Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - dirtybagtwb

Pages: [1] 2 3 4
1
Tech Clinic / home Wifi netowrk stops working
« on: July 10, 2012, 08:59:38 PM »
Hello Guestolo im having issues with my internet not working properly i have a broadband connection with a Wifi router and when i do anything that has to do with my desktop thats hardwired the whole Wifi network stops working and i have to reset my modem any suggestions u might have would be appreciated.here is my hijack this log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:15:19 PM, on 7/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\GCI Security Guard\Common\FSM32.EXE
C:\Users\Dirtbag\Videos\RealPlayer Downloads\Update\realsched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\GCI Security Guard\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\GCI Security Guard\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\GCI Security Guard\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\GCI Security Guard\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Users\Dirtbag\Videos\RealPlayer Downloads\Update\realsched.exe" -osboot
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C735FFA-6AC9-458C-84D7-71BB8BF6FDA3}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{5C735FFA-6AC9-458C-84D7-71BB8BF6FDA3}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{5C735FFA-6AC9-458C-84D7-71BB8BF6FDA3}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32st.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\GCI Security Guard\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\GCI Security Guard\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\GCI Security Guard\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8087 bytes



2
Tech Clinic / PC acting funny at reboots
« on: January 29, 2012, 04:31:51 PM »
[quote name='guestolo' timestamp='1327728168' post='480806']
Is it possible to see the log from ComboFix
Should be a copy of it at the following location:

C:\Combofix.txt
[/quote]

ok, here is the combofix log u asked for and it seems i spoke to soon because now im having issues with my graphics card i am trying to find the error message but it disappears before i can,her is a partial message,"display driver has stopped responding"i do have the lastest updates as well.


ComboFix 12-01-27.01 - Dirtbag 01/27/2012  14:26:24.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8173.6678 [GMT -9:00]
Running from: c:\users\Dirtbag\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-12-27 to 2012-01-27  )))))))))))))))))))))))))))))))
.
.
2012-01-27 23:29 . 2012-01-27 23:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-27 23:29 . 2012-01-27 23:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-27 22:39 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5EECFF2-650D-471C-BFFB-7E2CE02B5C15}\mpengine.dll
2012-01-15 07:24 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-15 07:24 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-15 07:24 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-15 07:24 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-15 07:24 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-15 07:24 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-15 07:23 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-15 07:23 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-06 01:47 . 2012-01-06 01:53 -------- d-----w- c:\users\Dirtbag\AppData\Roaming\DivX
2012-01-06 01:47 . 2012-01-06 01:47 -------- d-----w- c:\program files\DivX
2012-01-06 01:47 . 2012-01-06 01:47 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-01-06 01:46 . 2012-01-06 01:47 -------- d-----w- c:\program files (x86)\DivX
2012-01-06 01:45 . 2012-01-06 01:47 -------- d-----w- c:\programdata\DivX
2012-01-03 01:33 . 2012-01-03 01:33 -------- d-----w- c:\users\Dirtbag\AppData\Roaming\Malwarebytes
2012-01-03 01:33 . 2012-01-03 01:33 -------- d-----w- c:\programdata\Malwarebytes
2012-01-03 01:33 . 2012-01-03 01:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-03 01:33 . 2011-12-11 00:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-02 18:28 . 2012-01-02 18:28 -------- d-----w- c:\users\Dirtbag\AppData\Local\SWTOR
2012-01-02 08:52 . 2012-01-02 08:52 -------- d-----w- C:\_OTL
2012-01-01 21:16 . 2012-01-01 21:16 388096 ----a-r- c:\users\Dirtbag\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-01 21:16 . 2012-01-01 21:16 -------- d-----w- c:\program files (x86)\Trend Micro
2011-12-31 22:11 . 2012-01-01 01:59 -------- d-----w- c:\programdata\boost_interprocess
2011-12-30 03:52 . 2011-12-30 03:52 -------- d-----w- c:\users\UpdatusUser.Dirtbag-PC
2011-12-30 03:51 . 2011-05-21 15:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-07 19:39 . 2010-11-21 03:27 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-02 21:09 . 2011-12-02 21:09 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-02 21:09 . 2011-12-02 21:09 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-11-29 02:28 . 2011-04-27 06:11 55856 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2011-11-24 05:12 . 2011-05-17 23:39 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-15 05:23 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:32 . 2011-12-15 05:23 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-15 05:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-15 08:29 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-15 08:29 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-15 08:29 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-15 08:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-15 08:29 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-15 08:29 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 08:29 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-15 08:29 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-05-20 36864]
"F-Secure Manager"="c:\program files (x86)\GCI Security Guard\Common\FSM32.EXE" [2009-11-18 201128]
"F-Secure TNB"="c:\program files (x86)\GCI Security Guard\FSGUI\TNBUtil.exe" [2011-08-23 1655464]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-02 296056]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-23 136176]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys

R3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\GCI Security Guard\ORSP Client\fsorsp.exe [2011-05-24 61088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-23 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\GCI Security Guard\HIPS\drivers\fshs.sys [2009-11-18 59784]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys

S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsvista.sys [2009-11-18 16768]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsgk.sys [2011-09-09 198808]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-23 20:37]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-23 20:37]
.
2012-01-27 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~2\GCISEC~1\ANTI-V~1\fsav.exe [2011-04-23 16:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 209.165.131.12 209.165.131.13 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-27  14:30:43
ComboFix-quarantined-files.txt  2012-01-27 23:30
.
Pre-Run: 880,199,995,392 bytes free
Post-Run: 879,926,521,856 bytes free
.
- - End Of File - - 5F1E84C49219F80B96828D03C63ED7B1

3
Tech Clinic / PC acting funny at reboots
« on: January 27, 2012, 08:55:52 PM »
nevermind guestolo...i reran combofix and found a malware file called index.exe, not sure what it was but after CF found and deleted it everything seems back to normal.

4
Tech Clinic / laptop running slow
« on: January 27, 2012, 02:32:00 AM »
[quote name='guestolo' timestamp='1327170615' post='480791']
  • Press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in, or copy/paste, [color="#ff0000"]Combofix /Uninstall[/color] in the runbox and click OK. (Notice the space between the "x" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
Do you normally run IE with no Addons?
I'm a bit confused, do you run it from a shortcut on your Desktop?
[/quote]

i did the combo fix uninstall but u had asked me to do that before......and im not sure how IE was started with no add-ons

5
Tech Clinic / PC acting funny at reboots
« on: January 26, 2012, 11:24:39 PM »
been having issues with IE 64-bit not working properly,hangs up or tells me webpage cannot be found,on a reboot i sometimes get a grey blank screen before my desktop loads or an error messages pops up tell me my desktop file cannot be found,any help u might be able to affer is greatly apprecaited.

i tried to run a hijack this log but gives me an error telling me some of the files may not be accessable, i was able to run a OTL scan ill include the log.

OTL logfile created on: 1/26/2012 7:30:54 PM - Run 6
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Dirtbag\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 6.33 Gb Available Physical Memory | 79.25% Memory free
15.96 Gb Paging File | 14.17 Gb Available in Paging File | 88.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 819.59 Gb Free Space | 87.99% Space Free | Partition Type: NTFS
 
Computer Name: DIRTBAG-PC | User Name: Dirtbag | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/05 16:20:14 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/01/03 04:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/02 16:19:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dirtbag\Desktop\OTL.exe
PRC - [2011/12/02 12:09:58 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/08 20:47:49 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsav32.exe
PRC - [2011/09/08 19:28:36 | 001,008,296 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fssm32.exe
PRC - [2011/09/08 19:28:36 | 000,512,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32.exe
PRC - [2011/08/01 21:37:19 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/07/28 14:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/23 15:06:03 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\ORSP Client\fsorsp.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/01/07 17:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/11/18 07:08:32 | 000,201,128 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSM32.EXE
PRC - [2009/11/18 07:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSMA32.EXE
PRC - [2009/11/18 07:08:32 | 000,090,536 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSHDLL32.EXE
PRC - [2009/11/18 07:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32st.exe
PRC - [2009/09/06 04:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/01/05 16:20:14 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/01/05 16:20:13 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2012/01/05 16:20:13 | 000,194,344 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/01/05 16:20:13 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2012/01/05 16:20:13 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011/07/28 14:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 14:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/11/18 07:08:42 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSPC\fspcfsm.eng
MOD - [2009/11/18 07:07:10 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\strres.eng
MOD - [2009/11/18 07:07:02 | 000,553,384 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\gres.dll
MOD - [2009/11/18 07:06:54 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\fsavures.eng
MOD - [2009/11/18 07:06:52 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\flyerres.eng
MOD - [2009/11/18 07:06:40 | 000,090,536 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\aboutres.dll
MOD - [2009/11/18 07:06:36 | 000,442,792 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\about.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/07/13 16:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 16:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/05 16:20:14 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/03 04:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/23 15:06:03 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/26 21:11:49 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/07 17:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/11/18 07:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\GCI Security Guard\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/11/18 07:07:30 | 000,846,248 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/11/18 07:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/09/06 04:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 12:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/11/28 17:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/04/22 17:57:44 | 000,050,384 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2011/03/10 21:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 21:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/28 10:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/08 16:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/12/08 16:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/20 18:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 18:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 18:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 18:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 14:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/10/19 14:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/05/19 20:03:11 | 000,105,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/11/18 07:07:30 | 000,094,024 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2009/07/13 16:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 16:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 16:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 11:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 11:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 11:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 11:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 11:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/09/08 19:29:22 | 000,198,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/11/18 07:08:18 | 000,059,784 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\GCI Security Guard\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/11/18 07:06:22 | 000,016,768 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009/07/13 16:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Dirtbag\SecondLife
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\GCI Security Guard\NRS\[email protected] [2011/12/07 15:57:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/02 12:10:05 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 12:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\GCI Security Guard\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\GCI Security Guard\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\GCI Security Guard\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\GCI Security Guard\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.165.131.12 209.165.131.13 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{789799E2-36E5-4239-976F-F680D938537A}: DhcpNameServer = 209.165.131.12 209.165.131.13 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/14 22:24:09 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/14 22:24:08 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/14 22:24:06 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/14 22:24:02 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/14 22:24:00 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/14 22:23:58 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/14 22:23:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/05 16:47:51 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Roaming\DivX
[2012/01/05 16:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/01/05 16:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/01/05 16:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012/01/05 16:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012/01/05 16:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/01/02 23:47:52 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Dirtbag\Desktop\TFC.exe
[2012/01/02 16:33:36 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Roaming\Malwarebytes
[2012/01/02 16:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/02 16:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/02 16:33:26 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/02 16:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/02 16:19:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dirtbag\Desktop\OTL.exe
[2012/01/02 09:28:40 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Local\SWTOR
[2012/01/02 09:28:40 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\Documents\HeroBlade Logs
[2012/01/01 23:52:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/01 12:16:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/01/01 12:16:39 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/31 13:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/12/29 18:51:56 | 002,560,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2011/12/28 15:20:58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/09/25 16:56:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2010/02/03 20:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/26 19:15:00 | 000,025,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/26 19:15:00 | 000,025,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/26 19:12:57 | 000,725,056 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/26 19:12:57 | 000,622,250 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/26 19:12:57 | 000,106,740 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/26 19:08:03 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/26 19:07:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/26 19:07:49 | 2132,865,023 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/26 19:00:36 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2012/01/26 18:58:45 | 000,007,605 | ---- | M] () -- C:\Users\Dirtbag\AppData\Local\Resmon.ResmonCfg
[2012/01/26 18:40:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/08 00:30:45 | 449,542,379 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/02 23:47:52 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Dirtbag\Desktop\TFC.exe
[2012/01/02 16:33:27 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/02 16:19:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dirtbag\Desktop\OTL.exe
[2012/01/01 12:16:39 | 000,002,985 | ---- | M] () -- C:\Users\Dirtbag\Desktop\HiJackThis.lnk
[2011/12/29 22:12:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2012/01/26 18:58:45 | 000,007,605 | ---- | C] () -- C:\Users\Dirtbag\AppData\Local\Resmon.ResmonCfg
[2012/01/02 16:33:27 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/01 23:16:06 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\Scheduled scanning task.job
[2012/01/01 12:16:39 | 000,002,985 | ---- | C] () -- C:\Users\Dirtbag\Desktop\HiJackThis.lnk
[2011/12/29 22:12:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/12/28 15:20:57 | 449,542,379 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/31 13:29:00 | 004,023,808 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011/07/18 20:24:45 | 000,005,120 | ---- | C] () -- C:\Users\Dirtbag\AppData\Local\Databases.db
[2011/07/12 15:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/06/17 05:26:10 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/17 05:17:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/22 17:21:35 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2011/04/22 17:21:24 | 000,739,068 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/20 07:45:15 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2011/04/20 07:35:11 | 000,035,934 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/04/20 07:31:12 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/04/20 07:31:01 | 000,024,353 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/01/04 13:28:18 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/13 20:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 17:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 17:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 15:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 14:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 12:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 12:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 03:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/02/05 16:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

< End of report >



6
Tech Clinic / laptop running slow
« on: January 21, 2012, 01:28:24 AM »
[quote name='guestolo' timestamp='1326822214' post='480751']
Can you try running IE with addons disabled
Instructions at the top of the link>>Test Using Internet Explorer’s "Safe Mode"
http://www.howtogeek..Website removed for spammingnning-slowly/
[/quote]

it seems to be running better now...and i was running IE without add-ons the whole time it seems without knowing it.

7
Tech Clinic / laptop running slow
« on: January 16, 2012, 06:53:06 PM »
[quote name='guestolo' timestamp='1326683010' post='480726']
What did you mean by that? If you mean Windows Defender, it's installed by default on Vista, but it's disabled
How are things now running?
[/quote]

well...it seems to be running better its starting up more normally than it did but stil taking time to think or hangs up,like clicking on IE takes it a few minutes instead of a few seconds to load.and to answer your question i had thought it was running both anti-virus programs but realized it wasnt after the combo fix.any other suggestions?.....if not thank u it is at the very least usable now when it wasnt before.

8
Tech Clinic / laptop running slow
« on: January 15, 2012, 09:25:15 PM »
[quote name='guestolo' timestamp='1326520640' post='480684']
Download ComboFix from the following location:
[color="#0000ff"]Click HERE[/color]

VERY IMPORTANT !!! [color="#ff0000"]Save ComboFix.exe to your Desktop[/color]

    *
[color="#ff0000"]IMPORTANT[/color] - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link [color="#0000ff"]here[/color]


   
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
[color="#2e8b57"]Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.[/color]

Please make sure you include the combo fix log in your next reply
[/quote]

ran the combo fix and here is the log..also sorry about the time frame i was traveling.

ComboFix 12-01-15.01 - Tisa 01/15/2012  16:48:23.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3837.2382 [GMT -9:00]
Running from: c:\users\Tisa\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
.
.
(((((((((((((((((((((((((   Files Created from 2011-12-16 to 2012-01-16  )))))))))))))))))))))))))))))))
.
.
2012-01-13 03:41 . 2012-01-13 03:41 -------- d-----w- c:\users\Tisa\AppData\Roaming\Malwarebytes
2012-01-13 03:41 . 2012-01-13 03:41 -------- d-----w- c:\programdata\Malwarebytes
2012-01-13 03:41 . 2011-12-11 00:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-13 03:41 . 2012-01-13 03:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-13 01:08 . 2012-01-13 09:55 -------- d-----w- c:\users\Tisa\AppData\Local\PhoenixViewer
2012-01-13 00:35 . 2012-01-13 01:07 -------- d-----w- c:\program files (x86)\Phoenix Viewer
2012-01-12 21:37 . 2012-01-12 21:37 388096 ----a-r- c:\users\Tisa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-12 21:37 . 2012-01-12 21:37 -------- d-----w- C:\desktop
2012-01-12 20:44 . 2011-12-01 15:21 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-01-12 20:44 . 2011-12-01 15:29 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-12 20:43 . 2011-11-25 16:25 451072 ----a-w- c:\windows\system32\winsrv.dll
2012-01-12 20:43 . 2011-10-25 16:13 1570816 ----a-w- c:\windows\system32\quartz.dll
2012-01-12 20:43 . 2011-10-25 16:13 352256 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 20:43 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-12 20:43 . 2011-10-25 15:58 497152 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-12 20:43 . 2011-11-18 20:55 1585152 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 20:42 . 2011-11-18 20:55 1167984 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-12 20:41 . 2011-10-14 17:31 211968 ----a-w- c:\windows\system32\winmm.dll
2012-01-12 20:41 . 2011-10-14 17:27 28672 ----a-w- c:\windows\system32\mciwave.dll
2012-01-12 20:40 . 2011-10-14 17:27 48128 ----a-w- c:\windows\system32\mcicda.dll
2012-01-12 20:40 . 2011-10-14 17:27 28160 ----a-w- c:\windows\system32\mciseq.dll
2012-01-12 20:40 . 2011-10-14 16:03 189952 ----a-w- c:\windows\SysWow64\winmm.dll
2012-01-12 20:40 . 2011-10-14 16:00 23552 ----a-w- c:\windows\SysWow64\mciseq.dll
2012-01-12 20:35 . 2011-11-18 18:07 76800 ----a-w- c:\windows\system32\packager.dll
2012-01-12 20:35 . 2011-11-18 17:47 66560 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 08:16 . 2012-01-10 08:37 -------- d-----w- c:\users\Tisa\AppData\Roaming\SecondLife
2012-01-10 08:11 . 2012-01-12 05:41 -------- d-----w- c:\users\Tisa\AppData\Local\SecondLife
2012-01-10 06:10 . 2012-01-10 06:12 -------- d-----w- c:\program files (x86)\SecondLifeViewer
2012-01-10 05:29 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5617B707-E72E-454D-AA0A-29D8FD3B6616}\mpengine.dll
2012-01-09 04:30 . 2012-01-09 04:30 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-01-09 04:30 . 2012-01-09 04:30 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-01-09 04:30 . 2012-01-09 04:30 -------- d-----w- c:\program files (x86)\OpenAL
2012-01-09 04:30 . 2012-01-09 04:30 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-01-09 04:30 . 2012-01-09 04:30 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-01-09 04:30 . 2012-01-09 04:30 -------- d-----w- c:\program files (x86)\Warzone 2100-2.3.9
2012-01-03 17:22 . 2012-01-03 17:22 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-12-29 06:04 . 2011-10-25 16:09 85504 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-29 06:04 . 2011-11-08 14:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-29 06:04 . 2011-11-08 14:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-29 06:03 . 2011-11-23 13:57 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-12-29 06:03 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2011-12-29 06:03 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 23:29 . 2009-10-04 03:21 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-10 14:54 . 2010-05-02 17:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-10-08 322104]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"F-Secure Manager"="c:\program files (x86)\GCI Security Guard\Common\FSM32.EXE" [2009-11-18 201128]
"F-Secure TNB"="c:\program files (x86)\GCI Security Guard\FSGUI\TNBUtil.exe" [2011-08-23 1655464]
"Franklin_CDU680"="c:\program files (x86)\Franklin\Franklin_CDU680\BIN\RDVCHG.EXE" [2008-07-22 312568]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Tisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-24 00:11]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-24 00:11]
.
2012-01-10 c:\windows\Tasks\HPCeeScheduleForTisa.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-01-20 19:34]
.
2012-01-15 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~2\GCISEC~1\ANTI-V~1\fsav.exe [2009-04-18 16:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1220392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 209.165.131.12 209.165.131.13 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-HPAdvisor - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKCU-Run-MobiLink 3 - c:\program files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-15  17:18:46
ComboFix-quarantined-files.txt  2012-01-16 02:18
.
Pre-Run: 213,375,942,656 bytes free
Post-Run: 213,728,690,176 bytes free
.
- - End Of File - - 774B133E5AA857920DDB23619D9A4EBC

9
Tech Clinic / laptop running slow
« on: January 13, 2012, 07:30:19 PM »
[quote name='guestolo' timestamp='1326442106' post='480679']
Everything should be alright
Try the following
Right click OTL.exe and choose Run as Admin
When it opens, click on the CLEANUP button

This will properly remove OTL.exe and it's components
When it's done, it should prompt to reboot
Do so and come back and let me know if everything is back to normal
[/quote]

ok,seems to be running better but still taking longer than normal to open a program like its hanging-up or thinking im sure there should be more speed outta this its not that old of a pc maybe 2 years.just wondering if u might have any other ideas....also on a side note i think i have 2 virus programs running i have f-secure and  most of the windows anti-virus,is it safe to turn off the windows programs? just a thought.and thank u again for your help.

10
Tech Clinic / laptop running slow
« on: January 13, 2012, 02:48:08 AM »
[quote name='guestolo' timestamp='1326438145' post='480677']
Right click on OTL.exe and "Run as Admin" and Run it
  • Under the [color="#0000ff"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
  • Then click the [color="#ff0000"]Run Fix[/color] button at the top
  • Let the program run unhindered, reboot the PC when it is done
On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

Again, keep me informed how things are running, thanks
[/quote]
ok i ran the fix and on reboot a red screen of death showed up and i paniced and reset the pc..hopefullly it didnt mess up the fix,also my windows malware protection is off now just in case it was part of the fix.although it seems to be running better for the most part

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
File ptyFlash] not found.
File ptyTemp] not found.
 
OTL by OldTimer - Version 3.2.31.0 log created on 01122012_221118

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





11
Tech Clinic / laptop running slow
« on: January 13, 2012, 01:42:32 AM »
[quote name='guestolo' timestamp='1326430870' post='480675']
Let's see a fresh log from OTL please
Reopen OTL.exe and Run Scan
When it's done, only one log will be produced this time
Post it's contents please
[/quote]
ok,here is the new otl log.my laptop is running quite a bit better  with only a few hangups mostly when starting a program or moving from one to the another program.


OTL logfile created on: 1/12/2012 9:30:03 PM - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Tisa\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 58.55% Memory free
7.73 Gb Paging File | 5.74 Gb Available in Paging File | 74.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.00 Gb Total Space | 200.42 Gb Free Space | 70.32% Space Free | Partition Type: NTFS
Drive D: | 13.08 Gb Total Space | 2.04 Gb Free Space | 15.58% Space Free | Partition Type: NTFS
 
Computer Name: TISA-PC | User Name: Tisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/12 13:33:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tisa\Desktop\OTL.exe
PRC - [2011/11/08 21:32:08 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsav32.exe
PRC - [2011/09/08 04:32:41 | 001,008,296 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fssm32.exe
PRC - [2011/09/08 04:32:40 | 000,512,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32.exe
PRC - [2011/05/23 01:46:58 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\ORSP Client\fsorsp.exe
PRC - [2010/07/21 04:51:36 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2009/11/18 07:08:32 | 000,201,128 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSM32.EXE
PRC - [2009/11/18 07:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSMA32.EXE
PRC - [2009/11/18 07:08:32 | 000,090,536 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSHDLL32.EXE
PRC - [2009/11/18 07:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32st.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2008/12/25 12:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 12:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/02 17:28:22 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/11/28 17:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/07/22 08:49:42 | 000,312,568 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files (x86)\Franklin\Franklin_CDU680\Bin\RDVCHG.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009/11/18 07:08:42 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSPC\fspcfsm.eng
MOD - [2009/11/18 07:07:10 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\strres.eng
MOD - [2009/11/18 07:07:02 | 000,553,384 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\gres.dll
MOD - [2009/11/18 07:06:54 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\fsavures.eng
MOD - [2009/11/18 07:06:52 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\flyerres.eng
MOD - [2009/11/18 07:06:40 | 000,090,536 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\aboutres.dll
MOD - [2009/11/18 07:06:36 | 000,442,792 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\about.dll
MOD - [2008/12/25 12:41:24 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2008/12/10 05:04:58 | 000,935,424 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/03/18 15:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 17:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 11:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/05/23 01:46:58 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010/10/12 08:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/06 17:14:52 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/18 07:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\GCI Security Guard\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/11/18 07:07:30 | 000,846,248 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/11/18 07:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/03/29 19:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/02 17:28:22 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/04/22 18:48:53 | 000,050,384 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/11/18 07:07:30 | 000,094,024 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2009/11/10 14:56:28 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)
DRV:64bit: - [2009/11/10 14:56:24 | 000,256,000 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2009/11/10 14:56:22 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbser2.sys -- (NWUSBPort2)
DRV:64bit: - [2009/11/10 14:56:22 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbser.sys -- (NWUSBPort)
DRV:64bit: - [2009/11/10 14:56:22 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbmdm.sys -- (NWUSBModem)
DRV:64bit: - [2009/09/30 15:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/12/10 06:31:26 | 004,993,024 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/10/03 16:17:30 | 000,184,320 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/21 01:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/05/28 16:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/05/16 02:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008/05/16 02:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008/05/16 02:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/05/16 02:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008/05/16 02:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008/05/16 02:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008/05/16 02:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV:64bit: - [2008/04/27 20:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/04/27 10:09:18 | 001,133,568 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/03/27 11:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 11:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 14:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/24 04:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 17:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 17:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel(R)
DRV:64bit: - [2008/01/20 17:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/18 02:31:30 | 000,320,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/08/29 11:30:52 | 000,080,176 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\jl2005c.sys -- (JLTECH0227)
DRV:64bit: - [2007/06/08 13:32:26 | 000,112,768 | ---- | M] (C-motech Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\cmusbser.sys -- (cmusbser)
DRV:64bit: - [2006/10/03 16:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2011/09/08 04:33:15 | 000,198,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/11/18 07:08:18 | 000,059,784 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\GCI Security Guard\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/11/18 07:06:22 | 000,016,768 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2008/11/28 17:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/02/25 12:10:19] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\GCI Security Guard\NRS\[email protected] [2011/12/11 07:16:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/06 20:20:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/06 20:20:22 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2006/09/18 12:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - Reg Error: Value error. File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\GCI Security Guard\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\GCI Security Guard\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Franklin_CDU680] C:\Program Files (x86)\Franklin\Franklin_CDU680\BIN\RDVCHG.EXE (C-motech Co.,Ltd)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\GCI Security Guard\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\GCI Security Guard\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN File not found
O4 - HKCU..\Run: [MobiLink 3] C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe File not found
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.234.146.98 192.234.141.2 192.234.141.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5165EBF0-571F-4733-B10E-D83E7DC63407}: DhcpNameServer = 192.234.146.98 192.234.141.2 192.234.141.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB38DDF7-01B0-4858-94ED-C2E9B02C8C63}: DhcpNameServer = 192.234.146.98 192.234.141.2 192.234.141.3
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tisa\Pictures\..edits\flying.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tisa\Pictures\..edits\flying.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8000e8e7-cfb3-11de-bbdc-00235a2de9e3}\Shell - "" = AutoRun
O33 - MountPoints2\{8000e8e7-cfb3-11de-bbdc-00235a2de9e3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{c9f8ae11-6ef4-11e0-a4b6-00235a2de9e3}\Shell - "" = AutoRun
O33 - MountPoints2\{c9f8ae11-6ef4-11e0-a4b6-00235a2de9e3}\Shell\AutoRun\command - "" = F:\LiteAuto.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/12 18:41:52 | 000,000,000 | ---D | C] -- C:\Users\Tisa\AppData\Roaming\Malwarebytes
[2012/01/12 18:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/12 18:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/12 18:41:36 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/12 18:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/12 18:10:38 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Tisa\Desktop\TFC.exe
[2012/01/12 16:08:06 | 000,000,000 | ---D | C] -- C:\Users\Tisa\AppData\Local\PhoenixViewer
[2012/01/12 15:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phoenix Viewer
[2012/01/12 15:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phoenix Viewer
[2012/01/12 13:33:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Tisa\Desktop\OTL.exe
[2012/01/12 12:37:50 | 000,000,000 | ---D | C] -- C:\Users\Tisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/01/12 12:37:49 | 000,000,000 | ---D | C] -- C:\desktop
[2012/01/10 13:20:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2012/01/10 13:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2012/01/09 23:16:34 | 000,000,000 | ---D | C] -- C:\Users\Tisa\AppData\Roaming\SecondLife
[2012/01/09 23:11:21 | 000,000,000 | ---D | C] -- C:\Users\Tisa\AppData\Local\SecondLife
[2012/01/09 21:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
[2012/01/09 21:10:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecondLifeViewer
[2012/01/09 20:14:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/01/09 20:14:41 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/01/09 20:14:41 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/01/08 19:31:17 | 000,000,000 | ---D | C] -- C:\Users\Tisa\Documents\Warzone 2100 2.3
[2012/01/08 19:30:39 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/01/08 19:30:39 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/01/08 19:30:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012/01/08 19:30:36 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/01/08 19:30:36 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/01/08 19:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warzone 2100-2.3.9
[2012/01/08 19:30:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warzone 2100-2.3.9
[2012/01/08 19:21:36 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/01/08 19:21:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/01/08 19:21:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/01/08 19:21:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/01/08 19:21:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/01/08 19:21:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/01/08 19:21:32 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/01/08 19:21:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/01/08 19:21:30 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/01/08 19:21:30 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/08 19:21:29 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/28 21:04:54 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/28 21:03:17 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/28 21:03:16 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/12 21:10:55 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 21:10:55 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 21:08:16 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/12 19:12:10 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/12 19:10:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/12 19:10:02 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/12 19:08:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/01/12 18:41:41 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/12 18:10:55 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Tisa\Desktop\TFC.exe
[2012/01/12 16:07:25 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Phoenix Viewer.lnk
[2012/01/12 13:33:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tisa\Desktop\OTL.exe
[2012/01/12 12:48:56 | 000,002,443 | ---- | M] () -- C:\Users\Tisa\Desktop\HiJackThis.lnk
[2012/01/12 11:54:53 | 001,402,880 | ---- | M] () -- C:\Users\Tisa\Desktop\HiJackThis.msi
[2012/01/12 10:44:40 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2012/01/11 20:18:35 | 000,611,630 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/11 20:18:34 | 000,714,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/11 20:18:34 | 000,107,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/10 19:28:08 | 000,000,680 | ---- | M] () -- C:\Users\Tisa\AppData\Local\d3d9caps.dat
[2012/01/09 19:22:52 | 000,321,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/09 19:21:16 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTisa.job
[2012/01/08 19:57:44 | 523,254,467 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/08 19:30:40 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/01/08 19:30:39 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/01/08 19:30:37 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/01/08 19:30:36 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
 
========== Files Created - No Company Name ==========
 
[2012/01/12 18:41:41 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/12 15:41:58 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\Phoenix Viewer.lnk
[2012/01/12 12:37:50 | 000,002,443 | ---- | C] () -- C:\Users\Tisa\Desktop\HiJackThis.lnk
[2012/01/12 11:54:25 | 001,402,880 | ---- | C] () -- C:\Users\Tisa\Desktop\HiJackThis.msi
[2012/01/10 19:46:28 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/09 14:38:09 | 4024,262,656 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/28 20:30:34 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForTisa.job
[2010/05/06 20:18:16 | 000,023,141 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/05/06 19:28:44 | 000,077,405 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/08/04 10:43:14 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/04 10:41:14 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/08/04 10:39:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/28 08:46:21 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\dec_jl6.dll
[2009/04/18 07:50:22 | 000,009,728 | ---- | C] () -- C:\Users\Tisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/18 06:32:30 | 000,166,490 | ---- | C] () -- C:\Windows\hpoins28.dat
[2009/04/17 18:56:52 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2009/04/17 18:56:20 | 000,717,766 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/04/17 16:21:06 | 000,028,320 | ---- | C] () -- C:\Users\Tisa\AppData\Roaming\wklnhst.dat
[2009/04/17 15:15:12 | 000,000,680 | ---- | C] () -- C:\Users\Tisa\AppData\Local\d3d9caps.dat
[2009/02/25 11:03:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/01/19 19:55:47 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/01/19 18:48:07 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/12/10 04:28:16 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008/05/11 18:49:03 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2008/01/20 17:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 06:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 03:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 03:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 03:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 00:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\wolfpack song.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\warm uppp.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\warm up.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\superstar.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\star spngled.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\star spangled.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\ozzy.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\next contestant.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\never stop.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\na na na goodbye.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\lik it love it.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\i lik u move.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\greenday.mp3:TOC.WMV

< End of report >




12
Tech Clinic / laptop running slow
« on: January 12, 2012, 11:26:11 PM »
[quote name='guestolo' timestamp='1326413824' post='480672']
Please download TFC by Old Timer and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Save any unsaved work. TFC will close ALL open programs including your browser!
Right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately.

Back in Windows
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, you will be prompted to Decline or use Trial version>>>Select DECLINE
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
        * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
[/quote]
well both of those seemed to have helped and here is the log

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.13.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Tisa :: TISA-PC [administrator]

1/12/2012 6:48:18 PM
mbam-log-2012-01-12 (18-48-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197780
Time elapsed: 18 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\$RECYCLE.BIN\S-1-5-21-1888144358-2246248295-2031265590-1000\$RK8IF9C.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.

(end)
please let me know if u haave any other suggestions




13
Tech Clinic / laptop running slow
« on: January 12, 2012, 04:56:59 PM »
having issues with my laptop running slowly almost like its thinking,i tried creating a hijack this log and having issues with that too.tried running hijack this again it told me it was already running and i dont seem to have access to run as adminidstrator,and help u could offer is greatly appreciated

i did was however able to run an otl scan here are the logs i hope this helps

OTL logfile created on: 1/12/2012 1:35:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Tisa\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 48.90% Memory free
7.73 Gb Paging File | 5.45 Gb Available in Paging File | 70.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.00 Gb Total Space | 200.11 Gb Free Space | 70.21% Space Free | Partition Type: NTFS
Drive D: | 13.08 Gb Total Space | 2.04 Gb Free Space | 15.58% Space Free | Partition Type: NTFS
 
Computer Name: TISA-PC | User Name: Tisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/12 13:33:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tisa\Desktop\OTL.exe
PRC - [2011/11/08 21:32:08 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsav32.exe
PRC - [2011/09/08 04:32:41 | 001,008,296 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fssm32.exe
PRC - [2011/09/08 04:32:40 | 000,512,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32.exe
PRC - [2011/05/23 01:46:58 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\ORSP Client\fsorsp.exe
PRC - [2010/07/21 04:51:36 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\desktop\Trend Micro\HiJackThis\HiJackThis.exe
PRC - [2009/11/18 07:08:32 | 000,201,128 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSM32.EXE
PRC - [2009/11/18 07:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSMA32.EXE
PRC - [2009/11/18 07:08:32 | 000,090,536 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSHDLL32.EXE
PRC - [2009/11/18 07:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32st.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2008/12/25 12:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 12:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/02 17:28:22 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/11/28 17:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/07/22 08:49:42 | 000,312,568 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files (x86)\Franklin\Franklin_CDU680\Bin\RDVCHG.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009/11/18 07:08:42 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSPC\fspcfsm.eng
MOD - [2009/11/18 07:07:10 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\strres.eng
MOD - [2009/11/18 07:07:02 | 000,553,384 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\gres.dll
MOD - [2009/11/18 07:06:54 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\fsavures.eng
MOD - [2009/11/18 07:06:52 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\flyerres.eng
MOD - [2009/11/18 07:06:40 | 000,090,536 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\aboutres.dll
MOD - [2009/11/18 07:06:36 | 000,442,792 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\about.dll
MOD - [2008/12/25 12:41:24 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2008/12/10 05:04:58 | 000,935,424 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/03/18 15:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 17:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 11:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/05/23 01:46:58 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010/10/12 08:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/06 17:14:52 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/18 07:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\GCI Security Guard\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/11/18 07:07:30 | 000,846,248 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/11/18 07:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/03/29 19:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/02 17:28:22 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/04/22 18:48:53 | 000,050,384 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/11/18 07:07:30 | 000,094,024 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2009/11/10 14:56:28 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)
DRV:64bit: - [2009/11/10 14:56:24 | 000,256,000 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2009/11/10 14:56:22 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbser2.sys -- (NWUSBPort2)
DRV:64bit: - [2009/11/10 14:56:22 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbser.sys -- (NWUSBPort)
DRV:64bit: - [2009/11/10 14:56:22 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbmdm.sys -- (NWUSBModem)
DRV:64bit: - [2009/09/30 15:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/12/10 06:31:26 | 004,993,024 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/10/03 16:17:30 | 000,184,320 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/21 01:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/05/28 16:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/05/16 02:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008/05/16 02:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008/05/16 02:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/05/16 02:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008/05/16 02:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008/05/16 02:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008/05/16 02:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV:64bit: - [2008/04/27 20:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/04/27 10:09:18 | 001,133,568 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/03/27 11:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 11:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 14:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/24 04:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 17:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 17:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel(R)
DRV:64bit: - [2008/01/20 17:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/18 02:31:30 | 000,320,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/08/29 11:30:52 | 000,080,176 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\jl2005c.sys -- (JLTECH0227)
DRV:64bit: - [2007/06/08 13:32:26 | 000,112,768 | ---- | M] (C-motech Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\cmusbser.sys -- (cmusbser)
DRV:64bit: - [2006/10/03 16:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2011/09/08 04:33:15 | 000,198,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/11/18 07:08:18 | 000,059,784 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\GCI Security Guard\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/11/18 07:06:22 | 000,016,768 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2008/11/28 17:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/02/25 12:10:19] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\GCI Security Guard\NRS\[email protected] [2011/12/11 07:16:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/06 20:20:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/06 20:20:22 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2006/09/18 12:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - Reg Error: Value error. File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\GCI Security Guard\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\GCI Security Guard\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Franklin_CDU680] C:\Program Files (x86)\Franklin\Franklin_CDU680\BIN\RDVCHG.EXE (C-motech Co.,Ltd)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\GCI Security Guard\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\GCI Security Guard\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN File not found
O4 - HKCU..\Run: [MobiLink 3] C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe File not found
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.234.146.98 192.234.141.2 192.234.141.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5165EBF0-571F-4733-B10E-D83E7DC63407}: DhcpNameServer = 192.234.146.98 192.234.141.2 192.234.141.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB38DDF7-01B0-4858-94ED-C2E9B02C8C63}: DhcpNameServer = 192.234.146.98 192.234.141.2 192.234.141.3
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tisa\Pictures\..edits\kite.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tisa\Pictures\..edits\kite.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8000e8e7-cfb3-11de-bbdc-00235a2de9e3}\Shell - "" = AutoRun
O33 - MountPoints2\{8000e8e7-cfb3-11de-bbdc-00235a2de9e3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{c9f8ae11-6ef4-11e0-a4b6-00235a2de9e3}\Shell - "" = AutoRun
O33 - MountPoints2\{c9f8ae11-6ef4-11e0-a4b6-00235a2de9e3}\Shell\AutoRun\command - "" = F:\LiteAuto.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/12 13:33:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Tisa\Desktop\OTL.exe
[2012/01/12 12:37:50 | 000,000,000 | ---D | C] -- C:\Users\Tisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/01/12 12:37:49 | 000,000,000 | ---D | C] -- C:\desktop
[2012/01/10 13:20:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2012/01/10 13:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2012/01/09 23:16:34 | 000,000,000 | ---D | C] -- C:\Users\Tisa\AppData\Roaming\SecondLife
[2012/01/09 23:11:21 | 000,000,000 | ---D | C] -- C:\Users\Tisa\AppData\Local\SecondLife
[2012/01/09 21:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
[2012/01/09 21:10:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecondLifeViewer
[2012/01/09 20:14:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/01/09 20:14:41 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/01/09 20:14:41 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/01/08 19:31:17 | 000,000,000 | ---D | C] -- C:\Users\Tisa\Documents\Warzone 2100 2.3
[2012/01/08 19:30:39 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/01/08 19:30:39 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/01/08 19:30:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012/01/08 19:30:36 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/01/08 19:30:36 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/01/08 19:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warzone 2100-2.3.9
[2012/01/08 19:30:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warzone 2100-2.3.9
[2012/01/08 19:21:36 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/01/08 19:21:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/01/08 19:21:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/01/08 19:21:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/01/08 19:21:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/01/08 19:21:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/01/08 19:21:32 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/01/08 19:21:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/01/08 19:21:30 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/01/08 19:21:30 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/08 19:21:29 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/28 21:04:54 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/28 21:03:17 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/28 21:03:16 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/12 14:09:04 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/12 13:33:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tisa\Desktop\OTL.exe
[2012/01/12 12:48:56 | 000,002,443 | ---- | M] () -- C:\Users\Tisa\Desktop\HiJackThis.lnk
[2012/01/12 12:45:08 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 12:45:08 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 11:54:53 | 001,402,880 | ---- | M] () -- C:\Users\Tisa\Desktop\HiJackThis.msi
[2012/01/12 10:44:59 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/12 10:44:40 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2012/01/12 10:44:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/12 10:44:15 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/12 10:36:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/01/11 20:18:35 | 000,611,630 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/11 20:18:34 | 000,714,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/11 20:18:34 | 000,107,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/10 19:46:28 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/10 19:28:08 | 000,000,680 | ---- | M] () -- C:\Users\Tisa\AppData\Local\d3d9caps.dat
[2012/01/09 21:12:08 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\Second Life Viewer.lnk
[2012/01/09 19:22:52 | 000,321,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/09 19:21:16 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTisa.job
[2012/01/08 19:57:44 | 523,254,467 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/08 19:30:40 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/01/08 19:30:39 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/01/08 19:30:37 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/01/08 19:30:36 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/01/08 19:30:33 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Warzone 2100-2.3.9.lnk
 
========== Files Created - No Company Name ==========
 
[2012/01/12 12:37:50 | 000,002,443 | ---- | C] () -- C:\Users\Tisa\Desktop\HiJackThis.lnk
[2012/01/12 11:54:25 | 001,402,880 | ---- | C] () -- C:\Users\Tisa\Desktop\HiJackThis.msi
[2012/01/10 19:46:28 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/10 19:46:28 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/09 21:12:08 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\Second Life Viewer.lnk
[2012/01/09 14:38:09 | 4024,262,656 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/08 19:30:33 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\Warzone 2100-2.3.9.lnk
[2011/12/28 20:30:34 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForTisa.job
[2010/05/06 20:18:16 | 000,023,141 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/05/06 19:28:44 | 000,077,405 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/08/04 10:43:14 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/04 10:41:14 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/08/04 10:39:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/28 08:46:21 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\dec_jl6.dll
[2009/04/18 07:50:22 | 000,009,728 | ---- | C] () -- C:\Users\Tisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/18 06:32:30 | 000,166,490 | ---- | C] () -- C:\Windows\hpoins28.dat
[2009/04/17 18:56:52 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2009/04/17 18:56:20 | 000,717,766 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/04/17 16:21:06 | 000,028,320 | ---- | C] () -- C:\Users\Tisa\AppData\Roaming\wklnhst.dat
[2009/04/17 15:15:12 | 000,000,680 | ---- | C] () -- C:\Users\Tisa\AppData\Local\d3d9caps.dat
[2009/02/25 11:03:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/01/19 19:55:47 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/01/19 18:48:07 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/12/10 04:28:16 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008/05/11 18:49:03 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2008/01/20 17:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 06:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 03:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 03:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 03:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 00:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\wolfpack song.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\warm uppp.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\warm up.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\superstar.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\star spngled.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\star spangled.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\ozzy.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\next contestant.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\never stop.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\na na na goodbye.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\lik it love it.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\i lik u move.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Tisa\Documents\greenday.mp3:TOC.WMV

< End of report >
OTL Extras logfile created on: 1/12/2012 1:35:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Tisa\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 48.90% Memory free
7.73 Gb Paging File | 5.45 Gb Available in Paging File | 70.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.00 Gb Total Space | 200.11 Gb Free Space | 70.21% Space Free | Partition Type: NTFS
Drive D: | 13.08 Gb Total Space | 2.04 Gb Free Space | 15.58% Space Free | Partition Type: NTFS
 
Computer Name: TISA-PC | User Name: Tisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 54 44 D9 41 26 17 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FC7F88F-D5CA-4AD3-8C83-CE4792247D5D}" = rport=445 | protocol=6 | dir=out | app=system |
"{127C47BB-FE79-4919-A63F-137DB890C614}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1BCAEEE2-FF46-41EB-B97F-981716F48CE8}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{1DCEB4F6-2F92-421D-9512-71E447BBDF47}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{20C6AEEE-3E41-42E2-901C-5D5314CCC9BD}" = lport=445 | protocol=6 | dir=in | app=system |
"{387D8CD0-FDB6-439E-B426-054D7E50D144}" = rport=139 | protocol=6 | dir=out | app=system |
"{4C20BF5D-0C3B-4E05-9FBA-D04956761608}" = lport=138 | protocol=17 | dir=in | app=system |
"{56218B66-5531-4F7E-83D5-C6B8353A0C5D}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{562AB52E-92C6-47BC-AD67-388BEFFBBCAF}" = rport=138 | protocol=17 | dir=out | app=system |
"{5C52FDB6-3ADB-45D2-8E42-BEDD4AED2AE9}" = lport=139 | protocol=6 | dir=in | app=system |
"{5E477E1E-5221-4947-B9A5-86C3DC1A96A6}" = rport=137 | protocol=17 | dir=out | app=system |
"{7044E318-171E-4ECD-BF90-7EA3C7DC2788}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{AFCE3858-2952-4900-811A-DFDD4E453355}" = lport=137 | protocol=17 | dir=in | app=system |
"{D9223591-3D99-44CF-91AB-6D22C64C21B0}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BBE7D98-EE02-4F65-B43D-1657F7F2E55A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{0FC39A56-CC76-46DB-A354-C5251E25D308}" = protocol=1 | dir=out | [email protected],-28544 |
"{0FF80D87-BAFF-4DF6-B78B-64F81E3B8E05}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{1983C073-C8C9-4A77-B3B2-FB9FFE33E45F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{1DDF85A1-6847-4BCD-86C4-306DEBB26A20}" = protocol=58 | dir=in | [email protected],-28545 |
"{2DD959F3-DFF9-4F3B-9493-79ABDEFE70D9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{3709BA83-8287-4D4B-A5D5-3BDE262911C7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{3AD01C46-05FD-4325-9CF5-7684DB0B2B5B}" = protocol=58 | dir=out | [email protected],-28546 |
"{3BB942FA-3893-4A51-AA90-AA335B4C0D9E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{449B3B99-2271-4C49-AF9C-A4F102738774}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{455914BD-D61A-4CF2-8A47-BCB285B51012}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{4BA9011D-F66F-4985-B962-F41DFEB3F260}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{50FE1865-8645-4400-A3D5-1E7C43213C73}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{6E35ACD2-1CD9-449F-96F3-692F1991F503}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{7678DC66-C3FB-4B0F-A89C-C1AA65D1D679}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{7BE9E4BA-BB20-402D-AC7C-085570870EC3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{83F46134-D0B8-4677-9F8A-D68AF0AD5420}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{8468EEE4-B153-458E-9300-B1B530E16FC8}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{85A907ED-D122-47CE-9732-F201BECDCB1B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{8A13874D-77C5-4DD9-A762-B2BBC5B2DD8B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{97C34A48-5383-458C-841F-1F970144520F}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{982E8C8E-9973-4709-9B90-31D8FEF5BFCF}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{9998E23E-4C3C-4680-9D79-E21B2D924DE6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B3365A3D-E4EC-44DE-80FF-1879BA7F4356}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{B83E4109-EEFE-454B-8D2E-81D08113CF6A}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{B8C70BB3-00F9-4601-8B05-AF4F33C2A484}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{BF1C9A96-086C-41E5-9B2C-5AE86428D5C8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{BF41F8FA-B849-4068-ABC1-507EF5896236}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{C2B4DD14-6E16-47E2-B0A1-108DD0C29041}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{C8F0A708-B7B6-4C3E-857D-5D6DC0854840}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{C98B40A0-2F8C-4142-97EA-943C6A130943}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{C9AA9E61-35D6-4C83-B15D-55D04EC23227}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CC953F42-3359-4D58-8390-C173BD801189}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{D1E4C2AA-99CC-47A2-8812-8979D02E5029}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{D442810D-EFAA-43C9-8DAE-25EAB7E4A0BC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{DB4C0A18-CB88-42FD-9358-5ECA7C8B2DEF}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{DDEDF132-021F-4ABA-B180-56F57138F9C3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E0ECCA4A-5B5D-4804-9909-77E358277D19}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{E7F323F9-CE10-4750-8EAC-4D994C0FF459}" = protocol=1 | dir=in | [email protected],-28543 |
"{E82A1843-6073-4912-852B-A56DC9C45C2E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{EB301063-6F2E-4031-A004-58F14FD96258}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{F08EF844-F4E5-4D3B-BD6A-78C9D42BB9B2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{D9272D55-90EE-4FC5-A08E-86E0DF9A2BE5}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{9074CA8C-440D-4C70-9693-BFD3B6F971AF}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B87BB2A8-5921-9B18-BBB5-D9A42F9CD3E1}" = ccc-utility64
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C6CFAF5A-12F9-485E-EAD7-7FA1D3E5B943}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002471C5-6F62-D6CD-D6E5-A0F20F079B8B}" = Catalyst Control Center Localization Polish
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03819281-0870-65EE-24B0-A7DEDE9F796A}" = Catalyst Control Center Localization Chinese Traditional
"{04F66470-CEA7-BF9A-1885-8E1A3474825A}" = CCC Help Danish
"{08062F2F-926A-D7EC-57E9-AB97AA0D7FDA}" = CCC Help Finnish
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0CAB8CDF-232E-F28F-A017-B388F41FACCB}" = CCC Help Portuguese
"{0E6FDBFA-7BF9-4C6D-9FAA-5ACF27710361}" = CDU680DORA USB Modem
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129
"{150FE68F-EE0C-4867-150A-D74FECBB8448}" = Catalyst Control Center Graphics Light
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{1FBF6C24-C1FD-4101-A42B-0

14
Tech Clinic / internet explorer gets redirected to harmfull website
« on: January 04, 2012, 03:48:03 AM »
[quote name='guestolo' timestamp='1325652190' post='480631']
Can you disable the 2 addons related to FSecure and then restart your browser

Does that work for you?
[/quote]the result is the same...still redirects me to that harmfull website.

15
Tech Clinic / internet explorer gets redirected to harmfull website
« on: January 03, 2012, 11:12:11 PM »
[quote name='guestolo' timestamp='1325600773' post='480626']
If you start IE with Addons disabled, do you still have problems?
Click the  Start button>>Programs>>>Accessories>>System Tools, and then click Internet Explorer (No Add-ons).
[/quote]

ah ha .. that seemed to do it,and it seems to run a bit faster too.i thought i had all add-ons disabled already guess i was wrong.here is a list of my add-ons if it helps
Name                   Shockwave Flash Object
Publisher              Adobe Systems Incorporated
Status                 Enabled
File date              ‎Wednesday, ‎November ‎23, ‎2011, ‏‎8:12 PM
Version                11.1.102.55

Name                   Adobe PDF Link Helper
Publisher              Adobe Systems, Incorporated
Status                 Disabled
File date              ‎Monday, ‎September ‎05, ‎2011, ‏‎9:04 AM
Version                10.1.1.33

Name                   Browsing Protection Toolbar
Publisher              F-Secure Corporation
Status                 Enabled
File date              ‎Wednesday, ‎December ‎07, ‎2011, ‏‎3:57 PM
Version                1.10.5656.0
Load time              0.00 s

Name                   Browsing Protection Class
Publisher              F-Secure Corporation
Status                 Enabled
File date              ‎Wednesday, ‎December ‎07, ‎2011, ‏‎3:57 PM
Version                1.10.5656.0
Load time              0.01 s
Navigation time        0.08 s

Name                   Windows Live Toolbar
Publisher              Microsoft Corporation
Status                 Disabled
File date              ‎Friday, ‎April ‎16, ‎2010, ‏‎7:55 PM
Version                14.0.8117.416

Name                   Search Helper
Publisher              Microsoft Corporation
Status                 Enabled
File date              ‎Wednesday, ‎January ‎14, ‎2009, ‏‎4:49 PM
Version                1.2.118.0
Load time              0.01 s
Navigation time        0.01 s

Name                   Windows Live Sign-in Helper
Publisher              Microsoft Corporation
Status                 Disabled
File date              ‎Thursday, ‎January ‎22, ‎2009, ‏‎2:41 PM
Version                5.0.818.5
Load time              (0.00 s)
Navigation time        (0.00 s)

Name                   Windows Live Toolbar BHO
Publisher              Microsoft Corporation
Status                 Disabled
File date              ‎Friday, ‎April ‎16, ‎2010, ‏‎7:55 PM
Version                14.0.8117.416
Load time              (0.17 s)
Navigation time        (0.00 s)

Name                   Blog This in Windows Live Writer
Publisher              Not Available
Status                 Enabled

Name                   RealPlayer Download and Record Plugin for Internet Explorer
Publisher              RealNetworks, Inc.
Status                 Enabled
File date              ‎Friday, ‎December ‎02, ‎2011, ‏‎12:10 PM
Version                15.0.0.198
Load time              0.04 s
Navigation time        0.00 s

Name                   Java(tm) Plug-In 2 SSV Helper
Publisher              Sun Microsystems, Inc.
Status                 Enabled
File date              ‎Tuesday, ‎October ‎18, ‎2011, ‏‎6:05 PM
Version                6.0.290.11
Load time              0.06 s


 


16
Tech Clinic / internet explorer gets redirected to harmfull website
« on: January 03, 2012, 03:54:47 AM »
[quote name='guestolo' timestamp='1325556407' post='480618']
The OTL script is finishing successfully
Can you do the following please:
Please download TFC by Old Timer and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Save any unsaved work. TFC will close ALL open programs including your browser!
Right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately.

Let me know if your still having problems later please
[/quote]


well.. as a whole it seems to run better, but when im not using IE 64 bit it still redirects me to a harmfull website,but thanks for trying anyway.

17
Tech Clinic / internet explorer gets redirected to harmfull website
« on: January 02, 2012, 08:32:38 PM »
[quote name='guestolo' timestamp='1325550824' post='480616']
Can you do the following
As you have had luck with IE 64bit
Delete twb.com on desktop
Download [color="#ff0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.
  • Close all windows and double click on OTL.exe to run it
  • Right click on OTL.exe and choose to "Run as Administrator"
  • Under the [color="#0000ff"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
    and ensure to copy Everything from [color="#0000ff"]:Files[/color] right to the end bracket of [color="#0000ff"][EmptyTemp][/color]
  • Then click the [color="#ff0000"]Run Fix[/color] button at the top
  • Let the program run unhindered, reboot the PC when it is done
On startup, Allow OTL to run if prompted
A log should open, can you post it please

In addition
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to [color="#0000ff"]Update Malwarebytes' Anti-Malware[/color] and [color="#0000ff"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, you will be prompted to Decline or use Trial version>>>Select DECLINE
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If anything is found, make sure that everything is checked, and click Remove Selected.
        * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
[/quote]

here is the log u requested however OTL didnt prompt me to scan after reboot

All processes killed
========== FILES ==========
[color="#a23bec"]<  ipconfig /flushdns /c >[/color]
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dirtbag\Desktop\cmd.bat deleted successfully.
C:\Users\Dirtbag\Desktop\cmd.txt deleted successfully.
File\Folder :Commands not found.
File\Folder [resethosts] not found.
File\Folder [EmptyFlash] not found.
File\Folder [EmptyTemp] not found.
 
OTL by OldTimer - Version 3.2.31.0 log created on 01022012_162520

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

here is the Malware log.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.02.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dirtbag :: DIRTBAG-PC [administrator]

1/2/2012 4:34:46 PM
mbam-log-2012-01-02 (16-34-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202333
Time elapsed: 2 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
also i wasnt sure if u wanted the full logs from after the OTL fix so i included them just in case sorry if i misunderstood.

OTL logfile created on: 1/2/2012 4:22:13 PM - Run 5
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Dirtbag\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 6.06 Gb Available Physical Memory | 75.91% Memory free
15.96 Gb Paging File | 13.81 Gb Available in Paging File | 86.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 814.04 Gb Free Space | 87.40% Space Free | Partition Type: NTFS
 
Computer Name: DIRTBAG-PC | User Name: Dirtbag | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/02 16:19:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dirtbag\Desktop\OTL.exe
PRC - [2011/12/02 12:09:58 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/08 20:47:49 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsav32.exe
PRC - [2011/09/08 19:28:36 | 001,008,296 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fssm32.exe
PRC - [2011/09/08 19:28:36 | 000,512,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/23 15:06:03 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\ORSP Client\fsorsp.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/26 21:11:49 | 000,867,080 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011/01/07 17:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/11/18 07:08:32 | 000,201,128 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSM32.EXE
PRC - [2009/11/18 07:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSMA32.EXE
PRC - [2009/11/18 07:08:32 | 000,090,536 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSHDLL32.EXE
PRC - [2009/11/18 07:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32st.exe
PRC - [2009/09/06 05:13:22 | 043,230,560 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 8.0\PhotoshopElementsEditor.exe
PRC - [2009/09/06 04:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009/11/18 07:08:42 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSPC\fspcfsm.eng
MOD - [2009/11/18 07:07:10 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\strres.eng
MOD - [2009/11/18 07:07:02 | 000,553,384 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\gres.dll
MOD - [2009/11/18 07:06:54 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\fsavures.eng
MOD - [2009/11/18 07:06:52 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\flyerres.eng
MOD - [2009/11/18 07:06:40 | 000,090,536 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\aboutres.dll
MOD - [2009/11/18 07:06:36 | 000,442,792 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\about.dll
MOD - [2009/09/06 05:09:46 | 004,774,240 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 8.0\authplay.dll
MOD - [2009/09/06 04:55:08 | 000,071,008 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 8.0\OperaMgr.dll
MOD - [2009/09/06 04:45:40 | 000,430,432 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 8.0\AdobeXMP.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/07/13 16:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 16:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/12/08 18:03:17 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/23 15:06:03 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/26 21:11:49 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/07 17:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/11/18 07:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\GCI Security Guard\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/11/18 07:07:30 | 000,846,248 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/11/18 07:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/09/06 04:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 12:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/04/22 17:57:44 | 000,050,384 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2011/03/10 21:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 21:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/28 10:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/08 16:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/12/08 16:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/20 18:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 18:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 18:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 18:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 14:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/10/19 14:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/05/19 20:03:11 | 000,105,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/11/18 07:07:30 | 000,094,024 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2009/07/13 16:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 16:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 16:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 11:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 11:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 11:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 11:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 11:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/16 01:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2011/09/08 19:29:22 | 000,198,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/11/18 07:08:18 | 000,059,784 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\GCI Security Guard\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/11/18 07:06:22 | 000,016,768 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009/07/13 16:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Dirtbag\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\GCI Security Guard\NRS\[email protected] [2011/12/07 15:57:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/02 12:10:05 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 12:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\GCI Security Guard\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\GCI Security Guard\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\GCI Security Guard\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\GCI Security Guard\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.165.131.12 209.165.131.13 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{789799E2-36E5-4239-976F-F680D938537A}: DhcpNameServer = 209.165.131.12 209.165.131.13 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/02 16:19:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dirtbag\Desktop\OTL.exe
[2012/01/02 11:23:17 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Users\Dirtbag\Desktop\aswMBR.exe
[2012/01/02 09:28:40 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Local\SWTOR
[2012/01/02 09:28:40 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\Documents\HeroBlade Logs
[2012/01/01 23:52:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/01 12:16:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/01/01 12:16:39 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/31 13:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/12/29 18:51:56 | 002,560,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2011/12/28 15:20:58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/26 22:18:04 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Roaming\Firestorm
[2011/12/26 22:18:02 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Local\Firestorm
[2011/12/26 22:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm-Release
[2011/12/26 22:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firestorm-Release
[2011/12/26 22:11:21 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Local\SecondLife
[2011/12/26 17:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2011/12/26 17:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/12/26 17:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2011/12/14 23:29:58 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/14 23:29:58 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/14 23:29:57 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/14 23:29:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/14 23:29:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/14 23:29:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/14 23:29:56 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/14 23:29:56 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/14 23:29:56 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/14 23:29:56 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/14 23:29:56 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/14 20:23:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 20:23:23 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 20:23:23 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/09/25 16:56:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2010/02/03 20:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/02 16:19:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dirtbag\Desktop\OTL.exe
[2012/01/02 15:40:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/02 11:23:19 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Users\Dirtbag\Desktop\aswMBR.exe
[2012/01/02 09:12:20 | 000,025,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 09:12:20 | 000,025,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 09:08:02 | 000,725,056 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/02 09:08:02 | 000,622,250 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/02 09:08:02 | 000,106,740 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/02 09:02:07 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/02 09:01:17 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2012/01/02 09:01:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/02 09:01:11 | 2132,865,023 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/01 12:16:39 | 000,002,985 | ---- | M] () -- C:\Users\Dirtbag\Desktop\HiJackThis.lnk
[2011/12/29 22:12:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/12/29 18:43:30 | 547,740,408 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/26 22:17:59 | 000,001,315 | ---- | M] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2011/12/26 17:28:05 | 000,001,453 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/12/15 19:57:49 | 000,271,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/12 20:19:47 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\Phoenix Viewer.lnk
[2011/12/07 15:49:05 | 000,005,120 | ---- | M] () -- C:\Users\Dirtbag\AppData\Local\Databases.db
 
========== Files Created - No Company Name ==========
 
[2012/01/01 23:16:06 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\Scheduled scanning task.job
[2012/01/01 12:16:39 | 000,002,985 | ---- | C] () -- C:\Users\Dirtbag\Desktop\HiJackThis.lnk
[2011/12/29 22:12:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/12/28 15:20:57 | 547,740,408 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/26 22:17:59 | 000,001,315 | ---- | C] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2011/12/26 17:28:05 | 000,001,453 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/08/31 13:29:00 | 004,023,808 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011/07/18 20:24:45 | 000,005,120 | ---- | C] () -- C:\Users\Dirtbag\AppData\Local\Databases.db
[2011/07/12 15:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/06/17 05:26:10 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/17 05:17:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/22 17:21:35 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2011/04/22 17:21:24 | 000,739,068 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/20 07:45:15 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2011/04/20 07:35:11 | 000,035,934 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/04/20 07:31:12 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/04/20 07:31:01 | 000,024,353 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/01/04 13:28:18 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/13 20:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 17:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 17:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 15:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 14:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 12:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 12:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 03:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/02/05 16:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
 
========== Custom Scans ==========
 
 
<  >

< End of report >
i hope this helps.







18
Tech Clinic / internet explorer gets redirected to harmfull website
« on: January 02, 2012, 03:22:32 PM »
[quote name='guestolo' timestamp='1325516631' post='480614']
The results in the OTL log from the fix wasn't what I expected
Did you copy/paste Exactly what I had to the custom scan/fixes pane of Otl.exe?

Can you do the following:
Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

Click the START SCAN, when done
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download [color="#ff0000"]aswMBR.exe[/color] to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan  click save log, save it to your desktop and post in your next reply
[/quote]
as far as i can tell i pasted exactly what u had in the scan/fixes window,also in the 64 bit explorer i dont get redirected to the harmfull website i told u about in the begining of the post.







11:13:21.0214 0244 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
11:13:21.0869 0244 ============================================================
11:13:21.0869 0244 Current date / time: 2012/01/02 11:13:21.0869
11:13:21.0869 0244 SystemInfo:
11:13:21.0869 0244
11:13:21.0869 0244 OS Version: 6.1.7601 ServicePack: 1.0
11:13:21.0869 0244 Product type: Workstation
11:13:21.0869 0244 ComputerName: DIRTBAG-PC
11:13:21.0869 0244 UserName: Dirtbag
11:13:21.0869 0244 Windows directory: C:\Windows
11:13:21.0869 0244 System windows directory: C:\Windows
11:13:21.0869 0244 Running under WOW64
11:13:21.0869 0244 Processor architecture: Intel x64
11:13:21.0869 0244 Number of processors: 8
11:13:21.0869 0244 Page size: 0x1000
11:13:21.0869 0244 Boot type: Normal boot
11:13:21.0869 0244 ============================================================
11:13:22.0509 0244 Initialize success
11:14:18.0607 6096 ============================================================
11:14:18.0607 6096 Scan started
11:14:18.0607 6096 Mode: Manual;
11:14:18.0607 6096 ============================================================
11:14:19.0028 6096 1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
11:14:19.0028 6096 1394ohci - ok
11:14:19.0043 6096 ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:14:19.0059 6096 ACPI - ok
11:14:19.0059 6096 AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:14:19.0059 6096 AcpiPmi - ok
11:14:19.0121 6096 adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:14:19.0121 6096 adp94xx - ok
11:14:19.0137 6096 adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:14:19.0137 6096 adpahci - ok
11:14:19.0153 6096 adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:14:19.0153 6096 adpu320 - ok
11:14:19.0199 6096 AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:14:19.0199 6096 AFD - ok
11:14:19.0215 6096 agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:14:19.0215 6096 agp440 - ok
11:14:19.0231 6096 aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:14:19.0231 6096 aliide - ok
11:14:19.0246 6096 amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:14:19.0246 6096 amdide - ok
11:14:19.0246 6096 AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:14:19.0246 6096 AmdK8 - ok
11:14:19.0262 6096 AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
11:14:19.0262 6096 AmdPPM - ok
11:14:19.0277 6096 amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:14:19.0277 6096 amdsata - ok
11:14:19.0293 6096 amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:14:19.0293 6096 amdsbs - ok
11:14:19.0309 6096 amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:14:19.0309 6096 amdxata - ok
11:14:19.0324 6096 AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:14:19.0324 6096 AppID - ok
11:14:19.0340 6096 arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:14:19.0340 6096 arc - ok
11:14:19.0355 6096 arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:14:19.0355 6096 arcsas - ok
11:14:19.0387 6096 asmthub3        (e1e75921e9eb025009696d4837f531fb) C:\Windows\system32\DRIVERS\asmthub3.sys
11:14:19.0387 6096 asmthub3 - ok
11:14:19.0418 6096 asmtxhci        (b0cf9ab16006b61634d4f955345ca5d2) C:\Windows\system32\DRIVERS\asmtxhci.sys
11:14:19.0433 6096 asmtxhci - ok
11:14:19.0433 6096 AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:14:19.0449 6096 AsyncMac - ok
11:14:19.0449 6096 atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:14:19.0449 6096 atapi - ok
11:14:19.0480 6096 b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:14:19.0496 6096 b06bdrv - ok
11:14:19.0511 6096 b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:14:19.0511 6096 b57nd60a - ok
11:14:19.0527 6096 Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:14:19.0527 6096 Beep - ok
11:14:19.0558 6096 blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:14:19.0558 6096 blbdrive - ok
11:14:19.0574 6096 bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:14:19.0574 6096 bowser - ok
11:14:19.0589 6096 BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:14:19.0589 6096 BrFiltLo - ok
11:14:19.0589 6096 BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:14:19.0589 6096 BrFiltUp - ok
11:14:19.0605 6096 Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:14:19.0621 6096 Brserid - ok
11:14:19.0621 6096 BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:14:19.0621 6096 BrSerWdm - ok
11:14:19.0636 6096 BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:14:19.0636 6096 BrUsbMdm - ok
11:14:19.0652 6096 BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:14:19.0652 6096 BrUsbSer - ok
11:14:19.0652 6096 BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:14:19.0667 6096 BTHMODEM - ok
11:14:19.0683 6096 cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:14:19.0683 6096 cdfs - ok
11:14:19.0699 6096 cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:14:19.0699 6096 cdrom - ok
11:14:19.0730 6096 circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:14:19.0730 6096 circlass - ok
11:14:19.0745 6096 CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:14:19.0745 6096 CLFS - ok
11:14:19.0761 6096 CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
11:14:19.0761 6096 CmBatt - ok
11:14:19.0777 6096 cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:14:19.0777 6096 cmdide - ok
11:14:19.0792 6096 CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
11:14:19.0792 6096 CNG - ok
11:14:19.0808 6096 Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
11:14:19.0808 6096 Compbatt - ok
11:14:19.0823 6096 CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:14:19.0823 6096 CompositeBus - ok
11:14:19.0839 6096 crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:14:19.0839 6096 crcdisk - ok
11:14:19.0870 6096 CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:14:19.0870 6096 CSC - ok
11:14:19.0886 6096 DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:14:19.0886 6096 DfsC - ok
11:14:19.0901 6096 discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:14:19.0901 6096 discache - ok
11:14:19.0901 6096 Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:14:19.0901 6096 Disk - ok
11:14:19.0917 6096 dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
11:14:19.0917 6096 dmvsc - ok
11:14:19.0933 6096 drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:14:19.0933 6096 drmkaud - ok
11:14:19.0964 6096 DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:14:19.0964 6096 DXGKrnl - ok
11:14:19.0995 6096 E1G60           (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
11:14:19.0995 6096 E1G60 - ok
11:14:20.0057 6096 ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:14:20.0104 6096 ebdrv - ok
11:14:20.0135 6096 elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:14:20.0135 6096 elxstor - ok
11:14:20.0151 6096 ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:14:20.0151 6096 ErrDev - ok
11:14:20.0151 6096 exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:14:20.0151 6096 exfat - ok
11:14:20.0213 6096 F-Secure Gatekeeper (c898cf54315e594c33f915b053e2ec2b) C:\Program Files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsgk.sys
11:14:20.0213 6096 F-Secure Gatekeeper - ok
11:14:20.0245 6096 F-Secure HIPS   (0923c7370d08aa0e167f24fdee24a333) C:\Program Files (x86)\GCI Security Guard\HIPS\drivers\fshs.sys
11:14:20.0245 6096 F-Secure HIPS - ok
11:14:20.0260 6096 fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:14:20.0260 6096 fastfat - ok
11:14:20.0276 6096 fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:14:20.0276 6096 fdc - ok
11:14:20.0291 6096 FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:14:20.0291 6096 FileInfo - ok
11:14:20.0307 6096 Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:14:20.0307 6096 Filetrace - ok
11:14:20.0307 6096 flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:14:20.0323 6096 flpydisk - ok
11:14:20.0323 6096 FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:14:20.0338 6096 FltMgr - ok
11:14:20.0354 6096 FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:14:20.0354 6096 FsDepends - ok
11:14:20.0369 6096 FSES            (06c487127857ca7dd0bb6051d454dd90) C:\Windows\system32\drivers\fses.sys
11:14:20.0369 6096 FSES - ok
11:14:20.0385 6096 FSFW            (f68d7041a3a6f4707237891d476dd412) C:\Windows\system32\drivers\fsdfw.sys
11:14:20.0385 6096 FSFW - ok
11:14:20.0401 6096 fsvista         (ca7903a77fe92a11045dab462574009f) C:\Program Files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsvista.sys
11:14:20.0416 6096 fsvista - ok
11:14:20.0416 6096 Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:14:20.0416 6096 Fs_Rec - ok
11:14:20.0432 6096 fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:14:20.0432 6096 fvevol - ok
11:14:20.0447 6096 gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:14:20.0463 6096 gagp30kx - ok
11:14:20.0479 6096 hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:14:20.0479 6096 hcw85cir - ok
11:14:20.0510 6096 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:14:20.0510 6096 HdAudAddService - ok
11:14:20.0525 6096 HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:14:20.0525 6096 HDAudBus - ok
11:14:20.0525 6096 HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:14:20.0525 6096 HidBatt - ok
11:14:20.0541 6096 HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:14:20.0541 6096 HidBth - ok
11:14:20.0557 6096 HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:14:20.0557 6096 HidIr - ok
11:14:20.0572 6096 HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:14:20.0572 6096 HidUsb - ok
11:14:20.0588 6096 HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:14:20.0588 6096 HpSAMD - ok
11:14:20.0603 6096 HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:14:20.0619 6096 HTTP - ok
11:14:20.0635 6096 hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:14:20.0635 6096 hwpolicy - ok
11:14:20.0650 6096 i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:14:20.0650 6096 i8042prt - ok
11:14:20.0666 6096 iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:14:20.0681 6096 iaStorV - ok
11:14:20.0697 6096 iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:14:20.0697 6096 iirsp - ok
11:14:20.0744 6096 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
11:14:20.0775 6096 IntcAzAudAddService - ok
11:14:20.0806 6096 intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:14:20.0806 6096 intelide - ok
11:14:20.0822 6096 intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:14:20.0822 6096 intelppm - ok
11:14:20.0837 6096 IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:14:20.0837 6096 IpFilterDriver - ok
11:14:20.0853 6096 IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:14:20.0853 6096 IPMIDRV - ok
11:14:20.0869 6096 IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:14:20.0869 6096 IPNAT - ok
11:14:20.0884 6096 IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:14:20.0884 6096 IRENUM - ok
11:14:20.0900 6096 isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:14:20.0900 6096 isapnp - ok
11:14:20.0915 6096 iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:14:20.0915 6096 iScsiPrt - ok
11:14:20.0931 6096 JRAID           (dbc83f59d9741734f9575da4e3345b2c) C:\Windows\system32\DRIVERS\jraid.sys
11:14:20.0931 6096 JRAID - ok
11:14:20.0947 6096 kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:14:20.0947 6096 kbdclass - ok
11:14:20.0962 6096 kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:14:20.0962 6096 kbdhid - ok
11:14:20.0978 6096 KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
11:14:20.0978 6096 KSecDD - ok
11:14:20.0993 6096 KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
11:14:20.0993 6096 KSecPkg - ok
11:14:21.0009 6096 ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:14:21.0009 6096 ksthunk - ok
11:14:21.0040 6096 lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:14:21.0040 6096 lltdio - ok
11:14:21.0056 6096 LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:14:21.0056 6096 LSI_FC - ok
11:14:21.0071 6096 LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:14:21.0071 6096 LSI_SAS - ok
11:14:21.0087 6096 LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:14:21.0087 6096 LSI_SAS2 - ok
11:14:21.0103 6096 LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:14:21.0103 6096 LSI_SCSI - ok
11:14:21.0118 6096 luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:14:21.0118 6096 luafv - ok
11:14:21.0134 6096 megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:14:21.0134 6096 megasas - ok
11:14:21.0149 6096 MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:14:21.0165 6096 MegaSR - ok
11:14:21.0165 6096 MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
11:14:21.0181 6096 MEIx64 - ok
11:14:21.0181 6096 Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:14:21.0181 6096 Modem - ok
11:14:21.0196 6096 monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:14:21.0196 6096 monitor - ok
11:14:21.0212 6096 mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:14:21.0212 6096 mouclass - ok
11:14:21.0227 6096 mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:14:21.0227 6096 mouhid - ok
11:14:21.0243 6096 mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:14:21.0243 6096 mountmgr - ok
11:14:21.0259 6096 mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:14:21.0259 6096 mpio - ok
11:14:21.0274 6096 mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:14:21.0274 6096 mpsdrv - ok
11:14:21.0290 6096 MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:14:21.0305 6096 MRxDAV - ok
11:14:21.0321 6096 mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:14:21.0321 6096 mrxsmb - ok
11:14:21.0352 6096 mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:14:21.0352 6096 mrxsmb10 - ok
11:14:21.0352 6096 mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:14:21.0368 6096 mrxsmb20 - ok
11:14:21.0383 6096 msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:14:21.0383 6096 msahci - ok
11:14:21.0399 6096 msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:14:21.0399 6096 msdsm - ok
11:14:21.0415 6096 Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:14:21.0415 6096 Msfs - ok
11:14:21.0430 6096 mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:14:21.0430 6096 mshidkmdf - ok
11:14:21.0430 6096 msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:14:21.0430 6096 msisadrv - ok
11:14:21.0446 6096 MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:14:21.0446 6096 MSKSSRV - ok
11:14:21.0461 6096 MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:14:21.0461 6096 MSPCLOCK - ok
11:14:21.0477 6096 MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:14:21.0477 6096 MSPQM - ok
11:14:21.0493 6096 MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:14:21.0493 6096 MsRPC - ok
11:14:21.0508 6096 mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:14:21.0508 6096 mssmbios - ok
11:14:21.0524 6096 MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:14:21.0524 6096 MSTEE - ok
11:14:21.0524 6096 MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:14:21.0524 6096 MTConfig - ok
11:14:21.0539 6096 Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:14:21.0539 6096 Mup - ok
11:14:21.0555 6096 NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:14:21.0571 6096 NativeWifiP - ok
11:14:21.0586 6096 NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:14:21.0602 6096 NDIS - ok
11:14:21.0617 6096 NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:14:21.0617 6096 NdisCap - ok
11:14:21.0617 6096 NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:14:21.0617 6096 NdisTapi - ok
11:14:21.0633 6096 Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:14:21.0633 6096 Ndisuio - ok
11:14:21.0649 6096 NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:14:21.0649 6096 NdisWan - ok
11:14:21.0664 6096 NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:14:21.0664 6096 NDProxy - ok
11:14:21.0680 6096 NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:14:21.0680 6096 NetBIOS - ok
11:14:21.0680 6096 NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:14:21.0695 6096 NetBT - ok
11:14:21.0711 6096 nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:14:21.0711 6096 nfrd960 - ok
11:14:21.0727 6096 Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:14:21.0727 6096 Npfs - ok
11:14:21.0742 6096 nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:14:21.0742 6096 nsiproxy - ok
11:14:21.0789 6096 Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:14:21.0820 6096 Ntfs - ok
11:14:21.0836 6096 Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:14:21.0836 6096 Null - ok
11:14:21.0867 6096 NVHDA           (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
11:14:21.0867 6096 NVHDA - ok
11:14:22.0023 6096 nvlddmkm        (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:14:22.0070 6096 nvlddmkm - ok
11:14:22.0195 6096 nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:14:22.0195 6096 nvraid - ok
11:14:22.0210 6096 nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:14:22.0226 6096 nvstor - ok
11:14:22.0257 6096 nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:14:22.0257 6096 nv_agp - ok
11:14:22.0273 6096 ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:14:22.0273 6096 ohci1394 - ok
11:14:22.0288 6096 Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:14:22.0288 6096 Parport - ok
11:14:22.0304 6096 partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:14:22.0304 6096 partmgr - ok
11:14:22.0319 6096 pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:14:22.0319 6096 pci - ok
11:14:22.0319 6096 pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:14:22.0319 6096 pciide - ok
11:14:22.0351 6096 pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:14:22.0351 6096 pcmcia - ok
11:14:22.0351 6096 pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:14:22.0351 6096 pcw - ok
11:14:22.0382 6096 PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:14:22.0382 6096 PEAUTH - ok
11:14:22.0413 6096 PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:14:22.0413 6096 PptpMiniport - ok
11:14:22.0429 6096 Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:14:22.0429 6096 Processor - ok
11:14:22.0460 6096 Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:14:22.0460 6096 Psched - ok
11:14:22.0491 6096 PxHlpa64        (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
11:14:22.0491 6096 PxHlpa64 - ok
11:14:22.0522 6096 ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:14:22.0538 6096 ql2300 - ok
11:14:22.0553 6096 ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:14:22.0553 6096 ql40xx - ok
11:14:22.0569 6096 QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:14:22.0569 6096 QWAVEdrv - ok
11:14:22.0585 6096 RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:14:22.0585 6096 RasAcd - ok
11:14:22.0600 6096 RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:14:22.0600 6096 RasAgileVpn - ok
11:14:22.0600 6096 Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:14:22.0616 6096 Rasl2tp - ok
11:14:22.0616 6096 RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:14:22.0616 6096 RasPppoe - ok
11:14:22.0631 6096 RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:14:22.0631 6096 RasSstp - ok
11:14:22.0647 6096 rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:14:22.0647 6096 rdbss - ok
11:14:22.0663 6096 rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:14:22.0663 6096 rdpbus - ok
11:14:22.0678 6096 RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:14:22.0678 6096 RDPCDD - ok
11:14:22.0694 6096 RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:14:22.0694 6096 RDPDR - ok
11:14:22.0709 6096 RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:14:22.0709 6096 RDPENCDD - ok
11:14:22.0725 6096 RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:14:22.0725 6096 RDPREFMP - ok
11:14:22.0725 6096 RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:14:22.0741 6096 RDPWD - ok
11:14:22.0787 6096 rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:14:22.0819 6096 rdyboost - ok
11:14:22.0865 6096 rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:14:22.0865 6096 rspndr - ok
11:14:22.0897 6096 RTL8167         (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:14:22.0897 6096 RTL8167 - ok
11:14:22.0912 6096 s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:14:22.0912 6096 s3cap - ok
11:14:22.0928 6096 sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:14:22.0928 6096 sbp2port - ok
11:14:22.0959 6096 scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:14:22.0959 6096 scfilter - ok
11:14:22.0975 6096 secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:14:22.0975 6096 secdrv - ok
11:14:22.0990 6096 Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:14:22.0990 6096 Serenum - ok
11:14:22.0990 6096 Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:14:22.0990 6096 Serial - ok
11:14:23.0006 6096 sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:14:23.0006 6096 sermouse - ok
11:14:23.0021 6096 sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:14:23.0021 6096 sffdisk - ok
11:14:23.0021 6096 sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:14:23.0021 6096 sffp_mmc - ok
11:14:23.0037 6096 sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:14:23.0037 6096 sffp_sd - ok
11:14:23.0053 6096 sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:14:23.0053 6096 sfloppy - ok
11:14:23.0053 6096 SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:14:23.0053 6096 SiSRaid2 - ok
11:14:23.0068 6096 SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:14:23.0068 6096 SiSRaid4 - ok
11:14:23.0099 6096 Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:14:23.0099 6096 Smb - ok
11:14:23.0115 6096 spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:14:23.0115 6096 spldr - ok
11:14:23.0146 6096 srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:14:23.0146 6096 srv - ok
11:14:23.0162 6096 srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:14:23.0162 6096 srv2 - ok
11:14:23.0193 6096 srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:14:23.0193 6096 srvnet - ok
11:14:23.0224 6096 stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:14:23.0224 6096 stexstor - ok
11:14:23.0240 6096 storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
11:14:23.0240 6096 storflt - ok
11:14:23.0255 6096 storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:14:23.0255 6096 storvsc - ok
11:14:23.0271 6096 swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:14:23.0271 6096 swenum - ok
11:14:23.0318 6096 Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:14:23.0365 6096 Tcpip - ok
11:14:23.0380 6096 TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:14:23.0396 6096 TCPIP6 - ok
11:14:23.0411 6096 tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:14:23.0411 6096 tcpipreg - ok
11:14:23.0411 6096 TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:14:23.0411 6096 TDPIPE - ok
11:14:23.0427 6096 TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:14:23.0427 6096 TDTCP - ok
11:14:23.0443 6096 tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:14:23.0443 6096 tdx - ok
11:14:23.0443 6096 TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
11:14:23.0443 6096 TermDD - ok
11:14:23.0458 6096 tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:14:23.0458 6096 tssecsrv - ok
11:14:23.0474 6096 TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:14:23.0474 6096 TsUsbFlt - ok
11:14:23.0489 6096 TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:14:23.0489 6096 TsUsbGD - ok
11:14:23.0505 6096 tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:14:23.0505 6096 tunnel - ok
11:14:23.0521 6096 uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:14:23.0521 6096 uagp35 - ok
11:14:23.0536 6096 udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:14:23.0536 6096 udfs - ok
11:14:23.0567 6096 uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:14:23.0567 6096 uliagpkx - ok
11:14:23.0583 6096 umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:14:23.0583 6096 umbus - ok
11:14:23.0599 6096 UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:14:23.0599 6096 UmPass - ok
11:14:23.0630 6096 usbccgp         (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
11:14:23.0630 6096 usbccgp - ok
11:14:23.0645 6096 usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:14:23.0645 6096 usbcir - ok
11:14:23.0661 6096 usbehci         (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
11:14:23.0661 6096 usbehci - ok
11:14:23.0677 6096 usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
11:14:23.0677 6096 usbhub - ok
11:14:23.0692 6096 usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
11:14:23.0692 6096 usbohci - ok
11:14:23.0692 6096 usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:14:23.0708 6096 usbprint - ok
11:14:23.0723 6096 USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:14:23.0723 6096 USBSTOR - ok
11:14:23.0739 6096 usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
11:14:23.0739 6096 usbuhci - ok
11:14:23.0755 6096 vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:14:23.0755 6096 vdrvroot - ok
11:14:23.0770 6096 vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:14:23.0770 6096 vga - ok
11:14:23.0786 6096 VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:14:23.0786 6096 VgaSave - ok
11:14:23.0801 6096 vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:14:23.0801 6096 vhdmp - ok
11:14:23.0801 6096 viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:14:23.0801 6096 viaide - ok
11:14:23.0817 6096 vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
11:14:23.0817 6096 vmbus - ok
11:14:23.0833 6096 VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:14:23.0833 6096 VMBusHID - ok
11:14:23.0848 6096 volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:14:23.0848 6096 volmgr - ok
11:14:23.0864 6096 volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:14:23.0864 6096 volmgrx - ok
11:14:23.0879 6096 volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:14:23.0895 6096 volsnap - ok
11:14:23.0911 6096 vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:14:23.0911 6096 vsmraid - ok
11:14:23.0926 6096 vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:14:23.0926 6096 vwifibus - ok
11:14:23.0942 6096 WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:14:23.0942 6096 WacomPen - ok
11:14:23.0973 6096 WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:14:23.0973 6096 WANARP - ok
11:14:23.0989 6096 Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:14:23.0989 6096 Wanarpv6 - ok
11:14:24.0004 6096 Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:14:24.0004 6096 Wd - ok
11:14:24.0020 6096 Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:14:24.0035 6096 Wdf01000 - ok
11:14:24.0051 6096 WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:14:24.0051 6096 WfpLwf - ok
11:14:24.0067 6096 WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:14:24.0067 6096 WIMMount - ok
11:14:24.0113 6096 WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:14:24.0113 6096 WinUsb - ok
11:14:24.0113 6096 WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:14:24.0113 6096 WmiAcpi - ok
11:14:24.0145 6096 ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:14:24.0145 6096 ws2ifsl - ok
11:14:24.0176 6096 WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:14:24.0176 6096 WudfPf - ok
11:14:24.0207 6096 WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:14:24.0207 6096 WUDFRd - ok
11:14:24.0238 6096 yukonw7         (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
11:14:24.0238 6096 yukonw7 - ok
11:14:24.0254 6096 MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:14:24.0301 6096 \Device\Harddisk0\DR0 - ok
11:14:24.0301 6096 Boot (0x1200)   (20d7125dad0193b5ff7c2961e3e3c181) \Device\Harddisk0\DR0\Partition0
11:14:24.0301 6096 \Device\Harddisk0\DR0\Partition0 - ok
11:14:24.0316 6096 Boot (0x1200)   (e843d4ab45387d69d12d7bc691c94b35) \Device\Harddisk0\DR0\Partition1
11:14:24.0316 6096 \Device\Harddisk0\DR0\Partition1 - ok
11:14:24.0316 6096 ============================================================
11:14:24.0316 6096 Scan finished
11:14:24.0316 6096 ============================================================
11:14:24.0909 5864 Detected object count: 0
11:14:24.0909 5864 Actual detected object count: 0
11:18:52.0523 4448 Deinitialize success
here is the first log.. i will post the others as soon as its done running...and it didnt prompt me to reboot when i ran as administrator.





here is the other log u requested as well...although i didnt see where i could change the AV scan to none and it prompted me to download virus definitions which i declined because u didnt ask me to
also on completion of the following download F-secure prompted me not to run because of the possible threat to my PC.

aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2012-01-02 11:24:56
-----------------------------
11:24:56.769    OS Version: Windows x64 6.1.7601 Service Pack 1
11:24:56.769    Number of processors: 8 586 0x2A07
11:24:56.769    ComputerName: DIRTBAG-PC  UserName: Dirtbag
11:24:58.079    Initialize success
11:25:44.979    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:25:44.979    Disk 0 Vendor: WDC_WD1002FAEX-007BA0 05.01D05 Size: 953869MB BusType: 11
11:25:44.994    Disk 0 MBR read successfully
11:25:44.994    Disk 0 MBR scan
11:25:44.994    Disk 0 Windows 7 default MBR code
11:25:44.994    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
11:25:44.994    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       953767 MB offset 206848
11:25:45.010    Service scanning
11:25:45.899    Modules scanning
11:25:45.899    Scan finished successfully
11:25:55.025    Disk 0 MBR has been saved successfully to "C:\Users\Dirtbag\Desktop\MBR.dat"
11:25:55.025    The log file has been saved successfully to "C:\Users\Dirtbag\Desktop\aswMBR.txt"

19
Tech Clinic / internet explorer gets redirected to harmfull website
« on: January 02, 2012, 03:58:42 AM »
[quote name='guestolo' timestamp='1325491812' post='480611']
Just double click on it and run it, allow to run if prompted by Windows
[/quote]


ok i was able to run it and adAll processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File sethosts] not found.
File ptyFlash] not found.
File ptyTemp] not found.
 
OTL by OldTimer - Version 3.2.31.0 log created on 01012012_235226

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
i was able to run the fix here is the log,please let me know if u need new twb logs as well.i will check out my interent browsing and let u know if it helped,thank u

UPDATE:it didnt help,still redirected to harmfull website,any other suggestions,just in case it will help here is a new set of TWB logs too.
OTL logfile created on: 1/2/2012 12:03:06 AM - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Dirtbag\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 6.31 Gb Available Physical Memory | 79.11% Memory free
15.96 Gb Paging File | 14.14 Gb Available in Paging File | 88.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 817.10 Gb Free Space | 87.73% Space Free | Partition Type: NTFS
Drive E: | 14.90 Gb Total Space | 6.07 Gb Free Space | 40.72% Space Free | Partition Type: FAT32
 
Computer Name: DIRTBAG-PC | User Name: Dirtbag | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/01 19:58:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dirtbag\Desktop\twb.com
PRC - [2011/12/08 18:03:17 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/12/02 12:09:58 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/23 20:12:43 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/11/08 20:47:49 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsav32.exe
PRC - [2011/09/08 19:28:36 | 001,008,296 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fssm32.exe
PRC - [2011/09/08 19:28:36 | 000,512,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32.exe
PRC - [2011/08/01 21:37:19 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/23 15:06:03 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\ORSP Client\fsorsp.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/01/07 17:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/11/18 07:08:32 | 000,201,128 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSM32.EXE
PRC - [2009/11/18 07:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSMA32.EXE
PRC - [2009/11/18 07:08:32 | 000,090,536 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Common\FSHDLL32.EXE
PRC - [2009/11/18 07:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32st.exe
PRC - [2009/09/06 04:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/12/08 18:03:17 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/12/08 18:03:16 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/12/08 18:03:16 | 000,194,344 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/12/08 18:03:16 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/12/08 18:03:16 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2009/11/18 07:08:42 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSPC\fspcfsm.eng
MOD - [2009/11/18 07:07:10 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\strres.eng
MOD - [2009/11/18 07:07:02 | 000,553,384 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\gres.dll
MOD - [2009/11/18 07:06:54 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\fsavures.eng
MOD - [2009/11/18 07:06:52 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\flyerres.eng
MOD - [2009/11/18 07:06:40 | 000,090,536 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\aboutres.dll
MOD - [2009/11/18 07:06:36 | 000,442,792 | ---- | M] () -- C:\Program Files (x86)\GCI Security Guard\FSGUI\about.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/07/13 16:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 16:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/12/08 18:03:17 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/23 15:06:03 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/26 21:11:49 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/07 17:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/11/18 07:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\GCI Security Guard\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/11/18 07:07:30 | 000,846,248 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/11/18 07:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/09/06 04:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 12:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/04/22 17:57:44 | 000,050,384 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2011/03/10 21:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 21:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/28 10:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/08 16:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/12/08 16:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/20 18:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 18:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 18:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 18:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 14:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/10/19 14:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/05/19 20:03:11 | 000,105,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/11/18 07:07:30 | 000,094,024 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2009/07/13 16:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 16:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 16:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 11:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 11:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 11:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 11:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 11:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/16 01:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2011/09/08 19:29:22 | 000,198,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/11/18 07:08:18 | 000,059,784 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\GCI Security Guard\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/11/18 07:06:22 | 000,016,768 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\GCI Security Guard\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009/07/13 16:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Dirtbag\Pictures\Dirts Pics\September
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\GCI Security Guard\NRS\[email protected] [2011/12/07 15:57:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/02 12:10:05 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 12:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\GCI Security Guard\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\GCI Security Guard\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\GCI Security Guard\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\GCI Security Guard\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.165.131.12 209.165.131.13 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{789799E2-36E5-4239-976F-F680D938537A}: DhcpNameServer = 209.165.131.12 209.165.131.13 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/01 23:52:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/01 19:58:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dirtbag\Desktop\twb.com
[2012/01/01 12:16:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/01/01 12:16:39 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/31 13:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/12/29 18:51:56 | 002,560,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2011/12/28 15:20:58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/26 22:18:04 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Roaming\Firestorm
[2011/12/26 22:18:02 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Local\Firestorm
[2011/12/26 22:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm-Release
[2011/12/26 22:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firestorm-Release
[2011/12/26 22:11:21 | 000,000,000 | ---D | C] -- C:\Users\Dirtbag\AppData\Local\SecondLife
[2011/12/26 17:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2011/12/26 17:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/12/26 17:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2011/12/14 23:29:58 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/14 23:29:58 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/14 23:29:57 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/14 23:29:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/14 23:29:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/14 23:29:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/14 23:29:56 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/14 23:29:56 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/14 23:29:56 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/14 23:29:56 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/14 23:29:56 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/14 20:23:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 20:23:23 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 20:23:23 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/09/25 16:56:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2010/02/03 20:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/02 00:00:35 | 000,025,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 00:00:35 | 000,025,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 00:00:24 | 000,725,056 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/02 00:00:24 | 000,622,250 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/02 00:00:24 | 000,106,740 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/01 23:53:42 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/01 23:53:30 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2012/01/01 23:53:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/01 23:53:22 | 2132,865,023 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/01 23:40:03 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/01 19:58:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dirtbag\Desktop\twb.com
[2012/01/01 12:16:39 | 000,002,985 | ---- | M] () -- C:\Users\Dirtbag\Desktop\HiJackThis.lnk
[2011/12/29 22:12:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/12/29 18:43:30 | 547,740,408 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/26 22:17:59 | 000,001,315 | ---- | M] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2011/12/26 17:28:05 | 000,001,453 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/12/15 19:57:49 | 000,271,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/12 20:19:47 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\Phoenix Viewer.lnk
[2011/12/07 15:49:05 | 000,005,120 | ---- | M] () -- C:\Users\Dirtbag\AppData\Local\Databases.db
 
========== Files Created - No Company Name ==========
 
[2012/01/01 23:16:06 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\Scheduled scanning task.job
[2012/01/01 12:16:39 | 000,002,985 | ---- | C] () -- C:\Users\Dirtbag\Desktop\HiJackThis.lnk
[2011/12/29 22:12:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/12/28 15:20:57 | 547,740,408 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/26 22:17:59 | 000,001,315 | ---- | C] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2011/12/26 17:28:05 | 000,001,453 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/08/31 13:29:00 | 004,023,808 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011/07/18 20:24:45 | 000,005,120 | ---- | C] () -- C:\Users\Dirtbag\AppData\Local\Databases.db
[2011/07/12 15:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/06/17 05:26:10 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/17 05:17:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/22 17:21:35 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2011/04/22 17:21:24 | 000,739,068 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/20 07:45:15 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2011/04/20 07:35:11 | 000,035,934 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/04/20 07:31:12 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/04/20 07:31:01 | 000,024,353 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/01/04 13:28:18 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/13 20:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 17:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 17:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 15:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 14:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 12:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 12:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 03:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/02/05 16:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

< End of report >
i hope this helps,it didnt seem to generate a new Extra`s log though hope it didnt need too.



20
Tech Clinic / internet explorer gets redirected to harmfull website
« on: January 02, 2012, 03:05:26 AM »
[quote name='guestolo' timestamp='1325484690' post='480609']
Can you do the following:
If it's possible to temporarily disable the protection software from F-Secure, can you do so, so as not to have it interfere with the following

Right click on OTL.exe(twb.com) and select to "Run as Administrator" then Run it
  • Under the [color="#0000ff"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
  • Then click the [color="#ff0000"]Run Fix[/color] button at the top
  • Let the program run unhindered, reboot the PC when it is done
On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

Let me know if there is any improvement please
[/quote]
for some reason when i right click as u ask i dont have that option in the menu.unless i am doing something wrong.i was however able to disable F-secure and can run other programs on my desktop as administrator but not twb.

Pages: [1] 2 3 4