Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Followed removal instructions, but still have same malware problem.

Started by LL1 , Jul 07 2010 05:55 PM

Please log in to reply

#1
LL1

Posted 07 July 2010 - 05:55 PM

New Member

Member
2 posts

Hello, this is my first post on Geekstogo! I am glad there is a place where people selflessly help others with their PC troubles, so before I actually get into my specific issue, I just wanted to say thank you guys/gals!

Here is my problem/s: It's been about 3-4 weeks since i've had this issue. When I started visiting some sites (Digg.com, did Google searches, other search engine search, some adult websites), I would often be redirected to other related and unrelated websites automatically.

I would find often times, these re-directs would also go to similar websites, URLs such as: ChinaonTv, Google-analytics.com, Googlesyndication, and other bogus websites. In fact through Firefox, I can still look for things on Google, whereas on IE, I can do a google search, but when I try to click on a search result, will get redirected elsewhere and I will only be able to access the website/s after the 2nd or 3rd time.

Finally I would like to mention one last aspect of this problem which baffles me: My mothers laptop appears to have the same issue as mine! It's ironic because we don't use each others laptops and when i tried using hers to visit some general websites, I encountered alot of the same issues as my laptop did.

I later found out it could be a virus on my router and had the firmware (on the router) updated, but to no avail. This was one of the reasons I figured reformatting my computer may not be a good idea.

Anyway I followed all the instructions on the forum about what to do before posting and followed it word for word. Unfortunately the only thing I cannot post is the GMER log. I've tried at least 5 times to scan the way I was told. 4 times my entire laptop froze (had to take out the battery) and the 5th time, the laptop crashed while GMER was scanning. I can only provide MBAM logs and the OTL text.

Here is the MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4290

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

7/7/2010 8:00:08 PM
mbam-log-2010-07-07 (20-00-08).txt

Scan type: Quick scan
Objects scanned: 127175
Time elapsed: 5 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is the OTL log:

OTL logfile created on: 7/7/2010 8:34:37 PM - Run 1
OTL by OldTimer - Version 3.2.8.0 Folder = C:\Users\Vitaliy\Downloads
Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,007.00 Mb Total Physical Memory | 382.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66.68 Gb Total Space | 5.20 Gb Free Space | 7.79% Space Free | Partition Type: NTFS
Drive D: | 6.29 Gb Total Space | 0.74 Gb Free Space | 11.79% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 1.32 Gb Free Space | 84.85% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VITALIY-PC
Current User Name: Vitaliy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/07 20:24:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Vitaliy\Downloads\OTL.exe
PRC - [2010/05/12 03:28:35 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2010/05/12 03:14:10 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/11 22:07:20 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/04/12 01:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2007/04/22 16:32:42 | 000,221,184 | ---- | M] (SafeBoot International) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2007/04/10 06:10:20 | 001,489,688 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.EXE
PRC - [2007/04/10 06:10:16 | 000,183,064 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\ATCHKSRV.EXE
PRC - [2007/04/10 06:10:10 | 000,404,248 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\ATCHK.EXE
PRC - [2007/04/10 06:10:06 | 000,121,624 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.EXE
PRC - [2007/02/15 05:55:18 | 000,140,832 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\IfxPsdSv.exe
PRC - [2007/02/06 18:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2007/01/23 13:15:14 | 000,181,792 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2007/01/23 13:02:44 | 000,546,336 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\IfxUAGUI.exe
PRC - [2007/01/09 15:52:36 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2006/12/15 04:08:34 | 001,097,728 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/12/04 16:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe

========== Modules (SafeList) ==========

MOD - [2010/07/07 20:24:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Vitaliy\Downloads\OTL.exe
MOD - [2007/02/25 20:49:00 | 000,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll
MOD - [2006/11/02 02:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 02:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/05/12 03:28:35 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/04/22 16:32:42 | 000,221,184 | ---- | M] (SafeBoot International) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2007/04/10 06:10:20 | 001,489,688 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.EXE -- (UNS) Intel®
SRV - [2007/04/10 06:10:16 | 000,183,064 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\ATCHKSRV.EXE -- (atchksrv) Intel®
SRV - [2007/04/10 06:10:06 | 000,121,624 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.EXE -- (LMS) Intel®
SRV - [2007/02/15 05:55:18 | 000,140,832 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Windows\System32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2007/02/06 18:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006/12/04 16:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto | Running] -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI)
SRV - [2006/06/21 22:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/04/12 01:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/04/22 16:25:30 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2007/04/22 16:24:58 | 000,100,095 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2007/04/10 18:39:34 | 002,464,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/04/10 15:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/04/06 02:27:36 | 000,044,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/03/29 16:54:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2007/03/27 11:08:20 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/27 11:08:18 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/03/27 11:08:18 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/03/27 11:08:18 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/03/21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/03/09 09:49:46 | 000,309,248 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/03/01 13:01:42 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 13:07:30 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2007/01/12 06:59:02 | 000,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/01/05 03:00:02 | 000,027,136 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2007/01/05 03:00:02 | 000,018,944 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2006/12/20 01:08:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 00:30:52 | 000,030,720 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006/10/09 13:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2006/06/28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.6.117
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/10 20:47:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/11 22:07:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/26 13:40:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/03 20:23:35 | 000,000,000 | ---D | M]

[2010/05/10 12:38:13 | 000,000,000 | ---D | M] -- C:\Users\Vitaliy\AppData\Roaming\Mozilla\Extensions
[2010/07/06 22:34:20 | 000,000,000 | ---D | M] -- C:\Users\Vitaliy\AppData\Roaming\Mozilla\Firefox\Profiles\r2t93qz8.default\extensions
[2010/06/23 23:44:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Vitaliy\AppData\Roaming\Mozilla\Firefox\Profiles\r2t93qz8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/15 00:13:10 | 000,000,000 | ---D | M] -- C:\Users\Vitaliy\AppData\Roaming\Mozilla\Firefox\Profiles\r2t93qz8.default\extensions\[email protected]
[2010/06/05 11:05:28 | 000,000,000 | ---D | M] -- C:\Users\Vitaliy\AppData\Roaming\Mozilla\Firefox\Profiles\r2t93qz8.default\extensions\[email protected]
[2010/06/02 13:28:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/02 13:28:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/02 13:28:09 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.5 213.109.72.21 68.237.161.12
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/07/07 20:31:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/07/07 19:51:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/07 19:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/01 19:15:41 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\Desktop\SH
[2010/06/30 15:25:59 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\Desktop\Every Other Day Diet Products
[2010/06/30 15:23:08 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\Desktop\Diet Solution
[2010/06/26 13:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/06/26 13:08:43 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\Desktop\David DeAngelo - Meeting Women Online
[2010/06/23 23:44:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/23 12:24:10 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\Desktop\Insta Cash Kewords
[2010/06/22 15:18:35 | 000,000,000 | ---D | C] -- C:\Yummy Mummy
[2010/06/22 14:21:51 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/06/20 14:38:02 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\Desktop\GMSO
[2010/06/19 02:40:24 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\Desktop\basic_4563
[2010/06/16 20:40:09 | 000,000,000 | ---D | C] -- C:\Fat Loss 4 Idiots
[2010/06/15 18:36:05 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\Desktop\Ultimate Guide to Text and Phone Game
[2010/06/14 21:57:35 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Local\CutePDF Writer
[2010/06/14 00:10:30 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/06/14 00:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/06/14 00:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/06/12 17:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2010/06/12 17:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2010/06/02 13:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/06/02 13:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/06/02 13:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/16 17:24:46 | 000,000,000 | ---D | C] -- C:\skinny_switchYahoo site
[2010/05/14 15:17:59 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\Desktop\New Folder (2)
[2010/05/14 15:17:45 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Roaming\FileZilla
[2010/05/14 15:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2010/05/13 21:32:51 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Roaming\vlc
[2010/05/13 21:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/05/12 19:47:03 | 000,000,000 | ---D | C] -- C:\SSS Site
[2010/05/12 19:47:03 | 000,000,000 | ---D | C] -- C:\Calorie Shifting site
[2010/05/12 19:47:02 | 000,000,000 | ---D | C] -- C:\skinny_switch older one
[2010/05/12 19:47:02 | 000,000,000 | ---D | C] -- C:\skinny_switch
[2010/05/12 19:47:02 | 000,000,000 | ---D | C] -- C:\Sensa Folder
[2010/05/12 19:47:01 | 000,000,000 | ---D | C] -- C:\ppd2
[2010/05/12 19:47:01 | 000,000,000 | ---D | C] -- C:\PPD
[2010/05/12 19:47:01 | 000,000,000 | ---D | C] -- C:\Original EODD Diet Site that sold alot
[2010/05/12 19:47:01 | 000,000,000 | ---D | C] -- C:\Negative Calorie Diet
[2010/05/12 19:47:00 | 000,000,000 | ---D | C] -- C:\Low-cab diet conduit site2
[2010/05/12 19:47:00 | 000,000,000 | ---D | C] -- C:\Low-cab diet conduit site
[2010/05/12 19:46:58 | 000,000,000 | ---D | C] -- C:\FBF
[2010/05/12 19:46:58 | 000,000,000 | ---D | C] -- C:\eodd_2
[2010/05/12 19:46:57 | 000,000,000 | ---D | C] -- C:\EODD
[2010/05/12 19:46:57 | 000,000,000 | ---D | C] -- C:\EODD - Copy
[2010/05/12 19:46:57 | 000,000,000 | ---D | C] -- C:\EODD - Copy (3)
[2010/05/12 19:46:57 | 000,000,000 | ---D | C] -- C:\EODD - Copy (2)
[2010/05/12 19:46:56 | 000,000,000 | ---D | C] -- C:\Dietsthatactuallywork 8 page site
[2010/05/12 19:46:56 | 000,000,000 | ---D | C] -- C:\calorie_shifting Site Rubix
[2010/05/12 19:46:55 | 000,000,000 | ---D | C] -- C:\Calorie Shifting site - Copy
[2010/05/12 19:46:55 | 000,000,000 | ---D | C] -- C:\Calorie Shifting site - Copy - Copy
[2010/05/12 18:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/12 18:46:50 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\Desktop\nod32_27039
[2010/05/12 18:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/05/12 18:44:27 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Roaming\Malwarebytes
[2010/05/12 18:44:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/12 18:44:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/12 18:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/12 18:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/12 17:27:38 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Local\Adobe
[2010/05/12 17:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/05/12 17:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/05/12 17:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/05/12 12:26:43 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\Desktop\New Folder
[2010/05/12 11:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/05/12 11:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/05/12 11:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/12 11:31:36 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/05/12 11:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/12 11:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/05/12 11:27:46 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Local\Microsoft Help
[2010/05/12 11:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/12 11:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/05/12 11:27:06 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/05/12 03:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/05/11 22:43:23 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Roaming\Nvu
[2010/05/11 22:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/05/11 22:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/05/11 22:40:13 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Roaming\uTorrent
[2010/05/11 22:08:28 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\Documents\Downloads
[2010/05/11 22:08:03 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Local\Real
[2010/05/11 22:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/05/11 22:07:21 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/05/11 22:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/05/11 22:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/05/11 22:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/05/11 22:07:18 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Roaming\Real
[2010/05/11 22:06:20 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Local\Google
[2010/05/11 22:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/05/11 19:21:28 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Local\TechSmith
[2010/05/11 19:20:16 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\Documents\Camtasia Studio
[2010/05/11 19:19:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2010/05/11 19:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/11 19:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2010/05/11 19:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/05/11 19:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/05/11 17:52:47 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\Desktop\nvu-1.0PR
[2010/05/10 20:54:10 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Local\HP
[2010/05/10 20:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/05/10 20:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/05/10 20:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/05/10 20:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/05/10 15:17:02 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Roaming\ATI
[2010/05/10 15:17:02 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Local\ATI
[2010/05/10 15:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2010/05/10 15:05:01 | 000,047,616 | ---- | C] (RICOH Company, Ltd.) -- C:\Windows\System32\drivers\rismc32.sys
[2010/05/10 15:04:42 | 000,039,936 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2010/05/10 15:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/05/10 15:04:06 | 000,000,000 | ---D | C] -- C:\Program Files\HP PCMCIA Smart Card Reader
[2010/05/10 14:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/05/10 14:59:05 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/05/10 14:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/05/10 14:57:10 | 000,181,432 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys
[2010/05/10 14:57:08 | 000,196,608 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynCtrl.dll
[2010/05/10 14:57:08 | 000,163,840 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynCOM.dll
[2010/05/10 14:57:08 | 000,143,360 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynTPAPI.dll
[2010/05/10 14:57:08 | 000,110,592 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynTPCo4.dll
[2010/05/10 14:56:40 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/05/10 14:56:25 | 000,000,000 | -HSD | C] -- C:\Boot
[2010/05/10 14:56:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2010/05/10 14:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Fingerprint Sensor
[2010/05/10 14:51:36 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Roaming\Infineon
[2010/05/10 14:51:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Infineon
[2010/05/10 14:49:17 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Roaming\hpqLog
[2010/05/10 14:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\HPQ
[2010/05/10 14:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/05/10 14:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\postureAgent
[2010/05/10 14:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/05/10 14:48:54 | 000,000,000 | ---D | C] -- C:\Intel
[2010/05/10 14:44:36 | 000,069,120 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmdel.exe
[2010/05/10 14:44:34 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2010/05/10 14:44:16 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/05/10 14:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2010/05/10 14:43:32 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/05/10 14:43:30 | 000,000,000 | ---D | C] -- C:\SWSetup
[2010/05/10 14:43:28 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/05/10 14:43:26 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Roaming\Hewlett Packard
[2010/05/10 14:43:20 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Roaming\InstallShield
[2010/05/10 14:42:27 | 000,000,000 | ---D | C] -- C:\SYSTEM.SAV
[2010/05/10 14:02:34 | 000,000,000 | R--D | C] -- C:\Users\Vitaliy\Searches
[2010/05/10 14:02:26 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Roaming\Identities
[2010/05/10 14:02:25 | 000,000,000 | R--D | C] -- C:\Users\Vitaliy\Contacts
[2010/05/10 14:02:24 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Local\VirtualStore
[2010/05/10 14:02:22 | 000,000,000 | -HSD | C] -- C:\Users\Vitaliy\AppData\Local\Temporary Internet Files
[2010/05/10 14:02:22 | 000,000,000 | -HSD | C] -- C:\Users\Vitaliy\Templates
[2010/05/10 14:02:22 | 000,000,000 | -HSD | C] -- C:\Users\Vitaliy\Start Menu
[2010/05/10 14:02:22 | 000,000,000 | -HSD | C] -- C:\Users\Vitaliy\SendTo
[2010/05/10 14:02:22 | 000,000,000 | -HSD | C] -- C:\Users\Vitaliy\Recent
[2010/05/10 14:02:22 | 000,000,000 | -HSD | C] -- C:\Users\Vitaliy\PrintHood
[2010/05/10 14:02:22 | 000,000,000 | -HSD | C] -- C:\Users\Vitaliy\NetHood
[2010/05/10 14:02:22 | 000,000,000 | -HSD | C] -- C:\Users\Vitaliy\Documents\My Videos
[2010/05/10 14:02:22 | 000,000,000 | -HSD | C] -- C:\Users\Vitaliy\Documents\My Pictures
[2010/05/10 14:02:22 | 000,000,000 | -HSD | C] -- C:\Users\Vitaliy\Documents\My Music
[2010/05/10 14:02:22 | 000,000,000 | -HSD | C] -- C:\Users\Vitaliy\My Documents
[2010/05/10 14:02:22 | 000,000,000 | -HSD | C] -- C:\Users\Vitaliy\Local Settings
[2010/05/10 14:02:22 | 000,000,000 | -HSD | C] -- C:\Users\Vitaliy\AppData\Local\History
[2010/05/10 14:02:22 | 000,000,000 | -HSD | C] -- C:\Users\Vitaliy\Cookies
[2010/05/10 14:02:22 | 000,000,000 | -HSD | C] -- C:\Users\Vitaliy\Application Data
[2010/05/10 14:02:22 | 000,000,000 | -HSD | C] -- C:\Users\Vitaliy\AppData\Local\Application Data
[2010/05/10 14:02:21 | 000,000,000 | --SD | C] -- C:\Users\Vitaliy\AppData\Roaming\Microsoft
[2010/05/10 14:02:21 | 000,000,000 | R--D | C] -- C:\Users\Vitaliy\Videos
[2010/05/10 14:02:21 | 000,000,000 | R--D | C] -- C:\Users\Vitaliy\Saved Games
[2010/05/10 14:02:21 | 000,000,000 | R--D | C] -- C:\Users\Vitaliy\Pictures
[2010/05/10 14:02:21 | 000,000,000 | R--D | C] -- C:\Users\Vitaliy\Music
[2010/05/10 14:02:21 | 000,000,000 | R--D | C] -- C:\Users\Vitaliy\Links
[2010/05/10 14:02:21 | 000,000,000 | R--D | C] -- C:\Users\Vitaliy\Favorites
[2010/05/10 14:02:21 | 000,000,000 | R--D | C] -- C:\Users\Vitaliy\Downloads
[2010/05/10 14:02:21 | 000,000,000 | R--D | C] -- C:\Users\Vitaliy\Documents
[2010/05/10 14:02:21 | 000,000,000 | R--D | C] -- C:\Users\Vitaliy\Desktop
[2010/05/10 14:02:21 | 000,000,000 | -H-D | C] -- C:\Users\Vitaliy\AppData
[2010/05/10 14:02:21 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Local\Temp
[2010/05/10 14:02:21 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Local\Microsoft
[2010/05/10 14:00:29 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/05/10 13:59:09 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2010/05/10 13:59:09 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2010/05/10 13:57:46 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/05/10 13:57:33 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/05/10 13:09:17 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Roaming\Macromedia
[2010/05/10 13:09:17 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Roaming\Adobe
[2010/05/10 13:08:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/05/10 13:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/05/10 13:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/05/10 13:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/05/10 12:29:32 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Roaming\Mozilla
[2010/05/10 12:29:32 | 000,000,000 | ---D | C] -- C:\Users\Vitaliy\AppData\Local\Mozilla
[2010/05/10 12:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/12 01:44:34 | 000,059,388 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\System32\drivers\scdemu.sys

========== Files - Modified Within 90 Days ==========

[2010/07/07 20:34:40 | 002,289,664 | ---- | M] () -- C:\Users\Vitaliy\ntuser.dat
[2010/07/07 20:31:49 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/07 20:31:27 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/07 20:31:27 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/07 20:31:24 | 231,836,335 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/07 20:31:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/07 20:31:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/07 20:30:57 | 1056,235,520 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/07 20:19:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/07 20:13:54 | 000,524,288 | -HS- | M] () -- C:\Users\Vitaliy\ntuser.dat{b99a0ae3-8a3a-11df-97ce-00247e39470b}.TMContainer00000000000000000002.regtrans-ms
[2010/07/07 20:13:54 | 000,524,288 | -HS- | M] () -- C:\Users\Vitaliy\ntuser.dat{b99a0ae3-8a3a-11df-97ce-00247e39470b}.TMContainer00000000000000000001.regtrans-ms
[2010/07/07 20:13:54 | 000,065,536 | -HS- | M] () -- C:\Users\Vitaliy\ntuser.dat{b99a0ae3-8a3a-11df-97ce-00247e39470b}.TM.blf
[2010/07/07 20:04:17 | 002,621,440 | -HS- | M] () -- C:\Users\Vitaliy\ntuser.bak
[2010/07/07 19:50:39 | 000,000,733 | ---- | M] () -- C:\Users\Vitaliy\Desktop\NTREGOPT.lnk
[2010/07/07 19:50:39 | 000,000,714 | ---- | M] () -- C:\Users\Vitaliy\Desktop\ERUNT.lnk
[2010/07/07 19:50:11 | 000,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/07 19:50:11 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/07 19:50:11 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/07 19:47:59 | 000,019,456 | ---- | M] () -- C:\Users\Vitaliy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/07 00:49:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/07/07 00:48:24 | 002,328,182 | -H-- | M] () -- C:\Users\Vitaliy\AppData\Local\IconCache.db
[2010/07/06 23:21:10 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/07/06 03:35:50 | 000,000,000 | ---- | M] () -- C:\Users\Vitaliy\Desktop\Caro test.docx
[2010/07/01 19:21:05 | 000,013,168 | ---- | M] () -- C:\Users\Vitaliy\Desktop\June Sales Report.xlsx
[2010/06/30 00:30:57 | 000,011,689 | ---- | M] () -- C:\Users\Vitaliy\Documents\AMAA.docx
[2010/06/28 22:28:35 | 000,000,680 | ---- | M] () -- C:\Users\Vitaliy\AppData\Local\d3d9caps.dat
[2010/06/26 13:31:33 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/06/23 23:44:08 | 000,000,804 | ---- | M] () -- C:\Users\Vitaliy\Desktop\CCleaner.lnk
[2010/06/21 04:32:25 | 005,943,202 | ---- | M] () -- C:\Users\Vitaliy\Desktop\Armored Core 3 Silent Line OST, T08 Rise In Arms.flv
[2010/06/17 00:55:18 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010/06/14 22:08:19 | 000,012,792 | ---- | M] () -- C:\Users\Vitaliy\Desktop\The Real Ways To Make Money Online Part III.docx
[2010/06/14 22:06:23 | 000,029,502 | ---- | M] () -- C:\Users\Vitaliy\Desktop\The Real Ways To Make Money Online Part III.pdf
[2010/06/14 22:03:28 | 000,061,241 | ---- | M] () -- C:\Users\Vitaliy\Desktop\The Real Ways To Make Money Online Part II.pdf
[2010/06/14 22:02:28 | 000,015,272 | ---- | M] () -- C:\Users\Vitaliy\Desktop\The Real Ways To Make Money Online Part II.docx
[2010/06/14 18:55:49 | 003,219,488 | ---- | M] () -- C:\Users\Vitaliy\Desktop\WRT310Nv1_0_09_004.code.bin
[2010/06/14 00:10:30 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/06/09 19:59:38 | 000,013,242 | ---- | M] () -- C:\Users\Vitaliy\Desktop\May Sales Report.xlsx
[2010/06/06 12:23:31 | 054,834,477 | ---- | M] () -- C:\Users\Vitaliy\Desktop\LibPkg_2010-06-06_122239.libzip
[2010/06/02 11:02:25 | 000,967,993 | ---- | M] () -- C:\Users\Vitaliy\Desktop\FBFReview Presentation.pptx
[2010/05/26 15:59:52 | 000,000,563 | ---- | M] () -- C:\Users\Vitaliy\Desktop\Fat Burning Furnace Vid Review.wmv.lnk
[2010/05/26 15:37:15 | 001,564,192 | ---- | M] () -- C:\Users\Vitaliy\Desktop\Fat Burning Furnace Video Review.pptx
[2010/05/26 14:33:44 | 001,881,824 | ---- | M] () -- C:\Users\Vitaliy\Desktop\FBFReview For Camtasia.pptx
[2010/05/19 09:04:15 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/17 16:34:18 | 000,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h
[2010/05/17 16:33:46 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/05/17 16:21:48 | 038,125,568 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2010/05/17 16:21:48 | 000,049,152 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010/05/17 16:21:47 | 000,016,384 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2010/05/16 17:22:15 | 000,000,104 | ---- | M] () -- C:\Users\Vitaliy\Desktop\Computer - Shortcut.lnk
[2010/05/16 10:52:39 | 000,013,370 | ---- | M] () -- C:\Users\Vitaliy\Desktop\April Sales Report.xlsx
[2010/05/14 00:17:17 | 000,112,017 | ---- | M] () -- C:\Users\Vitaliy\Desktop\EODD project.pptx
[2010/05/13 21:31:58 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/05/13 15:01:51 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/05/13 15:01:51 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/05/13 00:31:27 | 000,000,048 | ---- | M] () -- C:\Windows\System32\imon1.dat
[2010/05/12 18:55:34 | 000,100,432 | ---- | M] () -- C:\Users\Vitaliy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/12 18:54:01 | 000,374,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/12 18:44:22 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/12 11:28:17 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010/05/12 11:15:51 | 000,000,943 | ---- | M] () -- C:\Users\Vitaliy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/12 11:13:19 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2010/05/12 03:33:03 | 001,657,350 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2010/05/12 01:38:45 | 000,000,938 | ---- | M] () -- C:\Users\Vitaliy\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/05/11 22:41:44 | 000,000,776 | ---- | M] () -- C:\Users\Vitaliy\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/05/11 22:41:44 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/05/11 22:07:46 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/05/11 22:07:21 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/05/11 22:06:53 | 000,001,955 | ---- | M] () -- C:\Users\Vitaliy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/05/11 19:19:36 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010/05/10 21:18:58 | 000,201,370 | ---- | M] () -- C:\Windows\hpoins43.dat
[2010/05/10 20:49:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[2010/05/10 15:11:21 | 000,524,288 | -HS- | M] () -- C:\Users\Vitaliy\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms
[2010/05/10 15:11:21 | 000,524,288 | -HS- | M] () -- C:\Users\Vitaliy\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010/05/10 15:11:21 | 000,065,536 | -HS- | M] () -- C:\Users\Vitaliy\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010/05/10 14:57:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/05/10 14:56:26 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/05/10 14:53:22 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_bNB_6910p_Y5336AN_0U_QCND91008SJ_EU_4A_I30C1_SHP_V68.36_68MCD F.17_T081104_WV6-0_L409_M1007_J80_7Intel_86FB_92.20_#100510_N80861049_(GH719AW#ABA)_XMOBILE_CN10_
Z_2F.17_G10027188.MRK
[2010/05/10 14:02:22 | 000,000,020 | -HS- | M] () -- C:\Users\Vitaliy\ntuser.ini
[2010/05/10 14:01:09 | 000,033,717 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/05/10 12:28:36 | 000,001,748 | ---- | M] () -- C:\Users\Vitaliy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/05/10 12:28:36 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/12 01:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) -- C:\Windows\System32\drivers\scdemu.sys

========== Files Created - No Company Name ==========

[2010/07/07 20:31:00 | 231,836,335 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/07/07 20:13:54 | 000,524,288 | -HS- | C] () -- C:\Users\Vitaliy\ntuser.dat{b99a0ae3-8a3a-11df-97ce-00247e39470b}.TMContainer00000000000000000002.regtrans-ms
[2010/07/07 20:13:54 | 000,524,288 | -HS- | C] () -- C:\Users\Vitaliy\ntuser.dat{b99a0ae3-8a3a-11df-97ce-00247e39470b}.TMContainer00000000000000000001.regtrans-ms
[2010/07/07 20:13:54 | 000,065,536 | -HS- | C] () -- C:\Users\Vitaliy\ntuser.dat{b99a0ae3-8a3a-11df-97ce-00247e39470b}.TM.blf
[2010/07/07 20:02:10 | 000,293,376 | ---- | C] () -- C:\Users\Vitaliy\Desktop\gmer.exe
[2010/07/07 19:52:35 | 000,262,144 | -H-- | C] () -- C:\Users\Vitaliy\ntuser.tmp.LOG1
[2010/07/07 19:52:35 | 000,000,000 | -H-- | C] () -- C:\Users\Vitaliy\ntuser.tmp.LOG2
[2010/07/07 19:50:39 | 000,000,733 | ---- | C] () -- C:\Users\Vitaliy\Desktop\NTREGOPT.lnk
[2010/07/07 19:50:39 | 000,000,714 | ---- | C] () -- C:\Users\Vitaliy\Desktop\ERUNT.lnk
[2010/07/06 03:35:50 | 000,000,000 | ---- | C] () -- C:\Users\Vitaliy\Desktop\Caro test.docx
[2010/07/01 16:04:26 | 000,013,168 | ---- | C] () -- C:\Users\Vitaliy\Desktop\June Sales Report.xlsx
[2010/06/30 00:30:56 | 000,011,689 | ---- | C] () -- C:\Users\Vitaliy\Documents\AMAA.docx
[2010/06/26 13:31:33 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/06/26 13:27:58 | 000,350,720 | ---- | C] () -- C:\Users\Vitaliy\Desktop\hjsplit.exe
[2010/06/23 23:44:08 | 000,000,804 | ---- | C] () -- C:\Users\Vitaliy\Desktop\CCleaner.lnk
[2010/06/21 04:29:57 | 005,943,202 | ---- | C] () -- C:\Users\Vitaliy\Desktop\Armored Core 3 Silent Line OST, T08 Rise In Arms.flv
[2010/06/16 14:28:00 | 003,397,094 | ---- | C] () -- C:\Users\Vitaliy\Desktop\wealthyaffiliateforfree.pdf
[2010/06/14 22:06:27 | 000,029,502 | ---- | C] () -- C:\Users\Vitaliy\Desktop\The Real Ways To Make Money Online Part III.pdf
[2010/06/14 21:57:47 | 000,061,241 | ---- | C] () -- C:\Users\Vitaliy\Desktop\The Real Ways To Make Money Online Part II.pdf
[2010/06/14 21:54:05 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/06/14 18:55:15 | 003,219,488 | ---- | C] () -- C:\Users\Vitaliy\Desktop\WRT310Nv1_0_09_004.code.bin
[2010/06/14 00:05:44 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/06/13 12:46:18 | 000,616,974 | ---- | C] () -- C:\Users\Vitaliy\Desktop\Edited Sales 1.bmp
[2010/06/12 17:27:17 | 000,012,792 | ---- | C] () -- C:\Users\Vitaliy\Desktop\The Real Ways To Make Money Online Part III.docx
[2010/06/12 17:23:52 | 000,015,272 | ---- | C] () -- C:\Users\Vitaliy\Desktop\The Real Ways To Make Money Online Part II.docx
[2010/06/09 18:35:18 | 000,013,242 | ---- | C] () -- C:\Users\Vitaliy\Desktop\May Sales Report.xlsx
[2010/06/06 12:23:11 | 054,834,477 | ---- | C] () -- C:\Users\Vitaliy\Desktop\LibPkg_2010-06-06_122239.libzip
[2010/05/26 15:59:52 | 000,000,563 | ---- | C] () -- C:\Users\Vitaliy\Desktop\Fat Burning Furnace Vid Review.wmv.lnk
[2010/05/26 14:57:30 | 001,564,192 | ---- | C] () -- C:\Users\Vitaliy\Desktop\Fat Burning Furnace Video Review.pptx
[2010/05/26 14:33:43 | 001,881,824 | ---- | C] () -- C:\Users\Vitaliy\Desktop\FBFReview For Camtasia.pptx
[2010/05/24 13:54:26 | 000,967,993 | ---- | C] () -- C:\Users\Vitaliy\Desktop\FBFReview Presentation.pptx
[2010/05/17 16:34:18 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2010/05/17 16:33:46 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/05/17 16:17:38 | 038,125,568 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2010/05/17 16:17:38 | 000,049,152 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010/05/17 16:17:38 | 000,016,384 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2010/05/16 17:22:15 | 000,000,104 | ---- | C] () -- C:\Users\Vitaliy\Desktop\Computer - Shortcut.lnk
[2010/05/14 15:16:45 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010/05/14 00:17:16 | 000,112,017 | ---- | C] () -- C:\Users\Vitaliy\Desktop\EODD project.pptx
[2010/05/13 21:31:58 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/05/13 00:31:27 | 000,000,048 | ---- | C] () -- C:\Windows\System32\imon1.dat
[2010/05/12 21:08:43 | 000,013,370 | ---- | C] () -- C:\Users\Vitaliy\Desktop\April Sales Report.xlsx
[2010/05/12 18:44:22 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/12 17:24:51 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/12 03:33:03 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/05/12 01:38:45 | 000,000,938 | ---- | C] () -- C:\Users\Vitaliy\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/05/11 22:40:30 | 000,000,776 | ---- | C] () -- C:\Users\Vitaliy\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/05/11 22:40:30 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/05/11 22:07:46 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/05/11 22:06:53 | 000,001,955 | ---- | C] () -- C:\Users\Vitaliy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/05/11 22:06:31 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/11 22:06:29 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/11 19:28:41 | 000,019,456 | ---- | C] () -- C:\Users\Vitaliy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/11 19:19:36 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010/05/10 20:32:38 | 000,003,084 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/05/10 20:32:34 | 000,201,370 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/05/10 20:32:34 | 000,000,675 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2010/05/10 14:58:27 | 000,328,162 | ---- | C] () -- C:\Windows\System32\drivers\ativcaxx.cpa
[2010/05/10 14:58:26 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2010/05/10 14:58:25 | 000,041,216 | ---- | C] () -- C:\Windows\System32\drivers\ativvpxx.vp
[2010/05/10 14:58:25 | 000,011,441 | ---- | C] () -- C:\Windows\atiogl.xml
[2010/05/10 14:58:25 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativpkxx.vp
[2010/05/10 14:58:25 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativokxx.vp
[2010/05/10 14:58:25 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativdkxx.vp
[2010/05/10 14:58:25 | 000,000,929 | ---- | C] () -- C:\Windows\System32\drivers\ativcaxx.vp
[2010/05/10 14:57:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/05/10 14:57:08 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2010/05/10 14:56:26 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2010/05/10 14:56:25 | 000,438,840 | RHS- | C] () -- C:\bootmgr
[2010/05/10 14:53:22 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_bNB_6910p_Y5336AN_0U_QCND91008SJ_EU_4A_I30C1_SHP_V68.36_68MCD F.17_T081104_WV6-0_L409_M1007_J80_7Intel_86FB_92.20_#100510_N80861049_(GH719AW#ABA)_XMOBILE_CN10_
Z_2F.17_G10027188.MRK
[2010/05/10 14:43:32 | 000,144,201 | ---- | C] () -- C:\Windows\System32\drivers\HSFProf.cty
[2010/05/10 14:02:43 | 1056,235,520 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/10 14:02:22 | 000,000,680 | ---- | C] () -- C:\Users\Vitaliy\AppData\Local\d3d9caps.dat
[2010/05/10 14:02:22 | 000,000,020 | -HS- | C] () -- C:\Users\Vitaliy\ntuser.ini
[2010/05/10 14:02:21 | 002,621,440 | -HS- | C] () -- C:\Users\Vitaliy\ntuser.bak
[2010/05/10 14:02:21 | 002,289,664 | ---- | C] () -- C:\Users\Vitaliy\ntuser.dat
[2010/05/10 14:02:21 | 000,524,288 | -HS- | C] () -- C:\Users\Vitaliy\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms
[2010/05/10 14:02:21 | 000,524,288 | -HS- | C] () -- C:\Users\Vitaliy\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010/05/10 14:02:21 | 000,262,144 | -H-- | C] () -- C:\Users\Vitaliy\ntuser.dat.LOG1
[2010/05/10 14:02:21 | 000,065,536 | -HS- | C] () -- C:\Users\Vitaliy\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010/05/10 14:02:21 | 000,000,258 | ---- | C] () -- C:\Users\Vitaliy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/05/10 14:02:21 | 000,000,240 | ---- | C] () -- C:\Users\Vitaliy\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/05/10 14:02:21 | 000,000,000 | -H-- | C] () -- C:\Users\Vitaliy\ntuser.dat.LOG2
[2010/05/10 14:00:54 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/05/10 13:08:29 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/05/10 13:08:29 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/05/10 12:28:36 | 000,001,748 | ---- | C] () -- C:\Users\Vitaliy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/05/10 12:28:36 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/10 12:22:14 | 000,000,943 | ---- | C] () -- C:\Users\Vitaliy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2007/04/22 16:24:58 | 000,100,095 | ---- | C] () -- C:\Windows\System32\drivers\SafeBoot.sys
[2007/04/10 18:31:24 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1998/05/06 19:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

========== LOP Check ==========

[2010/07/04 14:01:54 | 000,000,000 | ---D | M] -- C:\Users\Vitaliy\AppData\Roaming\FileZilla
[2010/05/10 15:05:39 | 000,000,000 | ---D | M] -- C:\Users\Vitaliy\AppData\Roaming\Hewlett Packard
[2010/05/10 14:51:36 | 000,000,000 | ---D | M] -- C:\Users\Vitaliy\AppData\Roaming\Infineon
[2010/05/11 22:43:25 | 000,000,000 | ---D | M] -- C:\Users\Vitaliy\AppData\Roaming\Nvu
[2010/07/07 20:32:57 | 000,000,000 | ---D | M] -- C:\Users\Vitaliy\AppData\Roaming\uTorrent
[2010/07/07 19:43:04 | 000,011,416 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/05/10 15:07:18 | 000,000,090 | ---- | M] () -- C:\bcmwl6.log
[2006/11/02 02:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2010/05/10 14:56:26 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/07/07 20:30:57 | 1056,235,520 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/07 20:30:56 | 1370,161,152 | -HS- | M] () -- C:\pagefile.sys
[2010/05/10 15:11:10 | 000,000,185 | ---- | M] () -- C:\setup.log

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 05:37:19 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:37:19 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:19 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 05:37:19 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2009/04/16 14:08:20 | 000,312,832 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpfpp70v.dll
[2006/11/02 05:36:30 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007/04/10 18:31:32 | 000,319,488 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2006/11/02 02:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2010/05/12 03:10:02 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2010/05/12 03:04:12 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2006/11/02 02:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 02:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-05-17 23:35:12
< End of report >

Please help me resolve this issue!

Regards,

Max

#2
RKinner

Posted 08 July 2010 - 01:17 AM

Malware Expert

Expert
24,624 posts

Expect your router is infected. Updating firmware is not going to help. It needs to be reset to factory defaults and the default password changed. Resetting to factory default is usually done by pressing and holding the RESET button on the back for 5 - 10 seconds. This will lose any encryption you may be using on wireless links so that will need to be done again. We can work around it tho.

1. Click "Start," (click "Settings,") click "Control Panel," click "Network and Sharing Center," and then click "View Status", Click "Properties,"
2. Click on Internet Protocol Version 4 (TCP/IPv4) (On the text not the check box) then Click on Properties

3. Click "Use the following DNS server addresses," and then type 68.237.161.12 in the Preferred DNS server and 4.2.2.1 in the Alternate DNS server boxes.

4. Click "OK" and close all of the windows that have opened.

Verify that the changes worked:

Start, Programs, Accessories, then right click on Command Prompt and select Run As Administrator, to bring up a Command Prompt.

ipconfig /release

ipconfig /renew

ipconfig /flushdns

ipconfig /all

(Space before each / ) There will be an entry for DNS Server. Verify that it has the 68.237.161.12 and 4.2.2.1 addresses.)

exit.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Right click on george and Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Go to this page and Download TDSSKiller.zip to your Desktop.
Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
Vista Start logo >All Programs> Accessories> RIGHT-click on Command Prompt and Select Run As Administrator. Copy/paste the following bolded command and hit Enter.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Ron

#3
LL1

Posted 10 July 2010 - 01:18 AM

New Member

Topic Starter
Member
2 posts

Hey Ron, thank you for posting this information. I appreciate the help and time you put into explaining everything! I tried following everything to the letter. Although I encountered some trouble, I am able to post the Combofix and TDSkiller logs. I reset my router. I then had trouble using it again and had to call support to help me set it up again (new ID/pass) this time.

The redirects appear to have vanished. I then dl'd and ran combofix. It ran for about 10 seconds or so. I think the following is the log you wanted me to post because there wasn't actually any indication of a scan finishing from Combofix.

Combofix log:

FINDSTR -MI "update_load" %systemdrive%\cp*.nls >ndis00 2>nul

FOR /F "TOKENS=*" %%G IN ( ndis00 ) DO @(
DEL /A/F/Q "%%~G"
IF NOT EXIST "%%~G" ECHO."%%~G">>drev.dat
IF EXIST "%%~G" ECHO.%%~G . . . . failed to delete>>drev.dat
)>n_%random% 2>&1

DEL ndis00 2>nul

And here is the TDSkiller log:

04:12:54:810 2108 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
04:12:54:810 2108 ================================================================================
04:12:54:810 2108 SystemInfo:

04:12:54:810 2108 OS Version: 6.0.6000 ServicePack: 0.0
04:12:54:810 2108 Product type: Workstation
04:12:54:810 2108 ComputerName: VITALIY-PC
04:12:54:811 2108 UserName: Vitaliy
04:12:54:811 2108 Windows directory: C:\Windows
04:12:54:811 2108 System windows directory: C:\Windows
04:12:54:811 2108 Processor architecture: Intel x86
04:12:54:811 2108 Number of processors: 2
04:12:54:811 2108 Page size: 0x1000
04:12:54:812 2108 Boot type: Normal boot
04:12:54:812 2108 ================================================================================
04:12:57:919 2108 Initialize success
04:12:57:919 2108
04:12:57:919 2108 Scanning Services ...
04:12:58:462 2108 Raw services enum returned 450 services
04:12:58:472 2108
04:12:58:472 2108 Scanning Drivers ...
04:12:59:898 2108 Accelerometer (17ae46c4f390fb09ddf6dacff5c0a281) C:\Windows\system32\DRIVERS\Accelerometer.sys
04:12:59:971 2108 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
04:13:00:157 2108 ADIHdAudAddService (b30ee77d621a08891089b7d9712d8cd4) C:\Windows\system32\drivers\ADIHdAud.sys
04:13:00:373 2108 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
04:13:00:789 2108 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
04:13:00:849 2108 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
04:13:00:896 2108 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
04:13:00:924 2108 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
04:13:01:009 2108 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
04:13:01:051 2108 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
04:13:01:090 2108 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
04:13:01:124 2108 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
04:13:01:151 2108 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
04:13:01:171 2108 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
04:13:01:199 2108 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
04:13:01:218 2108 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
04:13:01:265 2108 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
04:13:01:304 2108 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
04:13:01:538 2108 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
04:13:01:943 2108 atikmdag (bba1ad77969fb1a471da1c0b2c600ae5) C:\Windows\system32\DRIVERS\atikmdag.sys
04:13:02:131 2108 ATSWPDRV (293e8cc3c246a89f4cca75b024ad757f) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
04:13:02:163 2108 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
04:13:02:186 2108 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
04:13:02:211 2108 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
04:13:02:234 2108 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
04:13:02:252 2108 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
04:13:02:270 2108 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
04:13:02:290 2108 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
04:13:02:310 2108 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
04:13:02:344 2108 BthEnum (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
04:13:02:376 2108 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
04:13:02:732 2108 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
04:13:02:791 2108 BTHPORT (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
04:13:02:826 2108 BTHUSB (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
04:13:02:862 2108 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
04:13:02:875 2108 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
04:13:02:899 2108 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
04:13:02:933 2108 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
04:13:03:230 2108 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
04:13:03:287 2108 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
04:13:03:298 2108 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
04:13:03:317 2108 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
04:13:03:350 2108 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
04:13:03:439 2108 CSC (ee95a5f89766f199557e5900ce6b2d7d) C:\Windows\system32\drivers\csc.sys
04:13:03:482 2108 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
04:13:03:502 2108 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
04:13:03:880 2108 Dot4 (57b2d433a08b95e4f1b53a919937f3e5) C:\Windows\system32\DRIVERS\Dot4.sys
04:13:03:931 2108 Dot4Print (d93fa484bb62fbe7e5ef335c5415d3cf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
04:13:03:968 2108 dot4usb (599742c4260fb3e8edb3be148b8ce856) C:\Windows\system32\DRIVERS\dot4usb.sys
04:13:03:985 2108 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
04:13:04:076 2108 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
04:13:04:623 2108 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
04:13:04:655 2108 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
04:13:04:699 2108 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
04:13:04:747 2108 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
04:13:04:930 2108 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
04:13:05:155 2108 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
04:13:05:316 2108 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
04:13:05:706 2108 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
04:13:05:737 2108 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
04:13:05:829 2108 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
04:13:05:889 2108 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
04:13:05:932 2108 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
04:13:06:058 2108 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
04:13:06:205 2108 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
04:13:06:279 2108 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:13:06:317 2108 HECI (66fed3eeabdce17829edf4c68702ed22) C:\Windows\system32\DRIVERS\HECI.sys
04:13:06:377 2108 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
04:13:06:410 2108 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
04:13:06:434 2108 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
04:13:06:455 2108 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
04:13:06:494 2108 hpdskflt (a27494a9325c0d06c89cf47f25da8c46) C:\Windows\system32\DRIVERS\hpdskflt.sys
04:13:06:777 2108 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
04:13:06:877 2108 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
04:13:06:922 2108 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
04:13:07:068 2108 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
04:13:07:187 2108 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
04:13:07:343 2108 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
04:13:07:441 2108 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys
04:13:07:574 2108 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
04:13:07:656 2108 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
04:13:07:712 2108 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys
04:13:07:738 2108 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
04:13:07:769 2108 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:13:07:834 2108 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
04:13:07:866 2108 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
04:13:07:898 2108 irda (f11a90fb3f44f37ad10a4893bb690065) C:\Windows\system32\DRIVERS\irda.sys
04:13:07:909 2108 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
04:13:07:933 2108 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
04:13:07:963 2108 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
04:13:07:983 2108 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
04:13:08:060 2108 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
04:13:08:103 2108 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
04:13:08:169 2108 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
04:13:08:194 2108 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\Windows\system32\drivers\klmd.sys
04:13:08:243 2108 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
04:13:08:264 2108 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
04:13:08:287 2108 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
04:13:08:310 2108 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
04:13:08:329 2108 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
04:13:08:359 2108 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
04:13:08:386 2108 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
04:13:08:434 2108 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
04:13:08:466 2108 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
04:13:08:494 2108 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
04:13:08:540 2108 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
04:13:08:594 2108 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
04:13:08:617 2108 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
04:13:08:643 2108 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
04:13:08:710 2108 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
04:13:08:742 2108 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
04:13:08:783 2108 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
04:13:08:835 2108 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:13:08:890 2108 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:13:08:902 2108 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:13:08:945 2108 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
04:13:08:978 2108 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
04:13:09:011 2108 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
04:13:09:046 2108 msisadrv (2c3f1983cd3629573cb9e9658247847a) C:\Windows\system32\drivers\msisadrv.sys
04:13:09:078 2108 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
04:13:09:101 2108 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
04:13:09:142 2108 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
04:13:09:198 2108 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
04:13:09:252 2108 mssmbios (1f6f7159c75e4b27d138b5225808860f) C:\Windows\system32\DRIVERS\mssmbios.sys
04:13:09:284 2108 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
04:13:09:325 2108 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
04:13:09:364 2108 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
04:13:09:403 2108 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
04:13:09:455 2108 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
04:13:09:491 2108 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
04:13:09:512 2108 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
04:13:09:526 2108 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
04:13:09:560 2108 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
04:13:09:596 2108 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
04:13:09:809 2108 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys
04:13:10:704 2108 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
04:13:10:937 2108 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
04:13:10:969 2108 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
04:13:10:998 2108 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
04:13:11:059 2108 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
04:13:11:106 2108 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
04:13:11:126 2108 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
04:13:11:172 2108 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
04:13:11:241 2108 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
04:13:11:282 2108 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
04:13:11:323 2108 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
04:13:11:343 2108 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
04:13:11:355 2108 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
04:13:11:368 2108 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
04:13:11:400 2108 pci (5bedd5e1416da009c4f24adf8da13773) C:\Windows\system32\drivers\pci.sys
04:13:11:418 2108 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
04:13:11:430 2108 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
04:13:11:465 2108 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
04:13:11:662 2108 PersonalSecureDrive (0d8848fbe1765a3e27b69b5bef6d429f) C:\Windows\System32\drivers\psd.sys
04:13:11:705 2108 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
04:13:11:726 2108 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
04:13:11:769 2108 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
04:13:11:824 2108 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
04:13:11:992 2108 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
04:13:12:029 2108 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
04:13:12:073 2108 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
04:13:12:094 2108 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:13:12:109 2108 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
04:13:12:136 2108 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
04:13:12:156 2108 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:13:12:199 2108 rdpdr (ef06434895394dd13f626df8487ded0d) C:\Windows\system32\DRIVERS\rdpdr.sys
04:13:12:253 2108 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
04:13:12:283 2108 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
04:13:12:311 2108 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
04:13:12:335 2108 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
04:13:12:363 2108 rismc32 (7c21554942bef51cbd84fd7d4e62cb9a) C:\Windows\system32\DRIVERS\rismc32.sys
04:13:12:397 2108 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
04:13:12:409 2108 RsvLock (0de27c94a562d0360fb520c42068cca0) C:\Windows\system32\drivers\RsvLock.sys
04:13:12:430 2108 SafeBoot (4ccee8fcfe54262443bb348adb1f7f52) C:\Windows\system32\drivers\SafeBoot.sys
04:13:12:430 2108 Suspicious file (NoAccess): C:\Windows\system32\drivers\SafeBoot.sys. md5: 4ccee8fcfe54262443bb348adb1f7f52
04:13:12:440 2108 SbAlg (f6367fb350f8e5d3f6dd8040e4c0e33b) C:\Windows\system32\drivers\SbAlg.sys
04:13:12:464 2108 SbFsLock (df4a90b29b878e8cd95a1ac8f94ca954) C:\Windows\system32\drivers\SbFsLock.sys
04:13:12:488 2108 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
04:13:12:524 2108 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
04:13:12:551 2108 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
04:13:12:573 2108 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
04:13:12:590 2108 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
04:13:12:651 2108 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
04:13:12:672 2108 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
04:13:12:749 2108 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
04:13:12:766 2108 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
04:13:12:788 2108 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
04:13:12:811 2108 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
04:13:12:833 2108 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
04:13:12:867 2108 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
04:13:12:889 2108 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
04:13:12:915 2108 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
04:13:12:933 2108 SMSCIRDA (12b62474e707a26d662232c54a4ef322) C:\Windows\system32\DRIVERS\SMSCirda.sys
04:13:12:988 2108 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
04:13:13:047 2108 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
04:13:13:113 2108 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
04:13:13:125 2108 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
04:13:13:159 2108 swenum (92894dd7fdd62af808b1409b73af9c73) C:\Windows\system32\DRIVERS\swenum.sys
04:13:13:187 2108 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
04:13:13:212 2108 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
04:13:13:233 2108 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
04:13:13:265 2108 SynTP (8327106d1c93e9a7b98e63b9fcc24bb7) C:\Windows\system32\DRIVERS\SynTP.sys
04:13:13:347 2108 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
04:13:13:486 2108 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
04:13:13:581 2108 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
04:13:13:618 2108 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
04:13:13:636 2108 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
04:13:13:664 2108 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
04:13:13:723 2108 TermDD (85908da29af0ab835048107ad2ad07d1) C:\Windows\system32\DRIVERS\termdd.sys
04:13:13:759 2108 TPM (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys
04:13:13:869 2108 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:13:13:915 2108 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
04:13:13:929 2108 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
04:13:13:960 2108 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
04:13:14:018 2108 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
04:13:14:074 2108 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
04:13:14:103 2108 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
04:13:14:130 2108 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
04:13:14:158 2108 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
04:13:14:183 2108 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
04:13:14:371 2108 usbccgp (51480458e6e9863f856ebf35aae801b4) C:\Windows\system32\DRIVERS\usbccgp.sys
04:13:14:419 2108 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
04:13:14:453 2108 usbehci (11fa3acbf0de0286829c69e01fe705e4) C:\Windows\system32\DRIVERS\usbehci.sys
04:13:14:526 2108 usbhub (6a7858a38b5105731e219e7c6a238730) C:\Windows\system32\DRIVERS\usbhub.sys
04:13:14:587 2108 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
04:13:14:615 2108 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
04:13:14:652 2108 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
04:13:14:685 2108 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:13:14:776 2108 usbuhci (4013315fed70a2d293b998cbba4022ee) C:\Windows\system32\DRIVERS\usbuhci.sys
04:13:14:807 2108 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
04:13:14:840 2108 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
04:13:14:861 2108 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
04:13:14:878 2108 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
04:13:14:900 2108 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
04:13:14:934 2108 volmgr (d9e9490c960624c416fbde080deeb7fe) C:\Windows\system32\drivers\volmgr.sys
04:13:14:954 2108 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
04:13:15:000 2108 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
04:13:15:037 2108 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
04:13:15:053 2108 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
04:13:15:095 2108 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
04:13:15:102 2108 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
04:13:15:168 2108 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
04:13:15:202 2108 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
04:13:15:267 2108 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
04:13:15:342 2108 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
04:13:15:374 2108 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
04:13:15:399 2108 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:13:15:422 2108 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
04:13:15:426 2108
04:13:15:427 2108 Completed
04:13:15:427 2108
04:13:15:428 2108 Results:
04:13:15:428 2108 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
04:13:15:429 2108 File objects infected / cured / cured on reboot: 0 / 0 / 0
04:13:15:430 2108
04:13:15:434 2108 KLMD(ARK) unloaded successfully

Hope I did some of it correctly!

In any case, thank you so much for your help Ron! Please let me know if there is anything else I need to do (particularly in regards to my mom's computer. Should I also run the same processes on her computer?).

Best regards,

Max

#4
RKinner

Posted 10 July 2010 - 01:42 AM

Malware Expert

Expert
24,624 posts

Combofix takes longer than 10 seconds so it didn't run. Not sure what log you got. Looks like a script. When you downloaded Combofix did you remember to turn off or pause your antivirus? Try downloading it again and this time rename it to george2.exe.

Would not hurt to runt mbam and otl on your mom's computer.

Ron