Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Webpage redirecting (?)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Webpage redirecting (?)

Unread postby Eshang » February 11th, 2012, 4:10 pm

Hi, My name is Eric and recently I've begun to notice a few changes in my laptop that may indicate it may be infected with malware. Besides the change in laptops speed, I've noticed that many times when I'm surfing the web, I'll be automatically redirected to a "Windows 7 Antivirus" website which is obviously fake. I was wondering if this could be indication of malware? I would appreciate any help to fix the problem (if there is one). Thank you!

DDS LOG:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by EricShang at 13:06:11 on 2012-02-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6069.2646 [GMT -5:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskmgr.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\RO\DreamerRO's\exe.exe
C:\Program Files (x86)\RO\DreamerRO's\exe.exe
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\EricShang\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [winupdate] C:\Windows\system32\install\winupdt.exe
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{05BDF0D1-9718-447B-9539-4FFA1E2CE07F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{05BDF0D1-9718-447B-9539-4FFA1E2CE07F}\4556E62556E64556164596D656 : DhcpNameServer = 68.87.73.246 68.87.71.230
TCP: Interfaces\{05BDF0D1-9718-447B-9539-4FFA1E2CE07F}\86F6D656 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{05BDF0D1-9718-447B-9539-4FFA1E2CE07F}\A49616E676E4564777F627B6 : DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{05BDF0D1-9718-447B-9539-4FFA1E2CE07F}\C696E6B6379737 : DhcpNameServer = 68.87.73.246 68.87.71.230
TCP: Interfaces\{93422096-8B22-4798-A1C3-B195BD476D83} : DhcpNameServer = 128.8.74.2 128.8.76.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\ProgramData\dxmasf32.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [(Default)]
mRun-x64: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\ProgramData\dxmasf32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\EricShang\AppData\Roaming\Mozilla\Firefox\Profiles\5ecazms3.default\
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\EricShang\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-7-1 352976]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-7-7 2314240]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-7-7 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-7-7 79360]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SaiU0CCB;SaiU0CCB;C:\Windows\system32\DRIVERS\SaiU0CCB.sys --> C:\Windows\system32\DRIVERS\SaiU0CCB.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 Dyyno Launcher;Dyyno Service;C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-5-18 415072]
.
=============== Created Last 30 ================
.
2012-02-11 17:10:56 -------- d-----w- C:\Users\EricShang\AppData\Local\{91F9149A-5A1E-4E80-B8AC-2E2722E8227C}
2012-02-11 17:10:46 -------- d-----w- C:\Users\EricShang\AppData\Local\{0D811AFE-FBEA-43A4-B02E-ED46A1103B4D}
2012-02-11 01:41:03 -------- d-----w- C:\Users\EricShang\AppData\Local\{AB26BF26-E024-4E0D-8CB8-A39E7F16A134}
2012-02-11 01:40:42 -------- d-----w- C:\Users\EricShang\AppData\Local\{CF640CFF-24B5-4DF6-8879-F172A60611D9}
2012-02-10 13:40:19 -------- d-----w- C:\Users\EricShang\AppData\Local\{91F0354A-C61F-428C-8EFA-137A7388C6B0}
2012-02-10 13:40:09 -------- d-----w- C:\Users\EricShang\AppData\Local\{3925F8C6-91EE-4B47-9D60-8DE7AFBCE3BF}
2012-02-09 20:26:02 -------- d-----w- C:\Users\EricShang\AppData\Local\{87108E38-81BE-4EE3-B9DD-6D1D6A3815BB}
2012-02-09 20:25:52 -------- d-----w- C:\Users\EricShang\AppData\Local\{0D03904D-53E0-4AB7-8EEC-1301E5A3F648}
2012-02-09 02:18:05 -------- d-----w- C:\Users\EricShang\AppData\Local\{39B65EE8-256D-4EFE-B8C6-C6228472193A}
2012-02-08 14:17:58 -------- d-----w- C:\Users\EricShang\AppData\Local\{A39DB288-D095-4ED6-8B7B-808CE3BBAAD9}
2012-02-07 23:24:58 -------- d-----w- C:\Users\EricShang\AppData\Local\{2052FF16-6DC3-4E95-9974-1AECF81CB6CD}
2012-02-07 23:24:48 -------- d-----w- C:\Users\EricShang\AppData\Local\{DD5BD411-D96A-454D-BBBE-27D62AD490FD}
2012-02-07 07:19:50 -------- d-----w- C:\Users\EricShang\AppData\Local\{D558D81E-48D7-4909-88F6-DE61418B1525}
2012-02-06 19:19:29 -------- d-----w- C:\Users\EricShang\AppData\Local\{A5E9E886-51E3-406A-B5DF-FCA7B6FB2A1E}
2012-02-06 19:19:19 -------- d-----w- C:\Users\EricShang\AppData\Local\{61DDCB24-7BC7-45A0-84E8-BB8645ECD4F2}
2012-02-06 06:35:54 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-06 06:34:14 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-02-06 00:12:27 -------- d-----w- C:\Users\EricShang\AppData\Local\{886D528A-6EF6-457D-A691-27B10ECBB934}
2012-02-06 00:12:17 -------- d-----w- C:\Users\EricShang\AppData\Local\{2B978538-ECA2-4B5C-8864-27FFAECB71E6}
2012-02-05 19:18:12 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-02-05 19:17:41 -------- d-----w- C:\Users\EricShang\AppData\Local\Microsoft Help
2012-02-05 12:12:06 -------- d-----w- C:\Users\EricShang\AppData\Local\{B769F768-A08A-4963-8A06-968736123FDE}
2012-02-05 12:11:56 -------- d-----w- C:\Users\EricShang\AppData\Local\{20D46C26-4C3E-4386-83E8-FA95F0B0A51C}
2012-02-05 00:11:33 -------- d-----w- C:\Users\EricShang\AppData\Local\{EE998366-23B3-48AA-AABC-E702373842FA}
2012-02-05 00:11:22 -------- d-----w- C:\Users\EricShang\AppData\Local\{CEB9BAEF-DE20-464F-ADE4-6FECAB0374CF}
2012-02-04 12:10:59 -------- d-----w- C:\Users\EricShang\AppData\Local\{F7ACE8E2-6700-4034-B342-5E6AE76A23E3}
2012-02-04 00:10:35 -------- d-----w- C:\Users\EricShang\AppData\Local\{DBC37D10-11AB-49BF-AC3E-58101EBE620E}
2012-02-03 12:10:12 -------- d-----w- C:\Users\EricShang\AppData\Local\{C0FC6C3A-DE2E-4E44-B0D9-1922CD4F4978}
2012-02-03 00:09:49 -------- d-----w- C:\Users\EricShang\AppData\Local\{724FF88A-2B98-40FD-842B-3C492054AA11}
2012-02-02 12:09:28 -------- d-----w- C:\Users\EricShang\AppData\Local\{23D70725-DEED-42B7-9E34-F1F05EE7B630}
2012-02-02 00:09:05 -------- d-----w- C:\Users\EricShang\AppData\Local\{1B3C6937-574F-4C39-9BA2-40011BD3A98A}
2012-02-02 00:08:55 -------- d-----w- C:\Users\EricShang\AppData\Local\{38A37A4F-F3D4-4485-9EF1-7B3702F4C184}
2012-01-31 20:30:02 -------- d-----w- C:\Users\EricShang\AppData\Local\{7D077D53-AA60-44CB-8E7F-1CC5F5C275D2}
2012-01-31 20:29:52 -------- d-----w- C:\Users\EricShang\AppData\Local\{C82806EF-909A-4B32-92AE-29E79723DC2F}
2012-01-31 08:29:39 -------- d-----w- C:\Users\EricShang\AppData\Local\{1C0CE312-94D3-44CB-9E1E-905B697BB1D6}
2012-01-31 08:29:29 -------- d-----w- C:\Users\EricShang\AppData\Local\{3C4A4D91-1AF3-45F3-ACDB-37472029AA85}
2012-01-31 05:47:50 -------- d-----w- C:\Users\EricShang\AppData\Local\DDMSettings
2012-01-30 20:29:16 -------- d-----w- C:\Users\EricShang\AppData\Local\{BB8D5108-FA93-43E2-8B6D-2E2CFC2E1EA2}
2012-01-30 20:29:06 -------- d-----w- C:\Users\EricShang\AppData\Local\{05D0F715-382E-4749-90D4-5EB3762006AF}
2012-01-29 20:11:13 -------- d-----w- C:\Users\EricShang\AppData\Local\{17920AA1-D070-486A-8FD3-CCB474F982FA}
2012-01-29 20:11:02 -------- d-----w- C:\Users\EricShang\AppData\Local\{50927458-5420-4E41-96E8-A08049B1D668}
2012-01-28 19:55:09 -------- d-----w- C:\Users\EricShang\AppData\Local\{F094A0B3-6D03-4DDF-88B9-9A8767743F99}
2012-01-28 19:55:00 -------- d-----w- C:\Users\EricShang\AppData\Local\{3B0C632F-7F0A-4A3E-BB71-9A765777479E}
2012-01-28 04:16:18 -------- d-----w- C:\Users\EricShang\AppData\Local\{A305177B-1C82-4A4E-9E81-26ED3DF292A2}
2012-01-28 04:16:08 -------- d-----w- C:\Users\EricShang\AppData\Local\{48A72B3D-0E55-4079-89A5-6D05FA561449}
2012-01-27 16:15:56 -------- d-----w- C:\Users\EricShang\AppData\Local\{1A0795CB-93DD-4786-94D2-D201B7E7F70C}
2012-01-27 04:15:32 -------- d-----w- C:\Users\EricShang\AppData\Local\{5DD78A36-FBEE-4208-8F95-CD3A74714063}
2012-01-26 16:15:09 -------- d-----w- C:\Users\EricShang\AppData\Local\{C9D9DD04-8793-4F43-A508-0D53A2BE2E84}
2012-01-26 04:15:03 -------- d-----w- C:\Users\EricShang\AppData\Local\{37A0C866-B53E-4733-8EA6-A24D58193EC8}
2012-01-26 03:49:58 -------- d-----w- C:\Users\EricShang\AppData\Local\{CCD93393-AF14-4529-A64A-0601C3147A9C}
2012-01-26 02:08:52 -------- d-----w- C:\Users\EricShang\AppData\Local\{DA87D8EA-D65E-4C6F-B145-5107B311DCA6}
2012-01-24 10:18:19 -------- d-----w- C:\Users\EricShang\AppData\Local\{CC45B6CB-7D3E-4274-848F-40196F6D8C95}
2012-01-24 10:17:57 -------- d-----w- C:\Users\EricShang\AppData\Local\{A21C40BC-A946-406C-B491-4F1B1AF6C66B}
2012-01-23 22:17:44 -------- d-----w- C:\Users\EricShang\AppData\Local\{766B385F-BF2C-458B-A12E-E4BED2CD709C}
2012-01-23 22:17:23 -------- d-----w- C:\Users\EricShang\AppData\Local\{79FD2759-A2A5-41F8-A53D-E942B6F62AE4}
2012-01-23 09:26:11 -------- d-----w- C:\Users\EricShang\AppData\Local\{305AE450-031A-4D6B-8C4F-88847875EC36}
2012-01-23 09:25:50 -------- d-----w- C:\Users\EricShang\AppData\Local\{031F0FB4-1C9E-48FA-837C-EFD2CEEEB04B}
2012-01-22 21:25:39 -------- d-----w- C:\Users\EricShang\AppData\Local\{BEE36CB6-6699-4A3C-9400-F5E84D731C9C}
2012-01-22 21:25:18 -------- d-----w- C:\Users\EricShang\AppData\Local\{67C092D2-629C-41C2-84ED-A61ABFEECAD6}
2012-01-22 09:25:07 -------- d-----w- C:\Users\EricShang\AppData\Local\{825A4C68-A9F6-43B5-9550-27D6184EBFCA}
2012-01-22 09:24:46 -------- d-----w- C:\Users\EricShang\AppData\Local\{B28A5506-6CD6-4F75-B4FE-9C2FE2124840}
2012-01-21 21:24:21 -------- d-----w- C:\Users\EricShang\AppData\Local\{32B6C2F4-98F1-44FF-BA9D-AF9F412157C6}
2012-01-21 21:24:12 -------- d-----w- C:\Users\EricShang\AppData\Local\{9A52037F-8E24-45B9-8D09-24E56346E3D1}
2012-01-21 06:36:45 -------- d-----w- C:\Users\EricShang\AppData\Local\{46489FF7-788A-4F0E-89A2-1B5785EC0777}
2012-01-21 06:36:31 -------- d-----w- C:\Users\EricShang\AppData\Local\{4958F794-559B-45D5-AF56-0EE477B9E1D4}
2012-01-20 07:59:07 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-20 07:59:07 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-20 07:59:07 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-20 07:59:07 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-20 03:08:25 -------- d-----w- C:\Users\EricShang\AppData\Local\{786ECF03-6977-4F00-9E80-169726D6023A}
2012-01-20 03:08:03 -------- d-----w- C:\Users\EricShang\AppData\Local\{8EAB585C-3010-4229-89B2-E30313B72B71}
2012-01-19 15:07:39 -------- d-----w- C:\Users\EricShang\AppData\Local\{BE66571A-8A81-43C1-AA0E-4133C1B13441}
2012-01-19 15:07:18 -------- d-----w- C:\Users\EricShang\AppData\Local\{73BAA9C3-E0E8-451A-9E7F-AC422F5B22ED}
2012-01-19 03:07:03 -------- d-----w- C:\Users\EricShang\AppData\Local\{F36E9FF6-46CA-469B-B656-A115BEDB1C05}
2012-01-19 03:06:53 -------- d-----w- C:\Users\EricShang\AppData\Local\{6803ADD0-2894-42ED-965D-78B9E749D7A7}
2012-01-17 21:00:15 -------- d-----w- C:\Users\EricShang\AppData\Local\{C0BE7011-4229-4F8A-B387-351748C8C6EB}
2012-01-17 20:59:55 -------- d-----w- C:\Users\EricShang\AppData\Local\{BC94B914-D75F-44FB-BE00-1267B2B35913}
2012-01-17 08:59:41 -------- d-----w- C:\Users\EricShang\AppData\Local\{2455A088-7E28-4947-85D0-BD1C2EA1F929}
2012-01-17 08:59:20 -------- d-----w- C:\Users\EricShang\AppData\Local\{2D2BB4C5-2CAC-4C1E-AD58-690BD5A78C01}
2012-01-16 20:58:52 -------- d-----w- C:\Users\EricShang\AppData\Local\{513E051F-B69D-499E-AD23-AB62976A3280}
2012-01-16 20:58:42 -------- d-----w- C:\Users\EricShang\AppData\Local\{4DE81B41-A394-4087-9E2A-AFBAD51F1CB6}
2012-01-16 01:24:56 -------- d-----w- C:\Users\EricShang\AppData\Local\{F7A345BB-E8A5-4439-981F-9D410A1C8E33}
2012-01-16 01:24:43 -------- d-----w- C:\Users\EricShang\AppData\Local\{6DFD34A4-272D-4215-8204-1A0218A09970}
2012-01-15 09:57:30 -------- d-----w- C:\Users\EricShang\AppData\Local\{EE832A73-CE76-4058-9AEC-371A9FC7C58E}
2012-01-14 21:56:45 -------- d-----w- C:\Users\EricShang\AppData\Local\{BCC68B3A-6D2F-4027-8EB1-04730F4FAB04}
2012-01-14 21:56:33 -------- d-----w- C:\Users\EricShang\AppData\Local\{5B4C7EEF-6E15-4911-9845-F70746C936F8}
2012-01-13 18:52:00 -------- d-----w- C:\Users\EricShang\AppData\Local\{95AE4399-7EFD-4504-B80F-78AA21330CBF}
2012-01-13 18:51:48 -------- d-----w- C:\Users\EricShang\AppData\Local\{F14F8C88-50B7-4974-8EAA-7BC6FF19B27B}
2012-01-13 00:31:07 -------- d-----w- C:\Users\EricShang\AppData\Local\{D1F8D15F-6299-4CC7-8615-5027834F3032}
2012-01-13 00:30:45 -------- d-----w- C:\Users\EricShang\AppData\Local\{C91B37CE-C422-40A1-942C-1D4085D1B82D}
.
==================== Find3M ====================
.
2012-02-11 17:10:35 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-02-10 19:50:38 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-02-10 19:50:38 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-02-10 19:50:23 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-01-04 00:48:42 354176 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2012-01-03 06:14:58 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-20 03:57:01 0 ----a-w- C:\Windows\SysWow64\sho368.tmp
2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 13:08:45.05 ===============
Eshang
Regular Member
 
Posts: 17
Joined: February 11th, 2012, 2:04 pm
Advertisement
Register to Remove

Re: Webpage redirecting (?)

Unread postby pgmigg » February 12th, 2012, 7:06 pm

Hello Eshang,

Welcome to the forum! :)

My name is pgmigg and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Webpage redirecting (?)

Unread postby pgmigg » February 13th, 2012, 3:17 pm

Hello Eshang,

Thank you for your patience... :)

Please tell me, is this computer used for business purposes or connected to business or educational network?
I need to know it - so I can provide the proper instructions.

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Webpage redirecting (?)

Unread postby Eshang » February 13th, 2012, 7:17 pm

This laptop is used for gaming primarily, however I do use this for school work also.
I did have citrix remote access before [which connects to a school computer], however I uninstalled that recently (before the post).
Eshang
Regular Member
 
Posts: 17
Joined: February 11th, 2012, 2:04 pm

Re: Webpage redirecting (?)

Unread postby pgmigg » February 14th, 2012, 12:06 pm

Hello Eshang,

Thank you for your answer... :) and let to continue!

Step 1.
TDSSKiller - Rootkit Removal Tool - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Right-click and select "Run As Administrator" TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. pgmigg.com). If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
    1. If the scan completes with nothing found please
      • Click Report at the right upper corner to open it now.
      • Copy and paste the contents of that report in your next reply and click Close to exit.
    2. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
      • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
      • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
      • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
      • Copy and paste the contents of that file in your next reply.

Step 2.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the box at the top, labeled Include 64-bit scans
  4. Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  5. Click on Run Scan at the top left hand corner.
  6. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  7. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please include in your next reply:
  1. Answer to my question related to type of use of your computer.
  2. Do you have any problems executing the instructions?
  3. Contents of TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
  4. Contents of OTL.txt log file
  5. Contents of Extras.txt log file
  6. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Webpage redirecting (?)

Unread postby Eshang » February 15th, 2012, 5:16 pm

I apologize for the late response, here are the scan results.

Kaspersky Killer Scan:


15:42:17.0268 28204 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
15:42:17.0522 28204 ============================================================
15:42:17.0522 28204 Current date / time: 2012/02/15 15:42:17.0522
15:42:17.0522 28204 SystemInfo:
15:42:17.0522 28204
15:42:17.0522 28204 OS Version: 6.1.7601 ServicePack: 1.0
15:42:17.0522 28204 Product type: Workstation
15:42:17.0522 28204 ComputerName: ERICSHANG-PC
15:42:17.0523 28204 UserName: EricShang
15:42:17.0523 28204 Windows directory: C:\Windows
15:42:17.0523 28204 System windows directory: C:\Windows
15:42:17.0523 28204 Running under WOW64
15:42:17.0523 28204 Processor architecture: Intel x64
15:42:17.0523 28204 Number of processors: 8
15:42:17.0523 28204 Page size: 0x1000
15:42:17.0523 28204 Boot type: Normal boot
15:42:17.0523 28204 ============================================================
15:42:18.0052 28204 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:42:18.0060 28204 \Device\Harddisk0\DR0:
15:42:18.0060 28204 MBR used
15:42:18.0060 28204 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x37C741BA
15:42:18.0086 28204 Initialize success
15:42:18.0086 28204 ============================================================
15:42:28.0415 32928 ============================================================
15:42:28.0415 32928 Scan started
15:42:28.0415 32928 Mode: Manual;
15:42:28.0415 32928 ============================================================
15:42:30.0561 32928 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:42:30.0567 32928 1394ohci - ok
15:42:30.0627 32928 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:42:30.0633 32928 ACPI - ok
15:42:30.0685 32928 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:42:30.0710 32928 AcpiPmi - ok
15:42:30.0752 32928 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:42:30.0769 32928 adp94xx - ok
15:42:30.0793 32928 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:42:30.0801 32928 adpahci - ok
15:42:30.0821 32928 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:42:30.0838 32928 adpu320 - ok
15:42:30.0905 32928 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:42:30.0912 32928 AFD - ok
15:42:30.0951 32928 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:42:30.0984 32928 agp440 - ok
15:42:31.0011 32928 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:42:31.0027 32928 aliide - ok
15:42:31.0078 32928 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:42:31.0082 32928 amdide - ok
15:42:31.0112 32928 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:42:31.0118 32928 AmdK8 - ok
15:42:31.0315 32928 amdkmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
15:42:31.0536 32928 amdkmdag - ok
15:42:31.0607 32928 amdkmdap (f8f8a908fdb005a65ddf7238c814eea5) C:\Windows\system32\DRIVERS\atikmpag.sys
15:42:31.0630 32928 amdkmdap - ok
15:42:31.0650 32928 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:42:31.0656 32928 AmdPPM - ok
15:42:31.0709 32928 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:42:31.0713 32928 amdsata - ok
15:42:31.0745 32928 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:42:31.0761 32928 amdsbs - ok
15:42:31.0784 32928 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:42:31.0801 32928 amdxata - ok
15:42:31.0863 32928 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:42:31.0871 32928 AppID - ok
15:42:31.0914 32928 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:42:31.0919 32928 arc - ok
15:42:31.0934 32928 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:42:31.0951 32928 arcsas - ok
15:42:32.0010 32928 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
15:42:32.0076 32928 ASMMAP64 - ok
15:42:32.0101 32928 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:42:32.0110 32928 AsyncMac - ok
15:42:32.0174 32928 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:42:32.0224 32928 atapi - ok
15:42:32.0274 32928 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
15:42:32.0307 32928 athr - ok
15:42:32.0360 32928 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
15:42:32.0426 32928 AtiHdmiService - ok
15:42:32.0627 32928 atikmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
15:42:32.0683 32928 atikmdag - ok
15:42:32.0787 32928 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:42:32.0812 32928 b06bdrv - ok
15:42:32.0850 32928 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:42:32.0872 32928 b57nd60a - ok
15:42:32.0895 32928 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:42:32.0904 32928 Beep - ok
15:42:32.0931 32928 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:42:32.0940 32928 blbdrive - ok
15:42:32.0989 32928 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:42:32.0993 32928 bowser - ok
15:42:33.0019 32928 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:42:33.0035 32928 BrFiltLo - ok
15:42:33.0053 32928 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:42:33.0063 32928 BrFiltUp - ok
15:42:33.0121 32928 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:42:33.0142 32928 Brserid - ok
15:42:33.0163 32928 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:42:33.0173 32928 BrSerWdm - ok
15:42:33.0207 32928 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:42:33.0216 32928 BrUsbMdm - ok
15:42:33.0229 32928 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:42:33.0239 32928 BrUsbSer - ok
15:42:33.0257 32928 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:42:33.0267 32928 BTHMODEM - ok
15:42:33.0300 32928 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:42:33.0311 32928 cdfs - ok
15:42:33.0355 32928 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:42:33.0380 32928 cdrom - ok
15:42:33.0412 32928 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:42:33.0429 32928 circlass - ok
15:42:33.0464 32928 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:42:33.0470 32928 CLFS - ok
15:42:33.0511 32928 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:42:33.0521 32928 CmBatt - ok
15:42:33.0565 32928 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:42:33.0568 32928 cmdide - ok
15:42:33.0622 32928 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:42:33.0647 32928 CNG - ok
15:42:33.0687 32928 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:42:33.0697 32928 Compbatt - ok
15:42:33.0726 32928 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:42:33.0729 32928 CompositeBus - ok
15:42:33.0750 32928 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:42:33.0760 32928 crcdisk - ok
15:42:33.0828 32928 dc3d (26c9db5fb11aa1c90ca4b7a986cca4f3) C:\Windows\system32\DRIVERS\dc3d.sys
15:42:33.0870 32928 dc3d - ok
15:42:33.0913 32928 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:42:33.0919 32928 DfsC - ok
15:42:33.0973 32928 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:42:33.0974 32928 discache - ok
15:42:34.0012 32928 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:42:34.0017 32928 Disk - ok
15:42:34.0062 32928 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
15:42:34.0087 32928 Dot4 - ok
15:42:34.0147 32928 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
15:42:34.0149 32928 Dot4Print - ok
15:42:34.0202 32928 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
15:42:34.0260 32928 dot4usb - ok
15:42:34.0281 32928 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:42:34.0291 32928 drmkaud - ok
15:42:34.0346 32928 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:42:34.0371 32928 DXGKrnl - ok
15:42:34.0471 32928 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:42:34.0556 32928 ebdrv - ok
15:42:34.0623 32928 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:42:34.0648 32928 elxstor - ok
15:42:34.0696 32928 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:42:34.0702 32928 ErrDev - ok
15:42:34.0765 32928 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:42:34.0778 32928 exfat - ok
15:42:34.0796 32928 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:42:34.0817 32928 fastfat - ok
15:42:34.0838 32928 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:42:34.0855 32928 fdc - ok
15:42:34.0876 32928 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:42:34.0893 32928 FileInfo - ok
15:42:34.0907 32928 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:42:34.0916 32928 Filetrace - ok
15:42:34.0937 32928 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:42:34.0947 32928 flpydisk - ok
15:42:34.0992 32928 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:42:35.0017 32928 FltMgr - ok
15:42:35.0036 32928 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:42:35.0052 32928 FsDepends - ok
15:42:35.0088 32928 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
15:42:35.0094 32928 fssfltr - ok
15:42:35.0112 32928 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:42:35.0115 32928 Fs_Rec - ok
15:42:35.0161 32928 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:42:35.0164 32928 fvevol - ok
15:42:35.0190 32928 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:42:35.0200 32928 gagp30kx - ok
15:42:35.0249 32928 GEARAspiWDM (cb121f1009623e83ebcc2c4dcef6d3fe) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:42:35.0258 32928 GEARAspiWDM - ok
15:42:35.0312 32928 GGSAFERDriver - ok
15:42:35.0333 32928 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:42:35.0343 32928 hcw85cir - ok
15:42:35.0409 32928 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:42:35.0466 32928 HdAudAddService - ok
15:42:35.0529 32928 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:42:35.0532 32928 HDAudBus - ok
15:42:35.0564 32928 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
15:42:35.0580 32928 HECIx64 - ok
15:42:35.0598 32928 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:42:35.0607 32928 HidBatt - ok
15:42:35.0630 32928 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:42:35.0646 32928 HidBth - ok
15:42:35.0669 32928 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:42:35.0679 32928 HidIr - ok
15:42:35.0722 32928 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:42:35.0726 32928 HidUsb - ok
15:42:35.0777 32928 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:42:35.0810 32928 HpSAMD - ok
15:42:35.0862 32928 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:42:35.0879 32928 HTTP - ok
15:42:35.0918 32928 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:42:35.0918 32928 hwpolicy - ok
15:42:35.0965 32928 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:42:35.0998 32928 i8042prt - ok
15:42:36.0037 32928 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
15:42:36.0039 32928 iaStor - ok
15:42:36.0075 32928 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:42:36.0082 32928 iaStorV - ok
15:42:36.0112 32928 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:42:36.0128 32928 iirsp - ok
15:42:36.0215 32928 IntcAzAudAddService (045555f0d572bb48498d040c31e9dc6a) C:\Windows\system32\drivers\RTKVHD64.sys
15:42:36.0267 32928 IntcAzAudAddService - ok
15:42:36.0285 32928 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:42:36.0297 32928 intelide - ok
15:42:36.0351 32928 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:42:36.0352 32928 intelppm - ok
15:42:36.0403 32928 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:42:36.0411 32928 IpFilterDriver - ok
15:42:36.0432 32928 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:42:36.0436 32928 IPMIDRV - ok
15:42:36.0456 32928 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:42:36.0473 32928 IPNAT - ok
15:42:36.0512 32928 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:42:36.0522 32928 IRENUM - ok
15:42:36.0545 32928 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:42:36.0551 32928 isapnp - ok
15:42:36.0572 32928 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:42:36.0581 32928 iScsiPrt - ok
15:42:36.0644 32928 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys
15:42:36.0648 32928 ivusb - ok
15:42:36.0668 32928 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:42:36.0674 32928 kbdclass - ok
15:42:36.0695 32928 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:42:36.0702 32928 kbdhid - ok
15:42:36.0734 32928 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
15:42:36.0738 32928 kbfiltr - ok
15:42:36.0788 32928 KL1 (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
15:42:36.0813 32928 KL1 - ok
15:42:36.0848 32928 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
15:42:36.0855 32928 kl2 - ok
15:42:36.0904 32928 KLIF (177505577604c94c4be7b9316a90ada1) C:\Windows\system32\DRIVERS\klif.sys
15:42:36.0955 32928 KLIF - ok
15:42:36.0979 32928 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
15:42:37.0000 32928 KLIM6 - ok
15:42:37.0050 32928 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
15:42:37.0060 32928 klmouflt - ok
15:42:37.0104 32928 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:42:37.0113 32928 KSecDD - ok
15:42:37.0156 32928 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:42:37.0173 32928 KSecPkg - ok
15:42:37.0201 32928 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:42:37.0208 32928 ksthunk - ok
15:42:37.0264 32928 L1C (b4a3a05b0f9c81d098b96ab6aa915042) C:\Windows\system32\DRIVERS\L1C62x64.sys
15:42:37.0267 32928 L1C - ok
15:42:37.0306 32928 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:42:37.0314 32928 lltdio - ok
15:42:37.0379 32928 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:42:37.0396 32928 LSI_FC - ok
15:42:37.0413 32928 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:42:37.0430 32928 LSI_SAS - ok
15:42:37.0445 32928 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:42:37.0451 32928 LSI_SAS2 - ok
15:42:37.0472 32928 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:42:37.0478 32928 LSI_SCSI - ok
15:42:37.0513 32928 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:42:37.0530 32928 luafv - ok
15:42:37.0555 32928 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:42:37.0565 32928 megasas - ok
15:42:37.0613 32928 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:42:37.0618 32928 MegaSR - ok
15:42:37.0640 32928 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:42:37.0643 32928 Modem - ok
15:42:37.0662 32928 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:42:37.0662 32928 monitor - ok
15:42:37.0708 32928 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:42:37.0711 32928 mouclass - ok
15:42:37.0740 32928 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:42:37.0742 32928 mouhid - ok
15:42:37.0784 32928 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:42:37.0787 32928 mountmgr - ok
15:42:37.0849 32928 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:42:37.0882 32928 mpio - ok
15:42:37.0905 32928 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:42:37.0922 32928 mpsdrv - ok
15:42:37.0969 32928 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:42:37.0973 32928 MRxDAV - ok
15:42:38.0016 32928 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:42:38.0021 32928 mrxsmb - ok
15:42:38.0069 32928 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:42:38.0075 32928 mrxsmb10 - ok
15:42:38.0091 32928 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:42:38.0095 32928 mrxsmb20 - ok
15:42:38.0114 32928 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:42:38.0118 32928 msahci - ok
15:42:38.0140 32928 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:42:38.0144 32928 msdsm - ok
15:42:38.0172 32928 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:42:38.0182 32928 Msfs - ok
15:42:38.0198 32928 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:42:38.0207 32928 mshidkmdf - ok
15:42:38.0224 32928 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:42:38.0250 32928 msisadrv - ok
15:42:38.0300 32928 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:42:38.0310 32928 MSKSSRV - ok
15:42:38.0337 32928 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:42:38.0338 32928 MSPCLOCK - ok
15:42:38.0349 32928 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:42:38.0350 32928 MSPQM - ok
15:42:38.0393 32928 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:42:38.0398 32928 MsRPC - ok
15:42:38.0422 32928 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:42:38.0423 32928 mssmbios - ok
15:42:38.0443 32928 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:42:38.0453 32928 MSTEE - ok
15:42:38.0475 32928 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:42:38.0485 32928 MTConfig - ok
15:42:38.0521 32928 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
15:42:38.0562 32928 MTsensor - ok
15:42:38.0582 32928 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:42:38.0593 32928 Mup - ok
15:42:38.0641 32928 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:42:38.0648 32928 NativeWifiP - ok
15:42:38.0703 32928 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:42:38.0732 32928 NDIS - ok
15:42:38.0764 32928 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:42:38.0768 32928 NdisCap - ok
15:42:38.0799 32928 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:42:38.0802 32928 NdisTapi - ok
15:42:38.0849 32928 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:42:38.0852 32928 Ndisuio - ok
15:42:38.0902 32928 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:42:38.0906 32928 NdisWan - ok
15:42:38.0962 32928 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:42:38.0972 32928 NDProxy - ok
15:42:39.0014 32928 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:42:39.0018 32928 NetBIOS - ok
15:42:39.0073 32928 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:42:39.0077 32928 NetBT - ok
15:42:39.0118 32928 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:42:39.0127 32928 nfrd960 - ok
15:42:39.0154 32928 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:42:39.0162 32928 Npfs - ok
15:42:39.0177 32928 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:42:39.0177 32928 nsiproxy - ok
15:42:39.0248 32928 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:42:39.0282 32928 Ntfs - ok
15:42:39.0301 32928 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:42:39.0334 32928 Null - ok
15:42:39.0392 32928 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:42:39.0397 32928 nvraid - ok
15:42:39.0430 32928 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:42:39.0435 32928 nvstor - ok
15:42:39.0483 32928 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:42:39.0487 32928 nv_agp - ok
15:42:39.0508 32928 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:42:39.0512 32928 ohci1394 - ok
15:42:39.0549 32928 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:42:39.0557 32928 Parport - ok
15:42:39.0598 32928 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:42:39.0605 32928 partmgr - ok
15:42:39.0639 32928 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:42:39.0642 32928 pci - ok
15:42:39.0657 32928 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:42:39.0660 32928 pciide - ok
15:42:39.0673 32928 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:42:39.0680 32928 pcmcia - ok
15:42:39.0697 32928 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:42:39.0703 32928 pcw - ok
15:42:39.0732 32928 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:42:39.0757 32928 PEAUTH - ok
15:42:39.0860 32928 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:42:39.0867 32928 PptpMiniport - ok
15:42:39.0886 32928 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:42:39.0903 32928 Processor - ok
15:42:39.0952 32928 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:42:39.0955 32928 Psched - ok
15:42:40.0003 32928 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:42:40.0044 32928 ql2300 - ok
15:42:40.0065 32928 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:42:40.0073 32928 ql40xx - ok
15:42:40.0097 32928 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:42:40.0107 32928 QWAVEdrv - ok
15:42:40.0127 32928 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:42:40.0144 32928 RasAcd - ok
15:42:40.0177 32928 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:42:40.0194 32928 RasAgileVpn - ok
15:42:40.0243 32928 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:42:40.0246 32928 Rasl2tp - ok
15:42:40.0267 32928 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:42:40.0278 32928 RasPppoe - ok
15:42:40.0304 32928 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:42:40.0321 32928 RasSstp - ok
15:42:40.0369 32928 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:42:40.0375 32928 rdbss - ok
15:42:40.0396 32928 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:42:40.0406 32928 rdpbus - ok
15:42:40.0435 32928 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:42:40.0435 32928 RDPCDD - ok
15:42:40.0457 32928 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:42:40.0457 32928 RDPENCDD - ok
15:42:40.0475 32928 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:42:40.0475 32928 RDPREFMP - ok
15:42:40.0521 32928 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:42:40.0526 32928 RDPWD - ok
15:42:40.0564 32928 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:42:40.0572 32928 rdyboost - ok
15:42:40.0617 32928 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:42:40.0634 32928 rspndr - ok
15:42:40.0674 32928 RTHDMIAzAudService (483c537e69fa97c77f7fe0e2e1c1f102) C:\Windows\system32\drivers\RtHDMIVX.sys
15:42:40.0699 32928 RTHDMIAzAudService - ok
15:42:40.0756 32928 SaiU0CCB (ff2d7435c79b273752f0912feab839c0) C:\Windows\system32\DRIVERS\SaiU0CCB.sys
15:42:40.0759 32928 SaiU0CCB - ok
15:42:40.0809 32928 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:42:40.0843 32928 sbp2port - ok
15:42:40.0889 32928 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:42:40.0897 32928 scfilter - ok
15:42:40.0931 32928 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:42:40.0940 32928 secdrv - ok
15:42:40.0973 32928 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:42:40.0994 32928 Serenum - ok
15:42:41.0033 32928 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:42:41.0044 32928 Serial - ok
15:42:41.0100 32928 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:42:41.0103 32928 sermouse - ok
15:42:41.0163 32928 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:42:41.0214 32928 sffdisk - ok
15:42:41.0235 32928 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:42:41.0238 32928 sffp_mmc - ok
15:42:41.0252 32928 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:42:41.0255 32928 sffp_sd - ok
15:42:41.0278 32928 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:42:41.0295 32928 sfloppy - ok
15:42:41.0353 32928 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
15:42:41.0418 32928 Sftfs - ok
15:42:41.0482 32928 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:42:41.0507 32928 Sftplay - ok
15:42:41.0537 32928 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:42:41.0549 32928 Sftredir - ok
15:42:41.0577 32928 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
15:42:41.0619 32928 Sftvol - ok
15:42:41.0658 32928 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
15:42:41.0675 32928 SiSGbeLH - ok
15:42:41.0703 32928 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:42:41.0719 32928 SiSRaid2 - ok
15:42:41.0744 32928 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:42:41.0760 32928 SiSRaid4 - ok
15:42:41.0774 32928 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:42:41.0784 32928 Smb - ok
15:42:41.0864 32928 SNP2UVC (7aec460dbdd193680f0e77724e40e7b6) C:\Windows\system32\DRIVERS\snp2uvc.sys
15:42:41.0930 32928 SNP2UVC - ok
15:42:41.0957 32928 speedfan - ok
15:42:41.0977 32928 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:42:41.0987 32928 spldr - ok
15:42:42.0057 32928 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:42:42.0065 32928 srv - ok
15:42:42.0088 32928 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:42:42.0121 32928 srv2 - ok
15:42:42.0145 32928 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:42:42.0150 32928 srvnet - ok
15:42:42.0184 32928 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:42:42.0194 32928 stexstor - ok
15:42:42.0242 32928 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:42:42.0244 32928 swenum - ok
15:42:42.0307 32928 SynTP (01a658167619075baad31c96074c0b38) C:\Windows\system32\DRIVERS\SynTP.sys
15:42:42.0309 32928 SynTP - ok
15:42:42.0396 32928 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:42:42.0432 32928 Tcpip - ok
15:42:42.0479 32928 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:42:42.0489 32928 TCPIP6 - ok
15:42:42.0533 32928 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:42:42.0540 32928 tcpipreg - ok
15:42:42.0583 32928 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:42:42.0590 32928 TDPIPE - ok
15:42:42.0608 32928 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:42:42.0618 32928 TDTCP - ok
15:42:42.0662 32928 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:42:42.0665 32928 tdx - ok
15:42:42.0695 32928 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:42:42.0698 32928 TermDD - ok
15:42:42.0766 32928 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:42:42.0772 32928 tssecsrv - ok
15:42:42.0832 32928 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:42:42.0835 32928 TsUsbFlt - ok
15:42:42.0888 32928 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:42:42.0911 32928 tunnel - ok
15:42:42.0940 32928 TurboB (c45a3e051c65106a28982caed125f855) C:\Windows\system32\DRIVERS\TurboB.sys
15:42:42.0965 32928 TurboB - ok
15:42:43.0000 32928 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:42:43.0008 32928 uagp35 - ok
15:42:43.0073 32928 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:42:43.0090 32928 udfs - ok
15:42:43.0132 32928 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:42:43.0149 32928 uliagpkx - ok
15:42:43.0200 32928 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:42:43.0223 32928 umbus - ok
15:42:43.0242 32928 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:42:43.0259 32928 UmPass - ok
15:42:43.0328 32928 USBAAPL64 (e1da5e7233ca28371506f112b6dc16e2) C:\Windows\system32\Drivers\usbaapl64.sys
15:42:43.0330 32928 USBAAPL64 - ok
15:42:43.0385 32928 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:42:43.0401 32928 usbaudio - ok
15:42:43.0443 32928 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:42:43.0447 32928 usbccgp - ok
15:42:43.0496 32928 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:42:43.0519 32928 usbcir - ok
15:42:43.0562 32928 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:42:43.0585 32928 usbehci - ok
15:42:43.0616 32928 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:42:43.0641 32928 usbhub - ok
15:42:43.0667 32928 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:42:43.0690 32928 usbohci - ok
15:42:43.0725 32928 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:42:43.0732 32928 usbprint - ok
15:42:43.0783 32928 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:42:43.0785 32928 usbscan - ok
15:42:43.0809 32928 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:42:43.0832 32928 USBSTOR - ok
15:42:43.0843 32928 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:42:43.0856 32928 usbuhci - ok
15:42:43.0887 32928 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:42:43.0912 32928 usbvideo - ok
15:42:43.0948 32928 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:42:43.0951 32928 vdrvroot - ok
15:42:43.0979 32928 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:42:43.0989 32928 vga - ok
15:42:44.0020 32928 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:42:44.0029 32928 VgaSave - ok
15:42:44.0072 32928 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:42:44.0094 32928 vhdmp - ok
15:42:44.0141 32928 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:42:44.0150 32928 viaide - ok
15:42:44.0171 32928 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:42:44.0180 32928 volmgr - ok
15:42:44.0226 32928 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:42:44.0231 32928 volmgrx - ok
15:42:44.0249 32928 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:42:44.0275 32928 volsnap - ok
15:42:44.0313 32928 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:42:44.0336 32928 vsmraid - ok
15:42:44.0359 32928 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:42:44.0376 32928 vwifibus - ok
15:42:44.0392 32928 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:42:44.0402 32928 vwififlt - ok
15:42:44.0436 32928 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:42:44.0446 32928 vwifimp - ok
15:42:44.0466 32928 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:42:44.0476 32928 WacomPen - ok
15:42:44.0531 32928 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:42:44.0539 32928 WANARP - ok
15:42:44.0544 32928 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:42:44.0545 32928 Wanarpv6 - ok
15:42:44.0580 32928 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:42:44.0590 32928 Wd - ok
15:42:44.0647 32928 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
15:42:44.0670 32928 WDC_SAM - ok
15:42:44.0695 32928 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:42:44.0713 32928 Wdf01000 - ok
15:42:44.0748 32928 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:42:44.0759 32928 WfpLwf - ok
15:42:44.0789 32928 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
15:42:44.0830 32928 WimFltr - ok
15:42:44.0849 32928 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:42:44.0859 32928 WIMMount - ok
15:42:44.0927 32928 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:42:44.0960 32928 WinUsb - ok
15:42:45.0027 32928 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:42:45.0037 32928 WmiAcpi - ok
15:42:45.0092 32928 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:42:45.0101 32928 ws2ifsl - ok
15:42:45.0160 32928 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:42:45.0167 32928 WudfPf - ok
15:42:45.0209 32928 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:42:45.0232 32928 WUDFRd - ok
15:42:45.0295 32928 X6va003 - ok
15:42:45.0362 32928 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:42:45.0444 32928 \Device\Harddisk0\DR0 - ok
15:42:45.0451 32928 Boot (0x1200) (46a8732b3250bc5635dc74c15fb5ea85) \Device\Harddisk0\DR0\Partition0
15:42:45.0454 32928 \Device\Harddisk0\DR0\Partition0 - ok
15:42:45.0454 32928 ============================================================
15:42:45.0454 32928 Scan finished
15:42:45.0454 32928 ============================================================
15:42:45.0464 32880 Detected object count: 0
15:42:45.0464 32880 Actual detected object count: 0
Eshang
Regular Member
 
Posts: 17
Joined: February 11th, 2012, 2:04 pm

Re: Webpage redirecting (?)

Unread postby Eshang » February 15th, 2012, 5:16 pm

The OTL Scan:


OTL logfile created on: 2/15/2012 3:44:30 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\EricShang\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.93 Gb Total Physical Memory | 4.08 Gb Available Physical Memory | 68.83% Memory free
11.85 Gb Paging File | 9.43 Gb Available in Paging File | 79.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.23 Gb Total Space | 285.19 Gb Free Space | 63.91% Space Free | Partition Type: NTFS

Computer Name: ERICSHANG-PC | User Name: EricShang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/15 14:47:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\EricShang\Desktop\OTL.exe
PRC - [2012/01/11 18:29:00 | 028,201,096 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2012/01/03 01:14:58 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/14 11:32:54 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2010/09/07 13:15:28 | 002,787,224 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
PRC - [2010/07/07 12:45:57 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/05/17 10:06:10 | 001,079,936 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010/01/04 19:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/11/09 21:20:36 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/11/02 16:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/26 12:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2009/09/30 21:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 21:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/09/25 13:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
PRC - [2009/06/19 12:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/29 18:32:54 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
PRC - [2008/12/22 19:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/11/30 13:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/15 07:49:27 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
MOD - [2012/02/15 07:34:49 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/15 07:34:19 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/02/15 07:34:04 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/15 07:33:57 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/15 07:33:55 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/02/15 07:33:43 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 07:33:38 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 07:33:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 07:33:29 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/01/04 02:47:42 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/12/02 13:01:24 | 016,827,392 | R--- | M] () -- C:\Program Files (x86)\Origin\QtWebKit4.dll
MOD - [2011/12/02 12:59:12 | 000,312,320 | R--- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtiff4.dll
MOD - [2011/12/02 12:59:12 | 000,264,192 | R--- | M] () -- C:\Program Files (x86)\Origin\imageformats\qmng4.dll
MOD - [2011/12/02 12:59:12 | 000,211,456 | R--- | M] () -- C:\Program Files (x86)\Origin\imageformats\qjpeg4.dll
MOD - [2011/12/02 12:59:12 | 000,032,256 | R--- | M] () -- C:\Program Files (x86)\Origin\imageformats\qico4.dll
MOD - [2011/12/02 12:59:12 | 000,028,672 | R--- | M] () -- C:\Program Files (x86)\Origin\imageformats\qgif4.dll
MOD - [2011/12/02 12:59:10 | 000,172,544 | R--- | M] () -- C:\Program Files (x86)\Origin\codecs\qjpcodecs4.dll
MOD - [2011/12/02 12:59:10 | 000,158,208 | R--- | M] () -- C:\Program Files (x86)\Origin\codecs\qtwcodecs4.dll
MOD - [2011/12/02 12:59:10 | 000,143,872 | R--- | M] () -- C:\Program Files (x86)\Origin\codecs\qcncodecs4.dll
MOD - [2011/12/02 12:59:10 | 000,079,872 | R--- | M] () -- C:\Program Files (x86)\Origin\codecs\qkrcodecs4.dll
MOD - [2011/12/02 12:58:06 | 000,327,680 | R--- | M] () -- C:\Program Files (x86)\Origin\phonon4.dll
MOD - [2011/12/02 12:58:04 | 000,413,184 | R--- | M] () -- C:\Program Files (x86)\Origin\QtXml4.dll
MOD - [2011/12/02 12:58:02 | 001,152,512 | R--- | M] () -- C:\Program Files (x86)\Origin\QtNetwork4.dll
MOD - [2011/12/02 12:58:00 | 009,440,256 | R--- | M] () -- C:\Program Files (x86)\Origin\QtGui4.dll
MOD - [2011/12/02 12:57:58 | 002,694,144 | R--- | M] () -- C:\Program Files (x86)\Origin\QtCore4.dll
MOD - [2011/11/08 03:22:55 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/05/09 17:40:56 | 000,958,976 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-53.dll
MOD - [2011/05/09 17:40:56 | 000,239,616 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-0.dll
MOD - [2011/05/09 17:40:54 | 007,006,208 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-53.dll
MOD - [2011/05/09 17:40:54 | 000,132,096 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll
MOD - [2010/07/01 10:21:42 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
MOD - [2010/02/23 14:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2010/02/23 14:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
MOD - [2010/02/23 14:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010/02/23 14:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
MOD - [2010/01/04 19:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/11/02 16:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 16:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/09/25 13:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
MOD - [2009/04/15 14:04:38 | 000,104,520 | ---- | M] () -- C:\Windows\SysWOW64\OSD.dll
MOD - [2009/03/26 16:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 20:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2007/11/30 13:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/08 12:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/07 18:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/08/06 16:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/03 01:14:58 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/24 21:35:04 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/18 17:23:34 | 000,415,072 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe -- (Dyyno Launcher)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/14 11:32:54 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2010/07/07 12:41:28 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/07/07 12:41:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/09 21:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/09/30 21:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 21:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/08 13:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/09/08 13:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/08 11:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/14 11:32:54 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/07/28 23:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/06/09 19:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 19:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/04/22 21:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/04/22 06:22:50 | 000,041,096 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiU0CCB.sys -- (SaiU0CCB)
DRV:64bit: - [2010/04/16 23:24:34 | 000,027,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV:64bit: - [2010/03/05 10:19:46 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/02 15:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/18 05:30:55 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/11/02 22:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/09/04 00:39:07 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/08/06 16:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/06 16:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/07/20 04:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 05:16:29 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/20 05:04:55 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/05/13 11:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/11/07 16:23:30 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2008/05/23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/17 15:12:54 | 000,019,304 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/12/18 06:03:58 | 000,025,280 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C0 52 1A 02 40 02 70 42 B4 4A 48 A5 D7 40 2D A2 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C0 52 1A 02 40 02 70 42 B4 4A 48 A5 D7 40 2D A2 [binary data]

IE - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C0 52 1A 02 40 02 70 42 B4 4A 48 A5 D7 40 2D A2 [binary data]
IE - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {865600b4-a6bd-4a5f-9ab0-f442b0ff3210}:1.0


FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\EricShang\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\EricShang\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/29 22:30:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/31 00:46:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/11 13:00:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/11 13:00:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010/08/15 04:25:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/29 22:30:19 | 000,000,000 | ---D | M]

[2010/08/14 07:27:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EricShang\AppData\Roaming\Mozilla\Extensions
[2012/02/06 01:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EricShang\AppData\Roaming\Mozilla\Firefox\Profiles\5ecazms3.default\extensions
[2012/02/06 01:36:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\EricShang\AppData\Roaming\Mozilla\Firefox\Profiles\5ecazms3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/01 22:30:45 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\EricShang\AppData\Roaming\Mozilla\Firefox\Profiles\5ecazms3.default\extensions\{865600b4-a6bd-4a5f-9ab0-f442b0ff3210}
[2011/11/12 22:17:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/20 20:06:45 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/08/16 05:26:07 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2012/01/31 00:46:08 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/01/20 02:59:07 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/25 18:06:56 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/22 20:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/12 22:17:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\EricShang\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\EricShang\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\EricShang\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\EricShang\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\EricShang\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\EricShang\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\EricShang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.4_0\
CHR - Extension: Google Search = C:\Users\EricShang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Click to call with Skype = C:\Users\EricShang\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\
CHR - Extension: ICE Quick Stream = C:\Users\EricShang\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\4.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\EricShang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\EricShang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000..\Run: [winupdate] C:\Windows\system32\install\winupdt.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.8.76.2 128.8.74.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05BDF0D1-9718-447B-9539-4FFA1E2CE07F}: DhcpNameServer = 128.8.76.2 128.8.74.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93422096-8B22-4798-A1C3-B195BD476D83}: DhcpNameServer = 128.8.74.2 128.8.76.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) -C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\ProgramData\dxmasf32.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5e9fe941-2611-11e0-804f-20cf3010abdc}\Shell - "" = AutoRun
O33 - MountPoints2\{5e9fe941-2611-11e0-804f-20cf3010abdc}\Shell\AutoRun\command - "" = D:\unlock.exe autoplay=true
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/15 14:47:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\EricShang\Desktop\OTL.exe
[2012/02/15 14:47:10 | 002,061,360 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\EricShang\Desktop\tdsskiller.exe
[2012/02/15 09:55:41 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{E566E35E-612D-4A1B-BE9C-189CCF13B70D}
[2012/02/15 03:00:51 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 03:00:51 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/15 03:00:50 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/15 03:00:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 03:00:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 03:00:49 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/15 03:00:49 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/15 03:00:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 03:00:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 03:00:48 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/15 03:00:48 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/14 20:08:35 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/14 20:08:35 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/14 20:08:35 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/14 20:08:31 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/14 18:46:47 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{2AEB7E92-6C3D-4AD3-809F-263862DD7DBC}
[2012/02/14 18:46:37 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{439A031D-A576-4A98-B2C4-547A6115E1A2}
[2012/02/13 00:12:33 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{CE632211-53E9-4494-A0E4-E7B7CA36440C}
[2012/02/13 00:12:23 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{2045A4FA-B28B-45CD-8AE7-8B66F7021C3F}
[2012/02/12 17:03:15 | 000,000,000 | ---D | C] -- C:\Users\EricShang\Desktop\jk
[2012/02/12 12:11:59 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{873E165F-8DB8-48A3-BA41-16E72AC93F4A}
[2012/02/12 12:11:38 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{A96FDB41-AB21-44B2-9D48-4B7FDC95F0F3}
[2012/02/12 00:11:27 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{C899F092-5A56-484F-80AD-ABE8750FC163}
[2012/02/12 00:11:07 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{0B71996E-04F5-41C0-972C-E08D07303949}
[2012/02/11 13:05:58 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\EricShang\Desktop\dds.com
[2012/02/11 12:59:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/11 12:10:56 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{91F9149A-5A1E-4E80-B8AC-2E2722E8227C}
[2012/02/11 12:10:46 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{0D811AFE-FBEA-43A4-B02E-ED46A1103B4D}
[2012/02/10 20:41:03 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{AB26BF26-E024-4E0D-8CB8-A39E7F16A134}
[2012/02/10 20:40:42 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{CF640CFF-24B5-4DF6-8879-F172A60611D9}
[2012/02/10 08:40:19 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{91F0354A-C61F-428C-8EFA-137A7388C6B0}
[2012/02/10 08:40:09 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{3925F8C6-91EE-4B47-9D60-8DE7AFBCE3BF}
[2012/02/09 15:26:02 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{87108E38-81BE-4EE3-B9DD-6D1D6A3815BB}
[2012/02/09 15:25:52 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{0D03904D-53E0-4AB7-8EEC-1301E5A3F648}
[2012/02/08 21:18:05 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{39B65EE8-256D-4EFE-B8C6-C6228472193A}
[2012/02/08 09:17:58 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{A39DB288-D095-4ED6-8B7B-808CE3BBAAD9}
[2012/02/07 18:24:58 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{2052FF16-6DC3-4E95-9974-1AECF81CB6CD}
[2012/02/07 18:24:48 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{DD5BD411-D96A-454D-BBBE-27D62AD490FD}
[2012/02/07 02:19:50 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{D558D81E-48D7-4909-88F6-DE61418B1525}
[2012/02/06 14:19:29 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{A5E9E886-51E3-406A-B5DF-FCA7B6FB2A1E}
[2012/02/06 14:19:19 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{61DDCB24-7BC7-45A0-84E8-BB8645ECD4F2}
[2012/02/06 01:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/02/06 01:35:59 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Roaming\Yahoo!
[2012/02/06 01:35:54 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/06 01:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/02/06 01:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/02/06 01:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/02/05 19:12:27 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{886D528A-6EF6-457D-A691-27B10ECBB934}
[2012/02/05 19:12:17 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{2B978538-ECA2-4B5C-8864-27FFAECB71E6}
[2012/02/05 14:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/02/05 14:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/02/05 14:17:41 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\Microsoft Help
[2012/02/05 14:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/02/05 07:12:06 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{B769F768-A08A-4963-8A06-968736123FDE}
[2012/02/05 07:11:56 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{20D46C26-4C3E-4386-83E8-FA95F0B0A51C}
[2012/02/04 19:11:33 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{EE998366-23B3-48AA-AABC-E702373842FA}
[2012/02/04 19:11:22 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{CEB9BAEF-DE20-464F-ADE4-6FECAB0374CF}
[2012/02/04 07:10:59 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{F7ACE8E2-6700-4034-B342-5E6AE76A23E3}
[2012/02/03 19:10:35 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{DBC37D10-11AB-49BF-AC3E-58101EBE620E}
[2012/02/03 07:10:12 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{C0FC6C3A-DE2E-4E44-B0D9-1922CD4F4978}
[2012/02/02 19:09:49 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{724FF88A-2B98-40FD-842B-3C492054AA11}
[2012/02/02 07:09:28 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{23D70725-DEED-42B7-9E34-F1F05EE7B630}
[2012/02/01 19:09:05 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{1B3C6937-574F-4C39-9BA2-40011BD3A98A}
[2012/02/01 19:08:55 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{38A37A4F-F3D4-4485-9EF1-7B3702F4C184}
[2012/01/31 15:30:02 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{7D077D53-AA60-44CB-8E7F-1CC5F5C275D2}
[2012/01/31 15:29:52 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{C82806EF-909A-4B32-92AE-29E79723DC2F}
[2012/01/31 03:29:39 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{1C0CE312-94D3-44CB-9E1E-905B697BB1D6}
[2012/01/31 03:29:29 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{3C4A4D91-1AF3-45F3-ACDB-37472029AA85}
[2012/01/31 00:47:50 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\DDMSettings
[2012/01/30 15:29:16 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{BB8D5108-FA93-43E2-8B6D-2E2CFC2E1EA2}
[2012/01/30 15:29:06 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{05D0F715-382E-4749-90D4-5EB3762006AF}
[2012/01/29 15:11:13 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{17920AA1-D070-486A-8FD3-CCB474F982FA}
[2012/01/29 15:11:02 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{50927458-5420-4E41-96E8-A08049B1D668}
[2012/01/28 14:55:09 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{F094A0B3-6D03-4DDF-88B9-9A8767743F99}
[2012/01/28 14:55:00 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{3B0C632F-7F0A-4A3E-BB71-9A765777479E}
[2012/01/27 23:16:18 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{A305177B-1C82-4A4E-9E81-26ED3DF292A2}
[2012/01/27 23:16:08 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{48A72B3D-0E55-4079-89A5-6D05FA561449}
[2012/01/27 11:15:56 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{1A0795CB-93DD-4786-94D2-D201B7E7F70C}
[2012/01/26 23:15:32 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{5DD78A36-FBEE-4208-8F95-CD3A74714063}
[2012/01/26 11:15:09 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{C9D9DD04-8793-4F43-A508-0D53A2BE2E84}
[2012/01/25 23:15:03 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{37A0C866-B53E-4733-8EA6-A24D58193EC8}
[2012/01/25 22:49:58 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{CCD93393-AF14-4529-A64A-0601C3147A9C}
[2012/01/25 21:08:52 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{DA87D8EA-D65E-4C6F-B145-5107B311DCA6}
[2012/01/24 05:18:19 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{CC45B6CB-7D3E-4274-848F-40196F6D8C95}
[2012/01/24 05:17:57 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{A21C40BC-A946-406C-B491-4F1B1AF6C66B}
[2012/01/23 17:17:44 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{766B385F-BF2C-458B-A12E-E4BED2CD709C}
[2012/01/23 17:17:23 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{79FD2759-A2A5-41F8-A53D-E942B6F62AE4}
[2012/01/23 04:26:11 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{305AE450-031A-4D6B-8C4F-88847875EC36}
[2012/01/23 04:25:50 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{031F0FB4-1C9E-48FA-837C-EFD2CEEEB04B}
[2012/01/22 16:25:39 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{BEE36CB6-6699-4A3C-9400-F5E84D731C9C}
[2012/01/22 16:25:18 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{67C092D2-629C-41C2-84ED-A61ABFEECAD6}
[2012/01/22 04:25:07 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{825A4C68-A9F6-43B5-9550-27D6184EBFCA}
[2012/01/22 04:24:46 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{B28A5506-6CD6-4F75-B4FE-9C2FE2124840}
[2012/01/21 16:24:21 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{32B6C2F4-98F1-44FF-BA9D-AF9F412157C6}
[2012/01/21 16:24:12 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{9A52037F-8E24-45B9-8D09-24E56346E3D1}
[2012/01/21 01:36:45 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{46489FF7-788A-4F0E-89A2-1B5785EC0777}
[2012/01/21 01:36:31 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{4958F794-559B-45D5-AF56-0EE477B9E1D4}
[2012/01/19 22:08:25 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{786ECF03-6977-4F00-9E80-169726D6023A}
[2012/01/19 22:08:03 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{8EAB585C-3010-4229-89B2-E30313B72B71}
[2012/01/19 10:07:39 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{BE66571A-8A81-43C1-AA0E-4133C1B13441}
[2012/01/19 10:07:18 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{73BAA9C3-E0E8-451A-9E7F-AC422F5B22ED}
[2012/01/18 22:07:03 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{F36E9FF6-46CA-469B-B656-A115BEDB1C05}
[2012/01/18 22:06:53 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{6803ADD0-2894-42ED-965D-78B9E749D7A7}
[2012/01/17 18:36:46 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/17 18:36:45 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/17 18:36:45 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/17 18:36:45 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/17 18:36:45 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/17 18:36:45 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/17 16:00:15 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{C0BE7011-4229-4F8A-B387-351748C8C6EB}
[2012/01/17 15:59:55 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{BC94B914-D75F-44FB-BE00-1267B2B35913}
[2012/01/17 03:59:41 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{2455A088-7E28-4947-85D0-BD1C2EA1F929}
[2012/01/17 03:59:20 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{2D2BB4C5-2CAC-4C1E-AD58-690BD5A78C01}
[2012/01/16 15:58:52 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{513E051F-B69D-499E-AD23-AB62976A3280}
[2012/01/16 15:58:42 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{4DE81B41-A394-4087-9E2A-AFBAD51F1CB6}
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\EricShang\Desktop\*.tmp files -> C:\Users\EricShang\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/15 14:59:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3820835310-3000526531-3120137939-1000UA.job
[2012/02/15 14:59:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3820835310-3000526531-3120137939-1000Core.job
[2012/02/15 14:47:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\EricShang\Desktop\OTL.exe
[2012/02/15 14:47:15 | 002,061,360 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\EricShang\Desktop\tdsskiller.exe
[2012/02/15 09:55:24 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/02/15 09:54:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/15 07:35:52 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/15 07:35:52 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/15 07:28:30 | 000,416,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/15 07:28:00 | 477,532,159 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/15 03:06:15 | 000,741,704 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/15 03:06:15 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/15 03:06:15 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/15 03:04:35 | 000,744,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/12 18:28:13 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/02/12 18:28:13 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/12 18:27:59 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/02/11 13:05:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\EricShang\Desktop\dds.com
[2012/02/09 10:59:55 | 000,002,429 | ---- | M] () -- C:\Users\EricShang\Desktop\Google Chrome.lnk
[2012/02/08 09:18:16 | 000,002,027 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/02/08 09:18:16 | 000,001,428 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/02/06 01:35:54 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/06 01:35:35 | 000,001,167 | ---- | M] () -- C:\Users\EricShang\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/02/06 01:35:35 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/01/31 00:46:10 | 000,001,625 | ---- | M] () -- C:\Users\EricShang\Desktop\DivX Movies.lnk
[2012/01/31 00:45:40 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/01/20 02:59:16 | 000,002,058 | ---- | M] () -- C:\Users\EricShang\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\EricShang\Desktop\*.tmp files -> C:\Users\EricShang\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/06 01:35:35 | 000,001,167 | ---- | C] () -- C:\Users\EricShang\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/02/06 01:35:35 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/01/31 00:45:40 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/11/04 19:27:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/12 15:16:30 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/10/12 15:11:29 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\DATA.INI
[2011/09/29 05:21:32 | 000,007,605 | ---- | C] () -- C:\Users\EricShang\AppData\Local\resmon.resmoncfg
[2011/09/07 08:31:59 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/07/13 00:55:06 | 000,000,734 | ---- | C] () -- C:\Users\EricShang\AppData\Roaming\net.telestream.ustreamproducer.prefs.xml
[2011/06/27 22:38:38 | 000,000,086 | ---- | C] () -- C:\ProgramData\1c57b028
[2011/05/07 15:55:40 | 000,000,600 | ---- | C] () -- C:\Users\EricShang\AppData\Roaming\winscp.rnd
[2011/04/25 16:20:29 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011/03/23 23:45:56 | 000,046,742 | ---- | C] () -- C:\Users\EricShang\AppData\Roaming\room.dat
[2011/03/17 12:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/20 21:40:01 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/11/06 20:58:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/21 14:16:59 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/10/21 14:16:44 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/08/30 23:35:00 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2010/08/29 23:06:46 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/29 22:06:29 | 000,208,193 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/08/29 05:41:49 | 000,000,600 | ---- | C] () -- C:\Users\EricShang\AppData\Local\PUTTY.RND
[2010/08/07 07:18:24 | 003,265,024 | ---- | C] () -- C:\Windows\es.exe
[2010/07/07 12:45:27 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2010/07/07 12:41:31 | 000,000,735 | ---- | C] () -- C:\Windows\FF05_Render_Spk_Hp.ini
[2010/07/07 12:41:31 | 000,000,508 | ---- | C] () -- C:\Windows\FF05_not_Spk_Hp.ini
[2010/07/07 12:39:17 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/07/07 12:39:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/01/29 16:11:51 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2009/08/19 03:33:09 | 000,020,480 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2009/08/19 03:33:09 | 000,000,232 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 00:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/15 14:04:38 | 000,104,520 | ---- | C] () -- C:\Windows\SysWow64\OSD.dll
[2008/12/01 20:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2004/02/20 15:36:34 | 000,416,256 | ---- | C] () -- C:\Windows\exchndl.dll

========== LOP Check ==========

[2010/08/14 07:44:30 | 000,000,000 | ---D | M] -- C:\Users\EricShang\AppData\Roaming\acccore
[2011/07/18 01:08:26 | 000,000,000 | ---D | M] -- C:\Users\EricShang\AppData\Roaming\Dyyno
[2011/01/31 18:30:11 | 000,000,000 | ---D | M] -- C:\Users\EricShang\AppData\Roaming\ICAClient
[2011/11/04 19:14:43 | 000,000,000 | ---D | M] -- C:\Users\EricShang\AppData\Roaming\OpenCandy
[2011/10/20 23:08:21 | 000,000,000 | ---D | M] -- C:\Users\EricShang\AppData\Roaming\Origin
[2012/02/05 14:25:57 | 000,000,000 | ---D | M] -- C:\Users\EricShang\AppData\Roaming\SoftGrid Client
[2010/08/29 23:07:37 | 000,000,000 | ---D | M] -- C:\Users\EricShang\AppData\Roaming\TP
[2011/12/22 21:16:13 | 000,000,000 | ---D | M] -- C:\Users\EricShang\AppData\Roaming\TS3Client
[2011/07/13 00:55:19 | 000,000,000 | ---D | M] -- C:\Users\EricShang\AppData\Roaming\Vara Software
[2010/10/24 22:58:59 | 000,000,000 | ---D | M] -- C:\Users\EricShang\AppData\Roaming\Windows SideBar
[2011/07/17 21:34:11 | 000,000,000 | ---D | M] -- C:\Users\EricShang\AppData\Roaming\Wirecast
[2012/01/05 16:51:23 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:BEB15613

< End of report >


Extras:
*********

OTL Extras logfile created on: 2/15/2012 3:44:30 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\EricShang\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.93 Gb Total Physical Memory | 4.08 Gb Available Physical Memory | 68.83% Memory free
11.85 Gb Paging File | 9.43 Gb Available in Paging File | 79.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.23 Gb Total Space | 285.19 Gb Free Space | 63.91% Space Free | Partition Type: NTFS

Computer Name: ERICSHANG-PC | User Name: EricShang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3820835310-3000526531-3120137939-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4575935D-9457-4517-8750-2341F4286F5F}" = iTunes
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{52784483-7088-4A4C-81E2-808303AD98F5}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6D90C794-8E0C-B534-5911-A275777709F7}" = AMD Media Foundation Decoders
"{765879BD-1A62-F2C4-A5FE-67EF9B6310F1}" = ccc-utility64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{94CBEA74-DE51-FE55-8A0E-CFB5FC970517}" = AMD Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{38F8D823-008D-4E5A-BBCE-867A86C2BF2B}" = Sound Blaster Audigy HD
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.2.0
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8426BA89-CB8C-4D6C-AF14-3BFDE6C8F425}" = XSplit
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FEDDC74-F21D-5D88-D59A-8DF79816DBD4}" = Catalyst Control Center
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{909E265A-037A-9177-248B-CF1B04D9DBB6}" = Application Profiles
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93DF9F1F-17EB-82C0-F82B-9ABC230D6DE5}" = Application Profiles
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{95525636-6277-E383-3753-B8C5E3A05092}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A1E1A376-49D4-4960-8599-D5D26A4C2E7B}" = Razer Imperator
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1D46FFA-BCA1-4810-A8C1-D091E65D544B}" = League of Legends
"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
"{B5A5627C-0173-4DB2-ADA8-740479370F67}" = Express Gate
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B72E80DB-DF9B-DE1E-8899-CC74B6B9456A}" = Catalyst Control Center InstallProxy
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C3BDCF00-CE03-35A1-D347-7DCD50E81A52}" = Catalyst Control Center Graphics Previews Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E6B277FE-6F32-02E1-26F2-F77BB26C9D0E}" = Catalyst Control Center Localization All
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E74DFF-729F-915A-560D-1545183D64CF}" = Catalyst Control Center InstallProxy
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"ASUS_Notebook_G73" = ASUS_Notebook_G73 Screen Saver
"AutoHotkey" = AutoHotkey 1.0.48.05
"Battlelog Web Plugins" = Battlelog Web Plugins
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DivX Setup" = DivX Setup
"DreamerRO 10.11" = DreamerRO 10.11
"DreamerRO's 10.11" = DreamerRO's 10.11
"Dyyno Broadcaster" = Dyyno Broadcaster
"Electric Sheep" = Electric Sheep 2.7b28
"ESN Sonar" = ESN Sonar
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"HP Photo Creations" = HP Photo Creations
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Steam App 620" = Portal 2
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.2
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3820835310-3000526531-3120137939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
Eshang
Regular Member
 
Posts: 17
Joined: February 11th, 2012, 2:04 pm

Re: Webpage redirecting (?)

Unread postby pgmigg » February 16th, 2012, 10:37 pm

Hello Eshang,

Good job! :) Let continue our treatment...

Punkbuster warning

I see you have Punkbuster installed.( read the section on Published features) This is spyware. Punkbuster can take control over various aspects of your computer, and some gaming tools not unlike Punkbuster also hinder their removals. By the definition we handle here, Punkbuster is actual spyware. Therefore, I now ask you to decide the following:
  • Either we try to leave Punkbuster alone but there is no guarantee a spyware component doesn't 'accidentally' get taken out; so Punkbuster might break. This will, of course, also break your ability to play games using Punkbuster enabled servers.
  • Or we can just remove Punkbuster. You can reinstall it afterwards if you wish, but please keep in mind that It is spyware.
  • Another option is to not clean this computer at all. This ensures Punkbuster will continue to function.
Please let me know what you would like to do.

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Webpage redirecting (?)

Unread postby Cypher » February 20th, 2012, 6:35 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 178 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware