Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects to Various Sites


  • This topic is locked This topic is locked
18 replies to this topic

#1 wing43

wing43

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 23 November 2010 - 06:06 PM

Hello,

My Google search results will occasionally get redirected to places like infosmash.com. There are no other issues but this from what I have seen. I have scanned many times with malwarebytes and AVG 9.0 and I have found nothing. I do not think i have a emulation software and below is my DDS log. I could not run gmer since the options in the sticky are disabled.

All this started happening after I cleaned my computer of Trojans a few weeks back and did not notice the redirects until recently and mistook them for accidental clicks on google ads.



DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Jason at 17:39:47.95 on Tue 11/23/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6142.3924 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\Jason\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Jason\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jason\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [googletalk] C:\Users\Jason\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Google Update] "C:\Users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Pidgin] C:\Program Files (x86)\Pidgin\pidgin.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
StartupFolder: C:\Users\Jason\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/gom/receiver/tc/FMSI.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\
FF - prefs.js: browser.startup.homepage - google.com/ig
FF - component: C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Jason\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Jason\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Jason\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Jason\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2009-11-11 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2009-11-11 35536]
R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-7-16 308136]
R2 cpuz133;cpuz133;C:\Windows\System32\drivers\cpuz133_x64.sys [2010-7-6 20968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-8-24 92008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-10 239616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-24 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]

=============== Created Last 30 ================

2010-11-21 02:04:04 -------- d-----w- C:\PROGRA~3\Nexon
2010-11-21 01:20:09 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
2010-11-21 01:14:38 -------- d-----w- C:\Nexon
2010-11-21 01:13:24 -------- d-----w- C:\PROGRA~3\NexonUS
2010-11-19 03:35:33 -------- d-----w- C:\Users\Jason\467D5E81834948929E81C3674ED8E451.TMP
2010-11-18 02:23:01 -------- d-----w- C:\Program Files (x86)\Cisco Systems
2010-11-18 02:07:54 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2010-11-13 06:31:16 -------- d-sh--w- C:\PROGRA~3\SecuROM
2010-11-12 22:16:15 -------- d-----w- C:\Users\Jason\AppData\Local\Western Digital
2010-11-10 03:11:38 -------- d-----w- C:\229b01183d2a5846837c3d
2010-11-08 02:54:04 15256 ----a-w- C:\Users\Jason\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2010-11-08 01:57:35 -------- d-----w- C:\Users\Jason\AppData\Local\CrashRpt
2010-11-08 01:57:10 -------- d-----w- C:\Users\Jason\AppData\Local\Procaster
2010-11-08 01:57:09 -------- d-----w- C:\Program Files (x86)\Livestream Procaster
2010-10-30 18:22:37 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-10-30 18:22:18 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-10-30 18:01:28 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-10-30 18:01:24 588096 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-10-28 23:49:33 -------- d-----w- C:\Users\Jason\AppData\Roaming\Wireshark
2010-10-28 23:15:07 -------- d-----w- C:\Program Files (x86)\WinPcap
2010-10-28 23:14:49 -------- d-----w- C:\Program Files\Wireshark
2010-10-28 23:02:00 -------- d-----w- C:\Users\Jason\AppData\Roaming\NationRed
2010-10-27 19:57:14 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-27 19:57:14 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-27 19:57:14 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-27 19:57:13 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-27 19:57:13 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-27 19:57:13 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-27 19:57:13 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-27 19:56:31 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

==================== Find3M ====================

2010-11-23 05:33:06 111928 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2010-11-23 05:32:54 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2010-11-23 05:32:54 2373712 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2010-10-14 06:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll
2010-10-14 06:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2010-09-16 18:39:29 40905728 ----a-w- C:\SQL.msi
2010-09-15 04:15:38 214720 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

============= FINISH: 17:40:22.19 ===============

Edited by wing43, 23 November 2010 - 10:13 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:27 AM

Posted 01 December 2010 - 08:53 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 wing43

wing43
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 01 December 2010 - 08:55 PM

Hello m0le. I have been waiting patiently and even participated in a few discussions.

thank you

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:27 AM

Posted 01 December 2010 - 09:02 PM

Perhaps the trojans were removed but something nastier evaded your clean-up...

Please run both TDSSKiller and MBRCheck so we can see if that something was a rootkit

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Then

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 wing43

wing43
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 01 December 2010 - 09:10 PM

TDSSKiller Log
2010/12/01 21:06:05.0714 TDSS rootkit removing tool 2.4.10.0 Nov 28 2010 18:35:56
2010/12/01 21:06:05.0714 ================================================================================
2010/12/01 21:06:05.0714 SystemInfo:
2010/12/01 21:06:05.0714
2010/12/01 21:06:05.0714 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/01 21:06:05.0714 Product type: Workstation
2010/12/01 21:06:05.0714 ComputerName: JASON-PC
2010/12/01 21:06:05.0714 UserName: Jason
2010/12/01 21:06:05.0714 Windows directory: C:\Windows
2010/12/01 21:06:05.0714 System windows directory: C:\Windows
2010/12/01 21:06:05.0714 Running under WOW64
2010/12/01 21:06:05.0714 Processor architecture: Intel x64
2010/12/01 21:06:05.0714 Number of processors: 8
2010/12/01 21:06:05.0714 Page size: 0x1000
2010/12/01 21:06:05.0714 Boot type: Normal boot
2010/12/01 21:06:05.0714 ================================================================================
2010/12/01 21:06:05.0715 Utility is running under WOW64
2010/12/01 21:06:06.0069 Initialize success
2010/12/01 21:06:12.0097 ================================================================================
2010/12/01 21:06:12.0097 Scan started
2010/12/01 21:06:12.0097 Mode: Manual;
2010/12/01 21:06:12.0097 ================================================================================
2010/12/01 21:06:13.0271 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/01 21:06:13.0303 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/01 21:06:13.0356 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/01 21:06:13.0409 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/01 21:06:13.0439 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/01 21:06:13.0460 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/01 21:06:13.0512 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/12/01 21:06:13.0540 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/01 21:06:13.0563 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/01 21:06:13.0575 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/01 21:06:13.0604 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/01 21:06:13.0630 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/01 21:06:13.0641 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/01 21:06:13.0673 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/01 21:06:13.0702 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/01 21:06:13.0726 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/12/01 21:06:13.0789 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/12/01 21:06:13.0811 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/01 21:06:13.0921 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/01 21:06:13.0937 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/01 21:06:14.0010 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\System32\Drivers\avgldx64.sys
2010/12/01 21:06:14.0045 AvgMfx64 (405baabbb48f9176e220020b1a77c47b) C:\Windows\System32\Drivers\avgmfx64.sys
2010/12/01 21:06:14.0087 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/12/01 21:06:14.0149 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/12/01 21:06:14.0178 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/12/01 21:06:14.0215 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/01 21:06:14.0238 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/01 21:06:14.0275 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/01 21:06:14.0293 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/01 21:06:14.0326 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/12/01 21:06:14.0356 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/01 21:06:14.0396 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/01 21:06:14.0411 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/01 21:06:14.0440 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/01 21:06:14.0467 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/01 21:06:14.0500 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/01 21:06:14.0529 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/01 21:06:14.0554 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/12/01 21:06:14.0619 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/01 21:06:14.0641 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/01 21:06:14.0666 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/12/01 21:06:14.0696 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/01 21:06:14.0720 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/01 21:06:14.0807 cpuz133 (95c88d25e211a4d52a82c53e5d93e634) C:\Windows\system32\drivers\cpuz133_x64.sys
2010/12/01 21:06:14.0829 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/01 21:06:14.0873 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2010/12/01 21:06:14.0922 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
2010/12/01 21:06:14.0995 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/12/01 21:06:15.0012 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/12/01 21:06:15.0061 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/12/01 21:06:15.0113 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
2010/12/01 21:06:15.0154 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/12/01 21:06:15.0202 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/01 21:06:15.0291 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/12/01 21:06:15.0397 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/01 21:06:15.0420 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/01 21:06:15.0457 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/12/01 21:06:15.0482 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/12/01 21:06:15.0511 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/01 21:06:15.0546 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/12/01 21:06:15.0567 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/12/01 21:06:15.0592 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/01 21:06:15.0636 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/12/01 21:06:15.0655 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/12/01 21:06:15.0667 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/01 21:06:15.0711 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/01 21:06:15.0742 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/01 21:06:15.0799 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/01 21:06:15.0960 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/12/01 21:06:16.0146 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/01 21:06:16.0174 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/01 21:06:16.0197 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/01 21:06:16.0214 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/01 21:06:16.0256 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/01 21:06:16.0292 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/01 21:06:16.0331 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/12/01 21:06:16.0358 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/01 21:06:16.0395 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/01 21:06:16.0424 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/01 21:06:16.0449 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/01 21:06:16.0526 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys
2010/12/01 21:06:16.0588 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/01 21:06:16.0611 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/01 21:06:16.0634 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/01 21:06:16.0660 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/01 21:06:16.0691 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/12/01 21:06:16.0720 irda (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
2010/12/01 21:06:16.0744 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/12/01 21:06:16.0790 irsir (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
2010/12/01 21:06:16.0812 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/01 21:06:16.0835 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/01 21:06:16.0865 JRAID (6ebe4832b1a7c063fdf87035afc1e3dc) C:\Windows\system32\DRIVERS\jraid.sys
2010/12/01 21:06:16.0885 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/01 21:06:16.0923 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/01 21:06:16.0953 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/01 21:06:16.0985 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/01 21:06:16.0999 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/12/01 21:06:17.0040 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/01 21:06:17.0087 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/01 21:06:17.0106 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/01 21:06:17.0135 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/01 21:06:17.0159 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/01 21:06:17.0180 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/12/01 21:06:17.0223 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/01 21:06:17.0250 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/01 21:06:17.0307 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/12/01 21:06:17.0343 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/01 21:06:17.0364 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/01 21:06:17.0386 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/01 21:06:17.0409 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/12/01 21:06:17.0431 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/01 21:06:17.0442 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/01 21:06:17.0497 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/01 21:06:17.0538 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/01 21:06:17.0570 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/01 21:06:17.0610 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/01 21:06:17.0637 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/01 21:06:17.0684 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/01 21:06:17.0721 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/12/01 21:06:17.0737 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/01 21:06:17.0752 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/01 21:06:17.0793 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/01 21:06:17.0820 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/01 21:06:17.0846 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/12/01 21:06:17.0883 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/12/01 21:06:17.0911 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/01 21:06:17.0970 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/12/01 21:06:17.0994 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/01 21:06:18.0034 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/12/01 21:06:18.0091 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/01 21:06:18.0140 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/12/01 21:06:18.0166 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/01 21:06:18.0207 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/01 21:06:18.0231 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/01 21:06:18.0251 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/01 21:06:18.0268 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/12/01 21:06:18.0286 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/01 21:06:18.0311 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/01 21:06:18.0381 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/01 21:06:18.0430 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
2010/12/01 21:06:18.0449 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/12/01 21:06:18.0500 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/01 21:06:18.0541 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/12/01 21:06:18.0575 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/12/01 21:06:18.0833 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/12/01 21:06:19.0106 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/01 21:06:19.0176 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/12/01 21:06:19.0207 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/12/01 21:06:19.0228 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/12/01 21:06:19.0248 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/01 21:06:19.0275 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/01 21:06:19.0293 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/12/01 21:06:19.0308 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/12/01 21:06:19.0391 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/01 21:06:19.0409 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/12/01 21:06:19.0449 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/01 21:06:19.0490 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/01 21:06:19.0526 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/01 21:06:19.0552 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/01 21:06:19.0574 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/01 21:06:19.0605 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/01 21:06:19.0630 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/01 21:06:19.0648 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/01 21:06:19.0681 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/01 21:06:19.0704 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/01 21:06:19.0720 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/01 21:06:19.0734 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/01 21:06:19.0764 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2010/12/01 21:06:19.0801 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/01 21:06:19.0825 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/01 21:06:19.0847 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/12/01 21:06:19.0874 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/12/01 21:06:19.0960 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
2010/12/01 21:06:20.0119 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
2010/12/01 21:06:20.0144 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/01 21:06:20.0186 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
2010/12/01 21:06:20.0219 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/12/01 21:06:20.0251 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/01 21:06:20.0283 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/01 21:06:20.0305 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/12/01 21:06:20.0341 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/01 21:06:20.0355 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/12/01 21:06:20.0375 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/01 21:06:20.0444 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/01 21:06:20.0473 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/01 21:06:20.0494 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/01 21:06:20.0514 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/01 21:06:20.0540 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/01 21:06:20.0580 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/01 21:06:20.0610 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/12/01 21:06:20.0639 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/12/01 21:06:20.0708 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/01 21:06:20.0766 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/01 21:06:20.0801 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/01 21:06:20.0864 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/01 21:06:20.0914 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/12/01 21:06:20.0936 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2010/12/01 21:06:20.0955 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/01 21:06:21.0037 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/12/01 21:06:21.0103 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/01 21:06:21.0180 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/01 21:06:21.0202 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/12/01 21:06:21.0242 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/12/01 21:06:21.0261 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/01 21:06:21.0278 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/01 21:06:21.0331 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/01 21:06:21.0361 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/01 21:06:21.0388 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/01 21:06:21.0416 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/01 21:06:21.0453 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/01 21:06:21.0475 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/01 21:06:21.0499 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/01 21:06:21.0531 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/01 21:06:21.0559 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/01 21:06:21.0583 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/01 21:06:21.0605 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/01 21:06:21.0628 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/01 21:06:21.0646 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/01 21:06:21.0688 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/01 21:06:21.0711 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/01 21:06:21.0736 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/01 21:06:21.0762 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/01 21:06:21.0773 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/12/01 21:06:21.0804 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/01 21:06:21.0822 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/01 21:06:21.0856 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2010/12/01 21:06:21.0886 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/12/01 21:06:21.0946 vmm (21c96aa588d3993191761a08dbaabb15) C:\Windows\system32\Drivers\vmm.sys
2010/12/01 21:06:21.0958 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/01 21:06:21.0980 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/12/01 21:06:22.0008 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/01 21:06:22.0022 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/01 21:06:22.0176 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
2010/12/01 21:06:22.0199 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2010/12/01 21:06:22.0224 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/01 21:06:22.0250 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/01 21:06:22.0259 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/01 21:06:22.0350 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/12/01 21:06:22.0382 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/01 21:06:22.0425 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/01 21:06:22.0448 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/12/01 21:06:22.0543 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/12/01 21:06:22.0572 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/01 21:06:22.0596 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/01 21:06:22.0621 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/12/01 21:06:22.0646 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/01 21:06:22.0701 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
2010/12/01 21:06:22.0744 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
2010/12/01 21:06:22.0797 ================================================================================
2010/12/01 21:06:22.0797 Scan finished
2010/12/01 21:06:22.0797 ================================================================================
2010/12/01 21:06:27.0971 Deinitialize success



MBR Check
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASRock
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: To Be Filled By O.E.M.
System Product Name: To Be Filled By O.E.M.
Logical Drives Mask: 0x0000002c

Kernel Drivers (total 155):
0x02E66000 \SystemRoot\system32\ntoskrnl.exe
0x02E1D000 \SystemRoot\system32\hal.dll
0x00BC1000 \SystemRoot\system32\kdcom.dll
0x00C41000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C85000 \SystemRoot\system32\PSHED.dll
0x00C99000 \SystemRoot\system32\CLFS.SYS
0x00CF7000 \SystemRoot\system32\CI.dll
0x00E74000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F18000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F27000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F7E000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F87000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F91000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FC4000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FD1000 \SystemRoot\System32\drivers\partmgr.sys
0x00FE6000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E5C000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E63000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00DB7000 \SystemRoot\system32\DRIVERS\jraid.sys
0x00C00000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x00DD7000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DF1000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01042000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0106C000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01077000 \SystemRoot\system32\drivers\fltmgr.sys
0x010C3000 \SystemRoot\system32\drivers\fileinfo.sys
0x01226000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010D7000 \SystemRoot\System32\Drivers\msrpc.sys
0x013C9000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01135000 \SystemRoot\System32\Drivers\cng.sys
0x013E3000 \SystemRoot\System32\drivers\pcw.sys
0x013F4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0143C000 \SystemRoot\system32\drivers\ndis.sys
0x0152E000 \SystemRoot\system32\drivers\NETIO.SYS
0x0158E000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\System32\drivers\tcpip.sys
0x011A8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x015B9000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01884000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x018D0000 \SystemRoot\System32\Drivers\spldr.sys
0x018D8000 \SystemRoot\System32\drivers\rdyboost.sys
0x01912000 \SystemRoot\System32\Drivers\mup.sys
0x01924000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0192D000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01967000 \SystemRoot\system32\DRIVERS\disk.sys
0x0197D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01800000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0182A000 \SystemRoot\System32\Drivers\Null.SYS
0x01833000 \SystemRoot\System32\Drivers\Beep.SYS
0x0183A000 \SystemRoot\System32\drivers\vga.sys
0x01848000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0186D000 \SystemRoot\System32\drivers\watchdog.sys
0x019E3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x019EC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x019F5000 \SystemRoot\system32\drivers\rdprefmp.sys
0x015C9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x015D4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01400000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0141E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CDC000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D21000 \SystemRoot\system32\drivers\afd.sys
0x02DAB000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02DB4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DDA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02C00000 \SystemRoot\system32\DRIVERS\serial.sys
0x02C1D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02C38000 \??\C:\Windows\system32\Drivers\vmm.sys
0x02C86000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03C7C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03CCD000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03CD9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03CE4000 \SystemRoot\System32\drivers\discache.sys
0x03CF3000 \SystemRoot\system32\drivers\csc.sys
0x03D76000 \SystemRoot\System32\Drivers\dfsc.sys
0x03D94000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03DA5000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03DAD000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03C00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03C26000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0FEAD000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x10B3F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04273000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04367000 \SystemRoot\System32\drivers\dxgmms1.sys
0x043AD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04256000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x043BA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x10B41000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x10B7F000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x043DE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x10BBE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04267000 \SystemRoot\system32\DRIVERS\serenum.sys
0x10BCD000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x10BD6000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x10BE6000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0FE00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0FE24000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0FE30000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0FE5F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0FE7A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03C3C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0FE9B000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x03C56000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x043FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0489B000 \SystemRoot\system32\DRIVERS\ks.sys
0x048DE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x048F0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0494A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05E11000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0495F000 \SystemRoot\system32\drivers\portcls.sys
0x0499C000 \SystemRoot\system32\drivers\drmk.sys
0x05FF4000 \SystemRoot\system32\drivers\ksthunk.sys
0x05E00000 \SystemRoot\System32\Drivers\crashdmp.sys
0x049BE000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x049CA000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x049D3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x049E6000 \SystemRoot\System32\drivers\Dxapi.sys
0x04800000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05E0E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0481D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0482B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04844000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0484D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0485A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005B0000 \SystemRoot\System32\TSDDD.dll
0x00680000 \SystemRoot\System32\cdd.dll
0x00960000 \SystemRoot\System32\ATMFD.DLL
0x04868000 \SystemRoot\system32\drivers\luafv.sys
0x02C9A000 \SystemRoot\system32\drivers\WudfPf.sys
0x019AD000 \SystemRoot\system32\DRIVERS\irda.sys
0x03C65000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02CBB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x064EB000 \SystemRoot\system32\drivers\HTTP.sys
0x065B3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x065D1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06400000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0642D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0647B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0649E000 \??\C:\Windows\system32\drivers\cpuz133_x64.sys
0x064A7000 \SystemRoot\system32\drivers\npf.sys
0x06C6B000 \SystemRoot\system32\drivers\peauth.sys
0x06D11000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06D1C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06D49000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06D5B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07266000 \SystemRoot\System32\DRIVERS\srv.sys
0x0736D000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x07378000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x77240000 \Windows\System32\ntdll.dll
0x47CC0000 \Windows\System32\smss.exe
0xFF560000 \Windows\System32\apisetschema.dll
0xFFB00000 \Windows\System32\autochk.exe
0xFF420000 \Windows\System32\wininet.dll

Processes (total 67):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
440 csrss.exe
516 C:\Windows\System32\wininit.exe
540 csrss.exe
548 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
556 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
656 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
664 C:\Windows\System32\winlogon.exe
684 C:\Windows\System32\services.exe
692 C:\Windows\System32\lsass.exe
700 C:\Windows\System32\lsm.exe
1076 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\nvvsvc.exe
1184 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\svchost.exe
1440 C:\Windows\System32\audiodg.exe
1548 C:\Windows\System32\svchost.exe
1652 C:\Windows\System32\nvvsvc.exe
1688 C:\Windows\System32\svchost.exe
1836 C:\Windows\System32\spoolsv.exe
1880 C:\Windows\System32\svchost.exe
1268 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
1604 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
2256 C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
2604 C:\Windows\SysWOW64\PnkBstrA.exe
2628 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2784 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2856 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
2908 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2352 C:\Windows\System32\SearchIndexer.exe
3136 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3252 C:\Windows\System32\svchost.exe
3656 C:\Windows\System32\svchost.exe
3816 C:\Program Files\Windows Media Player\wmpnetwk.exe
3152 C:\Windows\System32\taskhost.exe
1068 C:\Windows\System32\dwm.exe
1860 C:\Windows\explorer.exe
1748 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3528 C:\Program Files (x86)\Skype\Phone\Skype.exe
3572 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
3628 C:\Users\Jason\AppData\Roaming\Google\Google Talk\googletalk.exe
1584 C:\Program Files (x86)\Pidgin\pidgin.exe
1052 C:\Program Files\Windows Sidebar\sidebar.exe
1792 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
4532 C:\Windows\System32\svchost.exe
1084 C:\Program Files (x86)\Internet Explorer\ielowutil.exe
5112 C:\Program Files (x86)\Winamp\winamp.exe
4840 C:\Program Files (x86)\Last.fm\LastFM.exe
5936 C:\Windows\System32\svchost.exe
4892 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5460 C:\Program Files (x86)\Steam\Steam.exe
5456 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
5600 C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
5628 C:\Windows\splwow64.exe
5868 C:\Users\Jason\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
6080 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4512 C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
6108 C:\Windows\explorer.exe
4416 C:\Windows\System32\SearchProtocolHost.exe
5480 C:\Windows\System32\SearchFilterHost.exe
4952 C:\Users\Jason\Desktop\MBRCheck.exe
5300 C:\Windows\System32\conhost.exe
1040 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD10EADS-00L5B1, Rev: 01.01A01
PhysicalDrive1 Model Number: WDMy Book 1110, Rev: 2003

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
930 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:27 AM

Posted 01 December 2010 - 09:14 PM

Nope, must be something hacked and left behind.

Please run OTL, a scanner at this stage, and post the log.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#7 wing43

wing43
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 01 December 2010 - 09:25 PM

did not generate an extra.txt file

OTL logfile created on: 12/1/2010 9:22:40 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Jason\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 60.00% Memory free
12.00 Gb Paging File | 9.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 663.17 Gb Free Space | 71.20% Space Free | Partition Type: NTFS
Drive F: | 930.86 Gb Total Space | 852.62 Gb Free Space | 91.60% Space Free | Partition Type: NTFS

Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jason\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Last.fm\LastFM.exe (Last.fm)
PRC - C:\Users\Jason\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
PRC - C:\Users\Jason\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)


========== Modules (SafeList) ==========

MOD - C:\Users\Jason\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (vmm) -- C:\Windows\SysNative\drivers\VMM.sys (Microsoft Corporation)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (cpuz133) -- C:\Windows\SysNative\drivers\cpuz133_x64.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 33 34 86 6A 8F CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.15
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.5.1
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.2.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {7D2DD978-E5BA-4FAF-AA3A-0709D442D6DD}:1.9.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.5
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12
FF - prefs.js..extensions.enabledItems: {29852C08-1E91-4889-A6BF-C77F91D6A8F3}:1.8.62
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/27 22:46:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/27 22:46:13 | 000,000,000 | ---D | M]

[2010/01/24 18:21:18 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2010/01/24 18:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/10 22:36:25 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/12/01 18:58:19 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions
[2010/07/04 03:48:05 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/10/11 14:53:48 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/07/06 04:32:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
[2010/10/17 13:54:50 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/11/19 17:30:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/02/05 21:10:51 | 000,000,000 | ---D | M] (4chan) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2010/10/21 16:01:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/11/28 22:18:15 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2010/11/10 22:07:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/28 22:18:15 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010/05/29 22:13:20 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/10/19 15:13:31 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/11/19 17:30:17 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/10/11 14:53:54 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\firebug@software.joehewitt.com
[2010/01/24 18:21:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/27 22:46:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/02/05 21:10:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010/10/27 22:46:11 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/10/27 22:46:11 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2010/01/20 18:56:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/11 18:37:23 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/10/27 22:46:12 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
[2010/08/13 06:03:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010/01/22 20:18:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/01/22 20:18:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/01/22 20:18:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/01/22 20:18:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/01/22 20:18:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/01/22 20:18:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/01/22 20:18:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/09/09 01:52:56 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/09/09 01:52:56 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/09/09 01:52:56 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/09/09 01:52:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/09/09 01:52:56 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/09/09 01:52:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/09/09 01:52:56 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKCU..\Run: [Google Update] C:\Users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\Jason\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Pidgin] C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/gom/receiver/tc/FMSI.cab (Futuremark SystemInfo)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.242.0.12 71.250.0.12
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{37dfd100-ee9e-11df-87d2-00252203de46}\Shell - "" = AutoRun
O33 - MountPoints2\{37dfd100-ee9e-11df-87d2-00252203de46}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/01 21:15:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2010/12/01 21:05:14 | 001,344,088 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jason\Desktop\TDSSKiller.exe
[2010/12/01 20:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/12/01 20:28:55 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/12/01 01:59:20 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Sc2Bof_0_3
[2010/11/27 20:15:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/11/23 17:43:29 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\gmer
[2010/11/23 17:41:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\fixing stuff
[2010/11/22 20:42:50 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Telltale Games
[2010/11/22 20:42:22 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010/11/22 20:42:22 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2010/11/22 20:42:22 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010/11/22 20:42:22 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010/11/22 20:42:21 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010/11/22 20:42:21 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2010/11/22 20:42:20 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010/11/22 20:42:20 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2010/11/22 20:42:20 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2010/11/22 20:42:20 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2010/11/22 20:42:20 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2010/11/22 20:42:20 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2010/11/22 20:42:19 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2010/11/22 20:42:19 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2010/11/22 20:42:19 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010/11/22 20:42:19 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010/11/22 20:42:19 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2010/11/22 20:42:19 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2010/11/22 20:42:19 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/11/22 20:42:19 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010/11/22 20:42:18 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010/11/22 20:42:18 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010/11/22 20:42:18 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/11/22 20:42:18 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010/11/20 21:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2010/11/20 20:28:02 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Vindictus
[2010/11/20 20:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1
[2010/11/20 20:14:38 | 000,000,000 | ---D | C] -- C:\Nexon
[2010/11/20 20:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2010/11/18 22:35:33 | 000,000,000 | ---D | C] -- C:\Users\Jason\467D5E81834948929E81C3674ED8E451.TMP
[2010/11/17 21:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2010/11/17 21:12:12 | 000,000,000 | --SD | C] -- C:\Users\Jason\Documents\My Shapes
[2010/11/17 21:09:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/11/17 21:07:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/11/13 01:31:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010/11/12 17:16:15 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Western Digital
[2010/11/09 22:11:38 | 000,000,000 | ---D | C] -- C:\229b01183d2a5846837c3d
[2010/11/07 20:57:35 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\CrashRpt
[2010/11/07 20:57:10 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Procaster
[2010/11/07 20:57:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Livestream Procaster
[1 C:\Users\Jason\*.tmp files -> C:\Users\Jason\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/01 21:15:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2010/12/01 20:59:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1726647451-3239834006-39511289-1000UA.job
[2010/12/01 20:36:33 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/12/01 18:06:45 | 000,978,442 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/01 18:06:45 | 000,802,820 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/01 18:06:45 | 000,175,530 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/01 17:18:08 | 000,093,041 | ---- | M] () -- C:\Users\Jason\Desktop\img_0202.jpg
[2010/12/01 16:54:56 | 000,150,657 | ---- | M] () -- C:\Users\Jason\Desktop\1291232007939.jpg
[2010/12/01 16:54:45 | 000,094,435 | ---- | M] () -- C:\Users\Jason\Desktop\1291232071650.jpg
[2010/12/01 16:05:33 | 000,013,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/01 16:05:33 | 000,013,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/01 16:04:13 | 068,370,192 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/12/01 15:58:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/01 15:57:59 | 535,363,583 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/30 21:59:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1726647451-3239834006-39511289-1000Core.job
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/29 01:29:32 | 001,229,411 | ---- | M] () -- C:\Users\Jason\Desktop\tdsskiller.zip
[2010/11/28 23:36:44 | 092,229,353 | ---- | M] () -- C:\Users\Jason\Desktop\SotG - 11.23.10.mp3
[2010/11/28 21:34:34 | 000,063,628 | ---- | M] () -- C:\Users\Jason\Desktop\funnay.png
[2010/11/28 18:38:08 | 001,344,088 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jason\Desktop\TDSSKiller.exe
[2010/11/28 06:01:54 | 000,011,558 | ---- | M] () -- C:\Users\Jason\Desktop\Christianity.docx
[2010/11/28 05:24:53 | 000,037,888 | ---- | M] () -- C:\Users\Jason\Desktop\tree.jpg
[2010/11/28 05:13:54 | 000,015,249 | ---- | M] () -- C:\Users\Jason\Desktop\1290935829677.jpg
[2010/11/27 04:37:35 | 000,065,315 | ---- | M] () -- C:\Users\Jason\Desktop\1290832405098.jpg
[2010/11/27 02:57:57 | 000,009,024 | ---- | M] () -- C:\Users\Jason\Desktop\delivery.xml
[2010/11/27 02:55:28 | 000,007,462 | ---- | M] () -- C:\Users\Jason\Desktop\source.xml
[2010/11/27 00:24:03 | 000,133,284 | ---- | M] () -- C:\Users\Jason\Desktop\site.jpg
[2010/11/24 22:50:19 | 000,008,438 | ---- | M] () -- C:\Users\Jason\Desktop\Book1.xlsx
[2010/11/24 22:44:41 | 000,196,608 | ---- | M] () -- C:\Users\Jason\Desktop\ComicBook DB.mdb
[2010/11/23 17:20:49 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2010/11/23 00:33:06 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/11/23 00:32:54 | 002,373,712 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/11/23 00:32:54 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/11/22 20:42:15 | 000,022,172 | ---- | M] () -- C:\Users\Jason\Documents\cc_20101122_204211.reg
[2010/11/19 00:36:52 | 002,729,574 | ---- | M] () -- C:\Users\Jason\Desktop\1290094892904.gif
[2010/11/18 22:34:13 | 005,000,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/17 23:06:32 | 001,352,144 | ---- | M] () -- C:\Users\Jason\Desktop\657E774Ed01.pdf
[2010/11/17 21:34:05 | 000,287,865 | R--- | M] () -- C:\Users\Jason\Desktop\GetTRDoc.pdf
[2010/11/17 21:24:24 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2010/11/17 01:07:35 | 000,171,962 | ---- | M] () -- C:\Users\Jason\Desktop\m48EM.png
[2010/11/15 18:26:49 | 000,000,113 | -H-- | M] () -- C:\Users\Jason\Desktop\.~lock.hw6.docx#
[2010/11/15 18:23:06 | 000,026,961 | ---- | M] () -- C:\Users\Jason\Desktop\hw6.docx
[2010/11/14 05:32:20 | 000,010,937 | ---- | M] () -- C:\Users\Jason\Documents\Digital Divide.docx
[2010/11/13 01:04:38 | 000,000,162 | -H-- | M] () -- C:\Users\Jason\Desktop\~$k5_Q_A.doc
[2010/11/12 18:11:10 | 001,287,168 | ---- | M] () -- C:\Users\Jason\Desktop\Fall10Chapter08.ppt
[2010/11/12 17:54:25 | 001,010,688 | R--- | M] () -- C:\Users\Jason\Desktop\Fall10Chapter05.ppt
[2010/11/11 22:23:01 | 000,020,843 | ---- | M] () -- C:\Users\Jason\Desktop\Jason Mui Project6.docx
[2010/11/11 13:49:38 | 000,067,988 | ---- | M] () -- C:\Users\Jason\Desktop\IST451_Exercise2.docx
[2010/11/10 09:58:56 | 000,630,272 | ---- | M] () -- C:\Users\Jason\Desktop\dds.scr
[2010/11/09 00:08:59 | 000,010,727 | ---- | M] () -- C:\Users\Jason\Documents\Dear Polk10.docx
[1 C:\Users\Jason\*.tmp files -> C:\Users\Jason\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/01 21:06:49 | 000,080,384 | ---- | C] () -- C:\Users\Jason\Desktop\MBRCheck.exe
[2010/12/01 21:04:48 | 001,229,411 | ---- | C] () -- C:\Users\Jason\Desktop\tdsskiller.zip
[2010/12/01 20:36:33 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/12/01 17:18:08 | 000,093,041 | ---- | C] () -- C:\Users\Jason\Desktop\img_0202.jpg
[2010/12/01 16:54:56 | 000,150,657 | ---- | C] () -- C:\Users\Jason\Desktop\1291232007939.jpg
[2010/12/01 16:54:44 | 000,094,435 | ---- | C] () -- C:\Users\Jason\Desktop\1291232071650.jpg
[2010/11/28 23:20:04 | 092,229,353 | ---- | C] () -- C:\Users\Jason\Desktop\SotG - 11.23.10.mp3
[2010/11/28 21:34:34 | 000,063,628 | ---- | C] () -- C:\Users\Jason\Desktop\funnay.png
[2010/11/28 06:01:53 | 000,011,558 | ---- | C] () -- C:\Users\Jason\Desktop\Christianity.docx
[2010/11/28 05:24:53 | 000,037,888 | ---- | C] () -- C:\Users\Jason\Desktop\tree.jpg
[2010/11/28 05:13:54 | 000,015,249 | ---- | C] () -- C:\Users\Jason\Desktop\1290935829677.jpg
[2010/11/27 04:37:35 | 000,065,315 | ---- | C] () -- C:\Users\Jason\Desktop\1290832405098.jpg
[2010/11/27 02:57:56 | 000,009,024 | ---- | C] () -- C:\Users\Jason\Desktop\delivery.xml
[2010/11/27 02:55:25 | 000,007,462 | ---- | C] () -- C:\Users\Jason\Desktop\source.xml
[2010/11/27 00:24:03 | 000,133,284 | ---- | C] () -- C:\Users\Jason\Desktop\site.jpg
[2010/11/24 22:50:19 | 000,008,438 | ---- | C] () -- C:\Users\Jason\Desktop\Book1.xlsx
[2010/11/24 21:18:14 | 000,196,608 | ---- | C] () -- C:\Users\Jason\Desktop\ComicBook DB.mdb
[2010/11/23 17:39:13 | 000,630,272 | ---- | C] () -- C:\Users\Jason\Desktop\dds.scr
[2010/11/23 17:18:05 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2010/11/22 20:42:13 | 000,022,172 | ---- | C] () -- C:\Users\Jason\Documents\cc_20101122_204211.reg
[2010/11/19 00:36:51 | 002,729,574 | ---- | C] () -- C:\Users\Jason\Desktop\1290094892904.gif
[2010/11/17 23:08:40 | 001,352,144 | ---- | C] () -- C:\Users\Jason\Desktop\657E774Ed01.pdf
[2010/11/17 21:34:05 | 000,287,865 | R--- | C] () -- C:\Users\Jason\Desktop\GetTRDoc.pdf
[2010/11/17 21:22:56 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2010/11/17 01:07:34 | 000,171,962 | ---- | C] () -- C:\Users\Jason\Desktop\m48EM.png
[2010/11/15 18:26:49 | 000,000,113 | -H-- | C] () -- C:\Users\Jason\Desktop\.~lock.hw6.docx#
[2010/11/15 16:56:28 | 000,026,961 | ---- | C] () -- C:\Users\Jason\Desktop\hw6.docx
[2010/11/14 03:47:47 | 000,010,937 | ---- | C] () -- C:\Users\Jason\Documents\Digital Divide.docx
[2010/11/13 01:06:36 | 000,067,988 | ---- | C] () -- C:\Users\Jason\Desktop\IST451_Exercise2.docx
[2010/11/13 01:04:38 | 000,000,162 | -H-- | C] () -- C:\Users\Jason\Desktop\~$k5_Q_A.doc
[2010/11/12 18:11:03 | 001,287,168 | ---- | C] () -- C:\Users\Jason\Desktop\Fall10Chapter08.ppt
[2010/11/12 17:54:25 | 001,010,688 | R--- | C] () -- C:\Users\Jason\Desktop\Fall10Chapter05.ppt
[2010/11/11 22:23:00 | 000,020,843 | ---- | C] () -- C:\Users\Jason\Desktop\Jason Mui Project6.docx
[2010/11/09 00:08:59 | 000,010,727 | ---- | C] () -- C:\Users\Jason\Documents\Dear Polk10.docx
[2010/10/19 23:23:10 | 000,000,120 | ---- | C] () -- C:\Users\Jason\AppData\Local\Rdoceqayo.dat
[2010/10/19 23:23:10 | 000,000,000 | ---- | C] () -- C:\Users\Jason\AppData\Local\Fmeqese.bin
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/17 18:48:29 | 000,000,093 | ---- | C] () -- C:\Users\Jason\AppData\Local\fusioncache.dat
[2010/08/29 20:15:48 | 000,974,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/12/10 23:47:01 | 000,003,584 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/10 19:51:21 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/11/10 10:08:43 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/11/10 10:08:43 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/11/10 09:50:28 | 000,007,598 | ---- | C] () -- C:\Users\Jason\AppData\Local\resmon.resmoncfg
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

========== LOP Check ==========

[2010/11/11 16:53:25 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\.minecraft
[2010/12/01 20:57:32 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\.purple
[2010/07/02 20:00:57 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Beat Hazard
[2010/02/20 17:32:57 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Bioshock
[2010/08/31 21:29:29 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\calibre
[2010/08/16 23:43:02 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Chan Thread Watch
[2010/02/16 19:32:48 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Denim
[2010/04/06 05:36:17 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Dropbox
[2010/03/14 23:42:25 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\FileZilla
[2009/11/11 18:37:45 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Foxit
[2010/04/29 19:12:38 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Foxit Software
[2010/09/07 18:48:45 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\gtk-2.0
[2010/05/15 03:33:49 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\LolClient
[2010/09/05 02:00:14 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mount&Blade
[2010/09/18 00:13:28 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mount&Blade Warband
[2009/12/07 02:14:28 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mp3tag
[2010/11/28 18:10:35 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mumble
[2010/05/07 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\My Battle for Middle-earth Files
[2010/10/28 18:09:18 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\NationRed
[2010/01/22 20:06:37 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Nokia
[2009/11/10 19:40:26 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Notepad++
[2010/09/21 19:57:18 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\NUnit
[2010/08/27 17:22:16 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Octoshape
[2010/01/22 20:06:37 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\PC Suite
[2010/10/24 12:27:39 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\RayV
[2009/12/19 20:07:52 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\runic games
[2010/06/23 23:34:32 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\SystemRequirementsLab
[2009/11/10 22:36:23 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\TomTom
[2010/06/25 03:10:19 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Tropico 3
[2010/10/04 20:56:00 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\uTorrent
[2010/10/28 18:49:33 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Wireshark
[2009/12/14 17:23:41 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\X-Chat 2
[2010/11/21 01:03:42 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/11/20 21:07:38 | 000,000,000 | ---D | M](C:\Users\Jason\Documents\?? ???) -- C:\Users\Jason\Documents\넥슨 플러그
[2010/11/20 21:07:38 | 000,000,000 | ---D | C](C:\Users\Jason\Documents\?? ???) -- C:\Users\Jason\Documents\넥슨 플러그

< End of report >

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:27 AM

Posted 02 December 2010 - 04:46 PM

Please open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2010/10/19 23:23:10 | 000,000,120 | ---- | C] () -- C:\Users\Jason\AppData\Local\Rdoceqayo.dat
[2010/10/19 23:23:10 | 000,000,000 | ---- | C] () -- C:\Users\Jason\AppData\Local\Fmeqese.bin
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Next please run GooredFix

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista/Windows 7).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Posted Image
m0le is a proud member of UNITE

#9 wing43

wing43
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 02 December 2010 - 04:55 PM

had to run gooredfix twice. it crashed

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
C:\Users\Jason\AppData\Local\Rdoceqayo.dat moved successfully.
C:\Users\Jason\AppData\Local\Fmeqese.bin moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.17.3 log created on 12022010_165038




GooredFix by jpshortstuff (03.07.10.1)
Log created at 16:53 on 02/12/2010 (Jason)
Firefox version 3.6.12 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [23:21 24/01/2010]
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [23:56 20/01/2010]

C:\Users\Jason\Application Data\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\
firebug@software.joehewitt.com [19:53 11/10/2010]
{02450954-cdd9-410f-b1da-db804e18c671} [08:48 04/07/2010]
{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [19:53 11/10/2010]
{29852C08-1E91-4889-A6BF-C77F91D6A8F3} [09:32 06/07/2010]
{6AC85730-7D0F-4de0-B3FA-21142DD85326} [18:54 17/10/2010]
{73a6fe31-595d-460b-a920-fcc0f8843232} [22:30 19/11/2010]
{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [23:23 24/01/2010]
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [21:01 21/10/2010]
{a95d8332-e4b4-6e7f-98ac-20b733364387} [03:18 29/11/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [03:07 11/11/2010]
{dd3d7613-0246-469d-bc65-2a3cc1668adc} [03:18 29/11/2010]
{DDC359D1-844A-42a7-9AA1-88A850A938A8} [03:13 30/05/2010]
{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [20:13 19/10/2010]
{EF522540-89F5-46b9-B6FE-1829E2B572C6} [22:30 19/11/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(Key not found)

-=E.O.F=-

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:27 AM

Posted 02 December 2010 - 06:00 PM

Please run MBAM and SAS

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Now, SAS

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Finally, run a new OTL scan and post the log. Let me know if you are still getting redirects too.
Posted Image
m0le is a proud member of UNITE

#11 wing43

wing43
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 03 December 2010 - 12:02 AM

i am still being redirected


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5235

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/2/2010 7:52:12 PM
mbam-log-2010-12-02 (19-52-12).txt

Scan type: Full scan (C:\|)
Objects scanned: 630200
Time elapsed: 1 hour(s), 42 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/02/2010 at 10:45 PM

Application Version : 4.46.1000

Core Rules Database Version : 5945
Trace Rules Database Version: 3757

Scan type : Complete Scan
Total Scan Time : 02:46:45

Memory items scanned : 617
Memory threats detected : 0
Registry items scanned : 14675
Registry threats detected : 0
File items scanned : 433098
File threats detected : 5

Adware.Tracking Cookie
C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Cookies\Low\jason@ad.wsod[2].txt
C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Cookies\Low\jason@atdmt[1].txt
C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Cookies\Low\jason@doubleclick[1].txt

Trojan.Agent/Gen-MSFake
C:\USERS\JASON\DOCUMENTS\VISUAL STUDIO 2010\PROJECTS\TEST\TEST\TEST\BIN\X86\DEBUG\TEST.EXE
C:\USERS\JASON\DOCUMENTS\VISUAL STUDIO 2010\PROJECTS\TEST\TEST\TEST\OBJ\X86\DEBUG\TEST.EXE



OTL logfile created on: 12/2/2010 11:55:49 PM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Jason\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 69.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 663.84 Gb Free Space | 71.27% Space Free | Partition Type: NTFS

Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jason\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
PRC - C:\Users\Jason\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)


========== Modules (SafeList) ==========

MOD - C:\Users\Jason\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (vmm) -- C:\Windows\SysNative\drivers\VMM.sys (Microsoft Corporation)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (cpuz133) -- C:\Windows\SysNative\drivers\cpuz133_x64.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 33 34 86 6A 8F CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.15
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.5.1
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.2.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {7D2DD978-E5BA-4FAF-AA3A-0709D442D6DD}:1.9.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.5
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12
FF - prefs.js..extensions.enabledItems: {29852C08-1E91-4889-A6BF-C77F91D6A8F3}:1.8.62
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/27 22:46:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/27 22:46:13 | 000,000,000 | ---D | M]

[2010/01/24 18:21:18 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2010/01/24 18:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/10 22:36:25 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/12/01 18:58:19 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions
[2010/07/04 03:48:05 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/10/11 14:53:48 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/07/06 04:32:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
[2010/10/17 13:54:50 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/11/19 17:30:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/02/05 21:10:51 | 000,000,000 | ---D | M] (4chan) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2010/10/21 16:01:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/11/28 22:18:15 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2010/11/10 22:07:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/28 22:18:15 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010/05/29 22:13:20 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/10/19 15:13:31 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/11/19 17:30:17 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/10/11 14:53:54 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\jv64ofge.default\extensions\firebug@software.joehewitt.com
[2010/01/24 18:21:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/27 22:46:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/02/05 21:10:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010/10/27 22:46:11 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/10/27 22:46:11 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2010/01/20 18:56:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/11 18:37:23 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/10/27 22:46:12 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
[2010/08/13 06:03:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010/01/22 20:18:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/01/22 20:18:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/01/22 20:18:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/01/22 20:18:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/01/22 20:18:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/01/22 20:18:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/01/22 20:18:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/09/09 01:52:56 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/09/09 01:52:56 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/09/09 01:52:56 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/09/09 01:52:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/09/09 01:52:56 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/09/09 01:52:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/09/09 01:52:56 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKCU..\Run: [Google Update] C:\Users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\Jason\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Pidgin] C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/gom/receiver/tc/FMSI.cab (Futuremark SystemInfo)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.242.0.12 71.250.0.12
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{37dfd100-ee9e-11df-87d2-00252203de46}\Shell - "" = AutoRun
O33 - MountPoints2\{37dfd100-ee9e-11df-87d2-00252203de46}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/02 19:55:04 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\SUPERAntiSpyware.com
[2010/12/02 19:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/02 19:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/12/02 19:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/02 16:53:32 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\GooredFix Backups
[2010/12/02 16:51:37 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Jason\Desktop\GooredFix.exe
[2010/12/02 16:50:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/01 21:15:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2010/12/01 21:05:14 | 001,344,088 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jason\Desktop\TDSSKiller.exe
[2010/12/01 20:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/12/01 20:28:55 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/12/01 01:59:20 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Sc2Bof_0_3
[2010/11/27 20:15:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/11/23 17:43:29 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\gmer
[2010/11/23 17:41:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\fixing stuff
[2010/11/22 20:42:50 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Telltale Games
[2010/11/22 20:42:22 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010/11/22 20:42:22 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2010/11/22 20:42:22 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010/11/22 20:42:22 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010/11/22 20:42:21 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010/11/22 20:42:21 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2010/11/22 20:42:20 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010/11/22 20:42:20 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2010/11/22 20:42:20 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2010/11/22 20:42:20 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2010/11/22 20:42:20 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2010/11/22 20:42:20 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2010/11/22 20:42:19 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2010/11/22 20:42:19 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2010/11/22 20:42:19 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010/11/22 20:42:19 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010/11/22 20:42:19 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2010/11/22 20:42:19 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2010/11/22 20:42:19 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/11/22 20:42:19 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010/11/22 20:42:18 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010/11/22 20:42:18 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010/11/22 20:42:18 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/11/22 20:42:18 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010/11/20 21:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2010/11/20 20:28:02 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Vindictus
[2010/11/20 20:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1
[2010/11/20 20:14:38 | 000,000,000 | ---D | C] -- C:\Nexon
[2010/11/20 20:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2010/11/18 22:35:33 | 000,000,000 | ---D | C] -- C:\Users\Jason\467D5E81834948929E81C3674ED8E451.TMP
[2010/11/17 21:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2010/11/17 21:12:12 | 000,000,000 | --SD | C] -- C:\Users\Jason\Documents\My Shapes
[2010/11/17 21:09:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/11/17 21:07:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/11/13 01:31:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010/11/12 17:16:15 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Western Digital
[2010/11/09 22:11:38 | 000,000,000 | ---D | C] -- C:\229b01183d2a5846837c3d
[2010/11/07 20:57:35 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\CrashRpt
[2010/11/07 20:57:10 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Procaster
[2010/11/07 20:57:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Livestream Procaster
[1 C:\Users\Jason\*.tmp files -> C:\Users\Jason\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/02 23:51:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/02 23:51:53 | 535,363,583 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/02 22:59:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1726647451-3239834006-39511289-1000UA.job
[2010/12/02 21:59:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1726647451-3239834006-39511289-1000Core.job
[2010/12/02 19:54:58 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/02 16:51:37 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Jason\Desktop\GooredFix.exe
[2010/12/02 15:56:19 | 000,013,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/02 15:56:19 | 000,013,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/02 15:54:28 | 068,414,509 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/12/02 15:53:17 | 000,978,442 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/02 15:53:17 | 000,802,820 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/02 15:53:17 | 000,175,530 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/02 02:18:30 | 000,973,855 | ---- | M] () -- C:\Users\Jason\Desktop\1291272830064.png
[2010/12/02 02:17:24 | 000,765,869 | ---- | M] () -- C:\Users\Jason\Desktop\1291272341760.jpg
[2010/12/02 02:16:26 | 000,128,772 | ---- | M] () -- C:\Users\Jason\Desktop\1291271774066.png
[2010/12/02 02:14:45 | 000,265,899 | ---- | M] () -- C:\Users\Jason\Desktop\1291263136849.jpg
[2010/12/02 02:14:14 | 000,352,874 | ---- | M] () -- C:\Users\Jason\Desktop\1291262305503.jpg
[2010/12/02 02:13:29 | 000,245,831 | ---- | M] () -- C:\Users\Jason\Desktop\1291261900086.png
[2010/12/02 02:12:40 | 000,189,460 | ---- | M] () -- C:\Users\Jason\Desktop\1291255787665.jpg
[2010/12/02 02:12:04 | 000,059,186 | ---- | M] () -- C:\Users\Jason\Desktop\1291251680903.png
[2010/12/02 02:09:58 | 000,472,388 | ---- | M] () -- C:\Users\Jason\Desktop\1291251087414.png
[2010/12/01 21:15:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2010/12/01 20:36:33 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/12/01 17:18:08 | 000,093,041 | ---- | M] () -- C:\Users\Jason\Desktop\img_0202.jpg
[2010/12/01 16:54:56 | 000,150,657 | ---- | M] () -- C:\Users\Jason\Desktop\1291232007939.jpg
[2010/12/01 16:54:45 | 000,094,435 | ---- | M] () -- C:\Users\Jason\Desktop\1291232071650.jpg
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/29 01:29:32 | 001,229,411 | ---- | M] () -- C:\Users\Jason\Desktop\tdsskiller.zip
[2010/11/28 23:36:44 | 092,229,353 | ---- | M] () -- C:\Users\Jason\Desktop\SotG - 11.23.10.mp3
[2010/11/28 21:34:34 | 000,063,628 | ---- | M] () -- C:\Users\Jason\Desktop\funnay.png
[2010/11/28 18:38:08 | 001,344,088 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jason\Desktop\TDSSKiller.exe
[2010/11/28 06:01:54 | 000,011,558 | ---- | M] () -- C:\Users\Jason\Desktop\Christianity.docx
[2010/11/28 05:24:53 | 000,037,888 | ---- | M] () -- C:\Users\Jason\Desktop\tree.jpg
[2010/11/28 05:13:54 | 000,015,249 | ---- | M] () -- C:\Users\Jason\Desktop\1290935829677.jpg
[2010/11/27 04:37:35 | 000,065,315 | ---- | M] () -- C:\Users\Jason\Desktop\1290832405098.jpg
[2010/11/27 02:57:57 | 000,009,024 | ---- | M] () -- C:\Users\Jason\Desktop\delivery.xml
[2010/11/27 02:55:28 | 000,007,462 | ---- | M] () -- C:\Users\Jason\Desktop\source.xml
[2010/11/27 00:24:03 | 000,133,284 | ---- | M] () -- C:\Users\Jason\Desktop\site.jpg
[2010/11/24 22:50:19 | 000,008,438 | ---- | M] () -- C:\Users\Jason\Desktop\Book1.xlsx
[2010/11/24 22:44:41 | 000,196,608 | ---- | M] () -- C:\Users\Jason\Desktop\ComicBook DB.mdb
[2010/11/23 17:20:49 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2010/11/23 00:33:06 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/11/23 00:32:54 | 002,373,712 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/11/23 00:32:54 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/11/22 20:42:15 | 000,022,172 | ---- | M] () -- C:\Users\Jason\Documents\cc_20101122_204211.reg
[2010/11/19 00:36:52 | 002,729,574 | ---- | M] () -- C:\Users\Jason\Desktop\1290094892904.gif
[2010/11/18 22:34:13 | 005,000,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/17 23:06:32 | 001,352,144 | ---- | M] () -- C:\Users\Jason\Desktop\657E774Ed01.pdf
[2010/11/17 21:34:05 | 000,287,865 | R--- | M] () -- C:\Users\Jason\Desktop\GetTRDoc.pdf
[2010/11/17 21:24:24 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2010/11/17 01:07:35 | 000,171,962 | ---- | M] () -- C:\Users\Jason\Desktop\m48EM.png
[2010/11/15 18:26:49 | 000,000,113 | -H-- | M] () -- C:\Users\Jason\Desktop\.~lock.hw6.docx#
[2010/11/15 18:23:06 | 000,026,961 | ---- | M] () -- C:\Users\Jason\Desktop\hw6.docx
[2010/11/14 05:32:20 | 000,010,937 | ---- | M] () -- C:\Users\Jason\Documents\Digital Divide.docx
[2010/11/13 01:04:38 | 000,000,162 | -H-- | M] () -- C:\Users\Jason\Desktop\~$k5_Q_A.doc
[2010/11/12 18:11:10 | 001,287,168 | ---- | M] () -- C:\Users\Jason\Desktop\Fall10Chapter08.ppt
[2010/11/12 17:54:25 | 001,010,688 | R--- | M] () -- C:\Users\Jason\Desktop\Fall10Chapter05.ppt
[2010/11/11 22:23:01 | 000,020,843 | ---- | M] () -- C:\Users\Jason\Desktop\Jason Mui Project6.docx
[2010/11/11 13:49:38 | 000,067,988 | ---- | M] () -- C:\Users\Jason\Desktop\IST451_Exercise2.docx
[2010/11/10 09:58:56 | 000,630,272 | ---- | M] () -- C:\Users\Jason\Desktop\dds.scr
[2010/11/09 00:08:59 | 000,010,727 | ---- | M] () -- C:\Users\Jason\Documents\Dear Polk10.docx
[1 C:\Users\Jason\*.tmp files -> C:\Users\Jason\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/02 19:54:58 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/02 02:18:29 | 000,973,855 | ---- | C] () -- C:\Users\Jason\Desktop\1291272830064.png
[2010/12/02 02:17:23 | 000,765,869 | ---- | C] () -- C:\Users\Jason\Desktop\1291272341760.jpg
[2010/12/02 02:16:26 | 000,128,772 | ---- | C] () -- C:\Users\Jason\Desktop\1291271774066.png
[2010/12/02 02:14:45 | 000,265,899 | ---- | C] () -- C:\Users\Jason\Desktop\1291263136849.jpg
[2010/12/02 02:14:14 | 000,352,874 | ---- | C] () -- C:\Users\Jason\Desktop\1291262305503.jpg
[2010/12/02 02:13:29 | 000,245,831 | ---- | C] () -- C:\Users\Jason\Desktop\1291261900086.png
[2010/12/02 02:12:40 | 000,189,460 | ---- | C] () -- C:\Users\Jason\Desktop\1291255787665.jpg
[2010/12/02 02:12:04 | 000,059,186 | ---- | C] () -- C:\Users\Jason\Desktop\1291251680903.png
[2010/12/02 02:09:58 | 000,472,388 | ---- | C] () -- C:\Users\Jason\Desktop\1291251087414.png
[2010/12/01 21:06:49 | 000,080,384 | ---- | C] () -- C:\Users\Jason\Desktop\MBRCheck.exe
[2010/12/01 21:04:48 | 001,229,411 | ---- | C] () -- C:\Users\Jason\Desktop\tdsskiller.zip
[2010/12/01 20:36:33 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/12/01 17:18:08 | 000,093,041 | ---- | C] () -- C:\Users\Jason\Desktop\img_0202.jpg
[2010/12/01 16:54:56 | 000,150,657 | ---- | C] () -- C:\Users\Jason\Desktop\1291232007939.jpg
[2010/12/01 16:54:44 | 000,094,435 | ---- | C] () -- C:\Users\Jason\Desktop\1291232071650.jpg
[2010/11/28 23:20:04 | 092,229,353 | ---- | C] () -- C:\Users\Jason\Desktop\SotG - 11.23.10.mp3
[2010/11/28 21:34:34 | 000,063,628 | ---- | C] () -- C:\Users\Jason\Desktop\funnay.png
[2010/11/28 06:01:53 | 000,011,558 | ---- | C] () -- C:\Users\Jason\Desktop\Christianity.docx
[2010/11/28 05:24:53 | 000,037,888 | ---- | C] () -- C:\Users\Jason\Desktop\tree.jpg
[2010/11/28 05:13:54 | 000,015,249 | ---- | C] () -- C:\Users\Jason\Desktop\1290935829677.jpg
[2010/11/27 04:37:35 | 000,065,315 | ---- | C] () -- C:\Users\Jason\Desktop\1290832405098.jpg
[2010/11/27 02:57:56 | 000,009,024 | ---- | C] () -- C:\Users\Jason\Desktop\delivery.xml
[2010/11/27 02:55:25 | 000,007,462 | ---- | C] () -- C:\Users\Jason\Desktop\source.xml
[2010/11/27 00:24:03 | 000,133,284 | ---- | C] () -- C:\Users\Jason\Desktop\site.jpg
[2010/11/24 22:50:19 | 000,008,438 | ---- | C] () -- C:\Users\Jason\Desktop\Book1.xlsx
[2010/11/24 21:18:14 | 000,196,608 | ---- | C] () -- C:\Users\Jason\Desktop\ComicBook DB.mdb
[2010/11/23 17:39:13 | 000,630,272 | ---- | C] () -- C:\Users\Jason\Desktop\dds.scr
[2010/11/23 17:18:05 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2010/11/22 20:42:13 | 000,022,172 | ---- | C] () -- C:\Users\Jason\Documents\cc_20101122_204211.reg
[2010/11/19 00:36:51 | 002,729,574 | ---- | C] () -- C:\Users\Jason\Desktop\1290094892904.gif
[2010/11/17 23:08:40 | 001,352,144 | ---- | C] () -- C:\Users\Jason\Desktop\657E774Ed01.pdf
[2010/11/17 21:34:05 | 000,287,865 | R--- | C] () -- C:\Users\Jason\Desktop\GetTRDoc.pdf
[2010/11/17 21:22:56 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2010/11/17 01:07:34 | 000,171,962 | ---- | C] () -- C:\Users\Jason\Desktop\m48EM.png
[2010/11/15 18:26:49 | 000,000,113 | -H-- | C] () -- C:\Users\Jason\Desktop\.~lock.hw6.docx#
[2010/11/15 16:56:28 | 000,026,961 | ---- | C] () -- C:\Users\Jason\Desktop\hw6.docx
[2010/11/14 03:47:47 | 000,010,937 | ---- | C] () -- C:\Users\Jason\Documents\Digital Divide.docx
[2010/11/13 01:06:36 | 000,067,988 | ---- | C] () -- C:\Users\Jason\Desktop\IST451_Exercise2.docx
[2010/11/13 01:04:38 | 000,000,162 | -H-- | C] () -- C:\Users\Jason\Desktop\~$k5_Q_A.doc
[2010/11/12 18:11:03 | 001,287,168 | ---- | C] () -- C:\Users\Jason\Desktop\Fall10Chapter08.ppt
[2010/11/12 17:54:25 | 001,010,688 | R--- | C] () -- C:\Users\Jason\Desktop\Fall10Chapter05.ppt
[2010/11/11 22:23:00 | 000,020,843 | ---- | C] () -- C:\Users\Jason\Desktop\Jason Mui Project6.docx
[2010/11/09 00:08:59 | 000,010,727 | ---- | C] () -- C:\Users\Jason\Documents\Dear Polk10.docx
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/17 18:48:29 | 000,000,093 | ---- | C] () -- C:\Users\Jason\AppData\Local\fusioncache.dat
[2010/08/29 20:15:48 | 000,974,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/12/10 23:47:01 | 000,003,584 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/10 19:51:21 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/11/10 10:08:43 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/11/10 10:08:43 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/11/10 09:50:28 | 000,007,598 | ---- | C] () -- C:\Users\Jason\AppData\Local\resmon.resmoncfg
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

========== LOP Check ==========

[2010/11/11 16:53:25 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\.minecraft
[2010/12/02 23:52:35 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\.purple
[2010/07/02 20:00:57 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Beat Hazard
[2010/02/20 17:32:57 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Bioshock
[2010/08/31 21:29:29 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\calibre
[2010/08/16 23:43:02 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Chan Thread Watch
[2010/02/16 19:32:48 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Denim
[2010/04/06 05:36:17 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Dropbox
[2010/03/14 23:42:25 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\FileZilla
[2009/11/11 18:37:45 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Foxit
[2010/04/29 19:12:38 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Foxit Software
[2010/09/07 18:48:45 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\gtk-2.0
[2010/05/15 03:33:49 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\LolClient
[2010/09/05 02:00:14 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mount&Blade
[2010/09/18 00:13:28 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mount&Blade Warband
[2009/12/07 02:14:28 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mp3tag
[2010/11/28 18:10:35 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mumble
[2010/05/07 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\My Battle for Middle-earth Files
[2010/10/28 18:09:18 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\NationRed
[2010/01/22 20:06:37 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Nokia
[2009/11/10 19:40:26 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Notepad++
[2010/09/21 19:57:18 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\NUnit
[2010/08/27 17:22:16 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Octoshape
[2010/01/22 20:06:37 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\PC Suite
[2010/10/24 12:27:39 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\RayV
[2009/12/19 20:07:52 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\runic games
[2010/06/23 23:34:32 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\SystemRequirementsLab
[2009/11/10 22:36:23 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\TomTom
[2010/06/25 03:10:19 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Tropico 3
[2010/10/04 20:56:00 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\uTorrent
[2010/10/28 18:49:33 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Wireshark
[2009/12/14 17:23:41 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\X-Chat 2
[2010/11/21 01:03:42 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/11/20 21:07:38 | 000,000,000 | ---D | M](C:\Users\Jason\Documents\?? ???) -- C:\Users\Jason\Documents\넥슨 플러그
[2010/11/20 21:07:38 | 000,000,000 | ---D | C](C:\Users\Jason\Documents\?? ???) -- C:\Users\Jason\Documents\넥슨 플러그

< End of report >

Edited by wing43, 03 December 2010 - 12:12 AM.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:27 AM

Posted 03 December 2010 - 05:27 PM

Letís try to reset the router to its default configuration.
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you donít know the router's default password, you can look it up. HERE
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Then please flush the DNS

Right-click on the Command Prompt icon (find it by opening the bottom left windows logo and type cmd in the search bar) and select
"Run as administrator".

Then type in:
ipconfig /flushdns
and press Enter


Are the redirects still occurring?
Posted Image
m0le is a proud member of UNITE

#13 wing43

wing43
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 04 December 2010 - 04:56 PM

it looks like it has. will do more test

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:27 AM

Posted 04 December 2010 - 06:24 PM

:thumbup2:
Posted Image
m0le is a proud member of UNITE

#15 wing43

wing43
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 05 December 2010 - 06:02 AM

it still does it. is it user error on my part?

for example this is the first link on google

http://google.ad.sgdoubleclick.net/pagead/nclk?sa=L&ai=1&fadurl=googleads.g.doubleclick.net&u=http%3A%2F%2Fgbxforums.gearboxsoftware.com%2Fshowthread.php%3Ft%3D35757&aclck=http%3A%2F%2Fsearch-advertising.net%2Findex.php%3Fsearch%3Duax%2Bfile

and i get this
http://www.happili.com/005_4/innerxy.php?q=Uax+File&xy=itcg-20932
but the second time i click on it i go to the site.
http://gbxforums.gearboxsoftware.com/showthread.php?t=35757

Attached Files


Edited by wing43, 05 December 2010 - 06:02 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users