 3812 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/25 00:22:43.0231 3812 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/25 00:22:43.0262 3812 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

2011/07/25 00:22:43.0277 3812 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

2011/07/25 00:22:43.0309 3812 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/07/25 00:22:43.0324 3812 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/07/25 00:22:43.0340 3812 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

2011/07/25 00:22:43.0355 3812 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/25 00:22:43.0371 3812 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/25 00:22:43.0387 3812 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/07/25 00:22:43.0418 3812 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

2011/07/25 00:22:43.0433 3812 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

2011/07/25 00:22:43.0465 3812 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/07/25 00:22:43.0465 3812 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/07/25 00:22:43.0496 3812 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/07/25 00:22:43.0527 3812 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/25 00:22:43.0574 3812 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

2011/07/25 00:22:43.0605 3812 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/07/25 00:22:43.0621 3812 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/25 00:22:43.0652 3812 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/25 00:22:43.0683 3812 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/25 00:22:43.0714 3812 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

2011/07/25 00:22:43.0730 3812 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/25 00:22:43.0761 3812 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/25 00:22:43.0823 3812 netr28x (336a9164be14da360a7e95dba26fcc30) C:\Windows\system32\DRIVERS\netr28x.sys

2011/07/25 00:22:43.0855 3812 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/07/25 00:22:43.0886 3812 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/07/25 00:22:43.0901 3812 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/25 00:22:43.0964 3812 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

2011/07/25 00:22:43.0995 3812 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/07/25 00:22:44.0042 3812 nusb3hub (785298579b5f9b4032152dfbb992fdb6) C:\Windows\system32\DRIVERS\nusb3hub.sys

2011/07/25 00:22:44.0057 3812 nusb3xhc (df2750481b4964814467c974f2b0eef1) C:\Windows\system32\DRIVERS\nusb3xhc.sys

2011/07/25 00:22:44.0089 3812 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

2011/07/25 00:22:44.0135 3812 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

2011/07/25 00:22:44.0151 3812 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

2011/07/25 00:22:44.0167 3812 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

2011/07/25 00:22:44.0198 3812 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/07/25 00:22:44.0213 3812 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

2011/07/25 00:22:44.0229 3812 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

2011/07/25 00:22:44.0276 3812 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

2011/07/25 00:22:44.0276 3812 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/07/25 00:22:44.0291 3812 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/07/25 00:22:44.0323 3812 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/07/25 00:22:44.0385 3812 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/25 00:22:44.0416 3812 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/07/25 00:22:44.0463 3812 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/25 00:22:44.0510 3812 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

2011/07/25 00:22:44.0541 3812 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/07/25 00:22:44.0557 3812 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/07/25 00:22:44.0588 3812 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/25 00:22:44.0588 3812 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/25 00:22:44.0635 3812 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/07/25 00:22:44.0697 3812 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/25 00:22:44.0728 3812 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/25 00:22:44.0775 3812 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/25 00:22:44.0806 3812 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/25 00:22:44.0822 3812 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/07/25 00:22:44.0837 3812 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/25 00:22:44.0869 3812 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

2011/07/25 00:22:44.0900 3812 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/25 00:22:44.0915 3812 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/07/25 00:22:44.0947 3812 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

2011/07/25 00:22:44.0993 3812 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

2011/07/25 00:22:45.0025 3812 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

2011/07/25 00:22:45.0071 3812 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys

2011/07/25 00:22:45.0087 3812 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/25 00:22:45.0134 3812 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys

2011/07/25 00:22:45.0181 3812 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys

2011/07/25 00:22:45.0212 3812 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

2011/07/25 00:22:45.0274 3812 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

2011/07/25 00:22:45.0290 3812 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

2011/07/25 00:22:45.0305 3812 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

2011/07/25 00:22:45.0352 3812 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

2011/07/25 00:22:45.0368 3812 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/07/25 00:22:45.0383 3812 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/07/25 00:22:45.0399 3812 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/07/25 00:22:45.0415 3812 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/07/25 00:22:45.0461 3812 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

2011/07/25 00:22:45.0461 3812 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/25 00:22:45.0477 3812 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/25 00:22:45.0493 3812 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/07/25 00:22:45.0524 3812 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/07/25 00:22:45.0539 3812 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/07/25 00:22:45.0571 3812 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/07/25 00:22:45.0602 3812 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/07/25 00:22:45.0649 3812 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

2011/07/25 00:22:45.0680 3812 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/25 00:22:45.0727 3812 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/25 00:22:45.0758 3812 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/07/25 00:22:45.0789 3812 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

2011/07/25 00:22:45.0805 3812 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

2011/07/25 00:22:45.0805 3812 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

2011/07/25 00:22:45.0914 3812 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys

2011/07/25 00:22:45.0961 3812 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/25 00:22:45.0992 3812 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/25 00:22:46.0007 3812 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/07/25 00:22:46.0023 3812 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/07/25 00:22:46.0054 3812 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/25 00:22:46.0070 3812 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

2011/07/25 00:22:46.0101 3812 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/25 00:22:46.0132 3812 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

2011/07/25 00:22:46.0179 3812 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/25 00:22:46.0195 3812 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/07/25 00:22:46.0210 3812 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/25 00:22:46.0241 3812 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/25 00:22:46.0335 3812 UltraMonUtility (694bcf23662f97d987cf4c6739c35f8b) C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys

2011/07/25 00:22:46.0366 3812 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

2011/07/25 00:22:46.0397 3812 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/07/25 00:22:46.0444 3812 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys

2011/07/25 00:22:46.0538 3812 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/25 00:22:46.0569 3812 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

2011/07/25 00:22:46.0585 3812 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/25 00:22:46.0616 3812 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

2011/07/25 00:22:46.0725 3812 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

2011/07/25 00:22:46.0756 3812 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/25 00:22:46.0787 3812 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

2011/07/25 00:22:46.0819 3812 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/07/25 00:22:46.0834 3812 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/25 00:22:46.0881 3812 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys

2011/07/25 00:22:46.0897 3812 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

2011/07/25 00:22:46.0912 3812 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/25 00:22:46.0912 3812 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/07/25 00:22:46.0943 3812 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

2011/07/25 00:22:46.0959 3812 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

2011/07/25 00:22:46.0975 3812 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

2011/07/25 00:22:47.0006 3812 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

2011/07/25 00:22:47.0021 3812 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

2011/07/25 00:22:47.0037 3812 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

2011/07/25 00:22:47.0053 3812 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

2011/07/25 00:22:47.0068 3812 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/07/25 00:22:47.0162 3812 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys

2011/07/25 00:22:47.0177 3812 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/07/25 00:22:47.0193 3812 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/07/25 00:22:47.0240 3812 wacmoumonitor (fe75777289278a4941fe6139e82b3bd9) C:\Windows\system32\DRIVERS\wacmoumonitor.sys

2011/07/25 00:22:47.0271 3812 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys

2011/07/25 00:22:47.0271 3812 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/07/25 00:22:47.0333 3812 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys

2011/07/25 00:22:47.0349 3812 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/25 00:22:47.0349 3812 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/25 00:22:47.0380 3812 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/07/25 00:22:47.0411 3812 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/25 00:22:47.0458 3812 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/07/25 00:22:47.0458 3812 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/07/25 00:22:47.0536 3812 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/07/25 00:22:47.0567 3812 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

2011/07/25 00:22:47.0599 3812 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/25 00:22:47.0645 3812 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

2011/07/25 00:22:47.0661 3812 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/25 00:22:47.0708 3812 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/07/25 00:22:47.0708 3812 Boot (0x1200) (0f57ff681da04cd3329de12d33fe2135) \Device\Harddisk0\DR0\Partition0

2011/07/25 00:22:47.0755 3812 Boot (0x1200) (99926ac97a8f0c8fc1aa3ec39ed7f6da) \Device\Harddisk0\DR0\Partition1

2011/07/25 00:22:47.0755 3812 ================================================================================

2011/07/25 00:22:47.0755 3812 Scan finished

2011/07/25 00:22:47.0755 3812 ================================================================================

2011/07/25 00:22:47.0770 3764 Detected object count: 0

2011/07/25 00:22:47.0770 3764 Actual detected object count: 0

Link to post
Share on other sites

hi

the proxy settings should be now removed from your firefox

are you still getting redirected ?

Step 1

mbamicontw5.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Things i would like to see in your reply:

  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

Link to post
Share on other sites

aLib: Sorry it took me so long to respond, but things got hectic for a couple of days. I'm no longer being redirected, but I'm having severe performance issues with my pc since we started this process. Avast! Anti-Virus is still popping up with a blocked website, even when I'm not surfing, once every ten minutes or so.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7312

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

7/28/2011 4:53:50 PM

mbam-log-2011-07-28 (16-53-50).txt

Scan type: Full scan (A:\|C:\|D:\|G:\|)

Objects scanned: 500404

Time elapsed: 50 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-28 11:13:35

# local_time=2011-07-28 06:13:35 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776573 100 94 0 63434438 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=346455

# found=8

# cleaned=8

# scan_time=3827

C:\Users\Kate\Downloads\OLD DOWNLOADS (SORT!!!)\VST & VSTi Plugins\VST\Devine Machine Lucifer 2.1 VST\Devine Machine Lucifer 2.1 (Keygen).exe a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Kate\Downloads\OLD DOWNLOADS (SORT!!!)\VST & VSTi Plugins\VST\OhmForce Ohmicide Pro 1.10 VST\OhmForce Ohmicide Pro 1.10 (Keygen).exe a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Kate\Downloads\OLD DOWNLOADS (SORT!!!)\VST & VSTi Plugins\VSTi\AudioRealism Bass Line VSTi\AudioRealism Bass Line 2.0 VSTi\AudioRealism Bass Line 2.0 (Keygen).exe a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Kate\Downloads\OLD DOWNLOADS (SORT!!!)\VST & VSTi Plugins\VSTi\D16 Drumazon 1.0.3 VSTi\D16 Drumazon 1.0.3 (Keygen).exe a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Kate\Downloads\OLD DOWNLOADS (SORT!!!)\VST & VSTi Plugins\VSTi\QuikQuak GlassViper 1.06 VSTi\QuikQuak GlassViper 1.06 (Keygen).exe a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Kate\Downloads\OLD DOWNLOADS (SORT!!!)\VST & VSTi Plugins\VSTi\Rob Papen Predator 1.1.0 VSTi\Rob Papen Predator 1.1.0 (Keygen).exe a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Kate\Downloads\OLD DOWNLOADS (SORT!!!)\VST & VSTi Plugins\VSTi\U-he Zebra 2.2 VSTi\U-he Zebra 2.2 (Keygen).exe a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07252011_001644\C_Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\cqjbz7mz.default\extensions\{9e15fe74-a6df-4ac9-af10-02aaaca9f6a4}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.