Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Even More Google Redirect

Started by onesickchick , May 17 2011 08:02 AM

  • This topic is locked This topic is locked

#1
onesickchick
Posted 17 May 2011 - 08:02 AM

onesickchick

    New Member

  • Member
  • Pip
  • 4 posts
Hey guys,

I appear to be the latest victim of these Google redirect issues. Initially I was going to try a system restore but alas, the oldest restore point available was right around the time the issues with redirection started, so I'm going to assume that whatever I have, deleted all my restore points. I've run some virus scans with AVG and McAfee as well as Malwarebytes' Anti-malware. I also tried Hitman Pro 3.5 and that got rid of a lot of nasty stuff hiding in my system too, but the problem still persisted. Rather than attempting to dig around in my computer to try and figure it out myself, I figured I would leave it to the experts. I was typically only getting redirected when using the Google toolbar, and after the virus scans and whatnot I cleared out some junk and the toolbar doesn't seem to redirect me anymore. However, when on the Google homepage and I click one of the links for search results, it either delays and something like "http://cioreasearch.com/" followed by my search topic appears, or I will be directed to a completely unrelated webpage entirely. I'm currently running Windows Vista and my browser is Firefox 4.0.1. Any help with this would be hugely appreciated! Thanks in advance. =)

Here's the OTL log.


OTL logfile created on: 17/05/2011 10:23:04 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Christina\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.98 Gb Total Space | 202.52 Gb Free Space | 70.82% Space Free | Partition Type: NTFS
Drive D: | 12.11 Gb Total Space | 1.94 Gb Free Space | 16.02% Space Free | Partition Type: NTFS

Computer Name: CHRISTINA-PC | User Name: Christina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/17 10:07:42 | 000,515,584 | -HS- | M] () -- c:\Windows\spwizuiwow.exe
PRC - [2011/05/16 17:11:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
PRC - [2011/05/16 13:21:25 | 001,392,640 | ---- | M] () -- C:\Windows\SysWOW64\XpsGdiConverter32.exe
PRC - [2011/05/16 13:21:25 | 001,392,640 | ---- | M] () -- C:\ProgramData\lsmproxy32.exe
PRC - [2011/05/11 00:07:33 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/02 22:33:19 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/08/25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2010/06/01 16:50:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2010/06/01 16:50:00 | 000,140,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2010/06/01 16:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2010/06/01 16:50:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
PRC - [2010/01/15 09:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/10/06 13:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe


========== Modules (SafeList) ==========

MOD - [2011/05/16 17:11:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 12:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/25 21:07:00 | 000,077,968 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/07/14 01:34:04 | 000,946,688 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV:64bit: - [2009/07/12 19:55:02 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV:64bit: - [2009/07/12 19:51:08 | 000,690,688 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV:64bit: - [2008/01/20 23:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/17 20:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2011/05/16 13:21:25 | 001,392,640 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XpsGdiConverter32.exe -- (McAfee SiteAdvisor Service32)
SRV - [2011/02/16 15:49:08 | 000,101,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/08/25 21:07:00 | 000,181,480 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield)
SRV - [2010/08/25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010/08/25 21:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService)
SRV - [2010/06/01 16:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 09:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/03/30 01:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/06 13:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/17 10:07:26 | 000,020,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 21:07:00 | 000,470,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/08/25 21:07:00 | 000,120,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/08/25 21:07:00 | 000,098,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/08/25 21:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2010/08/25 21:07:00 | 000,078,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/30 21:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/01/16 04:58:26 | 000,020,480 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vfilter.sys -- (vflt)
DRV:64bit: - [2008/12/20 04:03:08 | 001,344,000 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/12/11 00:52:00 | 000,012,800 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\virtualnet.sys -- (vnet)
DRV:64bit: - [2008/09/19 21:43:58 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/06/29 11:52:44 | 000,126,976 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/06/10 16:58:48 | 000,170,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/06/05 13:59:50 | 000,264,704 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2008/04/17 15:05:20 | 000,324,656 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/01/20 23:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 23:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/10/31 23:22:50 | 001,481,216 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2007/10/31 23:19:46 | 000,293,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2007/10/31 23:18:32 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/10/17 20:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/10/03 22:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 18:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/06/18 19:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1D C2 4F 13 BF 58 25 4D 97 63 1C DA BA 83 FC FB [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.youtube.com/"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/05/04 12:52:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/16 14:59:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/16 14:59:11 | 000,000,000 | ---D | M]

[2009/10/18 14:51:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christina\AppData\Roaming\Mozilla\Extensions
[2009/10/18 14:51:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christina\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/05/16 16:33:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\qfcs0rwo.default\extensions
[2009/10/20 21:46:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\qfcs0rwo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/16 14:40:29 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\qfcs0rwo.default\extensions\[email protected]
[2011/05/16 14:40:33 | 000,002,568 | ---- | M] () -- C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\qfcs0rwo.default\searchplugins\askcom.xml
[2009/12/02 19:34:14 | 000,001,504 | ---- | M] () -- C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\qfcs0rwo.default\searchplugins\givoogle.xml
[2011/02/21 19:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/25 18:00:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/13 14:50:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/15 11:10:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/21 19:05:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/04 12:52:15 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/05/11 00:07:32 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/08/25 21:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/17 14:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npkimi.dll
[2011/05/11 00:07:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/16 16:22:33 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {0A2918EA-E5B7-48D8-BE6B-DA45A839FFC8} - File not found
O2 - BHO: (no name) - {134FC21D-58BF-4D25-9763-1CDABA83FCFb} - File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [fdwnetwow.exe] File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Plugin Install] C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [spwizuiwow.exe] c:\Windows\spwizuiwow.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [EA Core] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\ProgramData\AuthFWGP32.dll) - C:\ProgramData\AuthFWGP32.dll (Borland Software Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Christina\Pictures\pink_skull_myspace_background_by_Rose_Coloured_Bullet2.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christina\Pictures\pink_skull_myspace_background_by_Rose_Coloured_Bullet2.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/17 10:08:58 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{30E45C4A-B430-418E-8827-F33A4CB165E3}
[2011/05/17 10:07:38 | 000,246,272 | ---- | C] (Borland Software Corporation) -- C:\ProgramData\AuthFWGP32.dll
[2011/05/16 17:11:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
[2011/05/16 16:22:32 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/16 16:20:21 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTM.exe
[2011/05/16 15:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/05/16 15:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/05/16 15:58:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/05/16 14:10:01 | 000,000,000 | ---D | C] -- C:\Users\Christina\FrostWire
[2011/05/16 14:09:48 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
[2011/05/16 14:09:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2011/05/16 14:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QT Lite
[2011/05/16 13:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\1828992860
[2011/05/16 13:31:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2011/05/16 13:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\1083295140
[2011/05/16 13:31:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\83939D568CCE9C15649BC4F6BE0A257C
[2011/05/16 12:15:22 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{9FBF96BA-C401-492D-A18A-E4C56BD9CFAF}
[2011/05/14 22:11:09 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{2C735B74-8C4C-4E75-A9E2-8A8629062F33}
[2011/05/14 14:55:05 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{9599D92E-FFD2-46E1-9BE0-FEE2A45A3A3B}
[2011/05/13 10:40:48 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{F8D100F2-DC91-41ED-B486-7B935135CBA6}
[2011/05/11 14:37:25 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{180B7BB8-BF97-46F3-AD70-6C85FF71126B}
[2011/05/10 22:49:13 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{D286990B-8271-484D-B875-F55B1A156785}
[2011/05/09 17:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/09 17:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/09 17:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/09 17:56:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/05/09 17:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/09 17:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/05/09 17:41:02 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{9913BD52-59EE-44DF-84C3-C42C5FE755B3}
[2011/05/08 22:44:45 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{DE47E771-87AF-4EB6-A30F-BA0C1D9EF793}
[2011/05/06 23:31:37 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{3EEF195A-83E2-4B7C-BACE-CAF4090ED84C}
[2011/05/06 10:25:34 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{27C59F21-CAB5-4105-AAFF-3139566977AA}
[2011/05/04 12:48:11 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{541255FE-8CF7-412E-A4A4-E32C493DFE0F}
[2011/05/02 09:26:06 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{842B12F1-FE49-484F-B9E3-E07AF8F93AAF}
[2011/04/29 07:37:38 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{E12E258A-40CE-47D1-894B-AE1839529C58}
[2011/04/28 18:02:17 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{963D5186-A9AE-44FC-9A76-21B46C80BF0D}
[2011/04/27 22:51:55 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{5215ED02-366D-444B-A600-765A084FFE31}
[2011/04/25 23:44:48 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{085542B9-EB96-4DFC-845A-FDF8195498C2}
[2011/04/25 10:37:26 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{3A812827-06B8-45AD-B0F1-EAD58C56CD59}
[2011/04/24 22:00:09 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{AC4D544F-6AEB-4F25-B918-E5B850938DD4}
[2011/04/24 09:59:23 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{84566CFE-ADA1-449E-95AE-ABC551400163}
[2011/04/22 20:31:34 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{255EC262-3888-4F58-9599-94FD20B12067}
[2011/04/21 12:10:08 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{DE3CDB47-3B5F-4987-BB34-78E0AE693FBC}
[2011/04/20 23:12:30 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{7427F4D6-E9EE-49A6-B9E0-FEAB05559B8A}
[2011/04/19 13:34:37 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{7951C64E-B326-4B7A-9536-D02B1903332B}
[2011/04/18 23:43:16 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{0956A725-9EAD-4A4C-B9EA-F641BAE43293}
[2011/04/17 23:15:45 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{EA4E536F-CBC4-4E79-A563-A78DB2B0843C}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/17 10:16:58 | 000,000,037 | ---- | M] () -- C:\ProgramData\2223a5c4
[2011/05/17 10:08:38 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/05/17 10:07:43 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 10:07:42 | 000,515,584 | -HS- | M] () -- C:\Windows\spwizuiwow.exe
[2011/05/17 10:07:42 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 10:07:38 | 000,246,272 | ---- | M] (Borland Software Corporation) -- C:\ProgramData\AuthFWGP32.dll
[2011/05/17 10:07:38 | 000,000,106 | ---- | M] () -- C:\Windows\SysWow64\135116212
[2011/05/17 10:07:26 | 000,020,040 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/05/17 10:07:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/17 10:07:19 | 4193,456,128 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/16 17:18:47 | 000,000,350 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2011/05/16 17:11:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
[2011/05/16 16:20:31 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTM.exe
[2011/05/16 16:11:10 | 000,001,185 | ---- | M] () -- C:\ProgramData\47831487
[2011/05/16 14:58:59 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/16 14:50:56 | 000,000,144 | -HS- | M] () -- C:\ProgramData\586412691
[2011/05/16 13:31:45 | 000,000,141 | ---- | M] () -- C:\ProgramData\sl1125277697
[2011/05/16 13:31:29 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2011/05/16 13:31:07 | 000,209,408 | ---- | M] () -- C:\Windows\SysWow64\lsmproxy32.exe
[2011/05/16 13:21:25 | 001,392,640 | ---- | M] () -- C:\Windows\SysWow64\XpsGdiConverter32.exe
[2011/05/16 13:21:25 | 001,392,640 | ---- | M] () -- C:\ProgramData\lsmproxy32.exe
[2011/05/09 17:58:37 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/09 00:19:05 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChristina.job
[2011/05/06 13:42:20 | 000,015,872 | ---- | M] () -- C:\Users\Christina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/24 10:02:01 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/17 10:07:56 | 000,515,584 | -HS- | C] () -- C:\Windows\spwizuiwow.exe
[2011/05/16 16:12:04 | 000,000,350 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2011/05/16 15:59:25 | 000,020,040 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/05/16 14:05:59 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/16 13:59:10 | 000,000,037 | ---- | C] () -- C:\ProgramData\2223a5c4
[2011/05/16 13:31:45 | 000,001,185 | ---- | C] () -- C:\ProgramData\47831487
[2011/05/16 13:31:45 | 000,000,141 | ---- | C] () -- C:\ProgramData\sl1125277697
[2011/05/16 13:31:29 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2011/05/16 13:31:29 | 000,000,144 | -HS- | C] () -- C:\ProgramData\586412691
[2011/05/16 13:31:10 | 001,392,640 | ---- | C] () -- C:\ProgramData\lsmproxy32.exe
[2011/05/16 13:31:07 | 001,392,640 | ---- | C] () -- C:\Windows\SysWow64\XpsGdiConverter32.exe
[2011/05/16 13:31:07 | 000,209,408 | ---- | C] () -- C:\Windows\SysWow64\lsmproxy32.exe
[2011/05/16 13:31:07 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\135116212
[2011/05/11 00:07:48 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/09 17:58:37 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/27 11:47:17 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/07/27 11:47:16 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/12/16 19:21:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/03 13:03:16 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 13:02:40 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 13:02:11 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/20 11:49:12 | 000,015,872 | ---- | C] () -- C:\Users\Christina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/12 23:31:08 | 000,001,272 | ---- | C] () -- C:\Users\Christina\AppData\Roaming\wklnhst.dat
[2009/10/26 14:12:31 | 000,005,972 | ---- | C] () -- C:\Users\Christina\AppData\Local\d3d9caps.dat
[2009/10/19 23:28:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/10 05:27:12 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/04/23 20:23:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/07/06 17:20:48 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/01/20 23:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 12:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 09:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 09:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 09:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 06:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[1999/01/22 15:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== LOP Check ==========

[2010/09/05 01:53:06 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\BitTorrent
[2010/11/19 02:10:35 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Dev-Cpp
[2011/05/16 14:38:00 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\FrostWire
[2010/10/18 19:34:07 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\OpenOffice.org
[2009/11/12 23:31:20 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Template
[2011/05/16 17:50:28 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 17 May 2011 - 02:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if this helps

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    c:\Windows\spwizuiwow.exe
    C:\ProgramData\lsmproxy32.exe

    SRV - [2011/05/16 13:21:25 | 001,392,640 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XpsGdiConverter32.exe -- (McAfee SiteAdvisor Service32)
    O2 - BHO: (no name) - {0A2918EA-E5B7-48D8-BE6B-DA45A839FFC8} - File not found
    O2 - BHO: (no name) - {134FC21D-58BF-4D25-9763-1CDABA83FCFb} - File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [fdwnetwow.exe] File not found
    O4 - HKLM..\Run: [spwizuiwow.exe] c:\Windows\spwizuiwow.exe ()
    [2011/05/16 13:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\1828992860
    [2011/05/16 13:31:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
    [2011/05/16 13:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\1083295140
    [2011/05/16 13:31:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\83939D568CCE9C15649BC4F6BE0A257C
    [2011/05/17 10:16:58 | 000,000,037 | ---- | M] () -- C:\ProgramData\2223a5c4
    [2011/05/17 10:07:42 | 000,515,584 | -HS- | M] () -- C:\Windows\spwizuiwow.exe
    [2011/05/17 10:07:38 | 000,000,106 | ---- | M] () -- C:\Windows\SysWow64\135116212
    [2011/05/17 10:07:38 | 000,246,272 | ---- | M] (Borland Software Corporation) -- C:\ProgramData\AuthFWGP32.dll
    [2011/05/17 10:07:38 | 000,000,106 | ---- | M] () -- C:\Windows\SysWow64\135116212
    [2011/05/16 14:50:56 | 000,000,144 | -HS- | M] () -- C:\ProgramData\586412691
    [2011/05/16 13:31:45 | 000,000,141 | ---- | M] () -- C:\ProgramData\sl1125277697
    [2011/05/16 13:31:29 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
    [2011/05/16 13:31:07 | 000,209,408 | ---- | M] () -- C:\Windows\SysWow64\lsmproxy32.exe
    [2011/05/16 13:21:25 | 001,392,640 | ---- | M] () -- C:\Windows\SysWow64\XpsGdiConverter32.exe
    [2011/05/16 13:21:25 | 001,392,640 | ---- | M] () -- C:\ProgramData\lsmproxy32.exe
    [2011/05/16 13:59:10 | 000,000,037 | ---- | C] () -- C:\ProgramData\2223a5c4
    [2011/05/16 13:31:45 | 000,001,185 | ---- | C] () -- C:\ProgramData\47831487
    [2011/05/16 13:31:45 | 000,000,141 | ---- | C] () -- C:\ProgramData\sl1125277697
    [2011/05/16 13:31:29 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
    [2011/05/16 13:31:29 | 000,000,144 | -HS- | C] () -- C:\ProgramData\586412691
    [2011/05/16 13:31:10 | 001,392,640 | ---- | C] () -- C:\ProgramData\lsmproxy32.exe
    [2011/05/16 13:31:07 | 001,392,640 | ---- | C] () -- C:\Windows\SysWow64\XpsGdiConverter32.exe
    [2011/05/16 13:31:07 | 000,209,408 | ---- | C] () -- C:\Windows\SysWow64\lsmproxy32.exe
    [2011/05/16 13:31:07 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\135116212

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
onesickchick
Posted 19 May 2011 - 07:41 PM

onesickchick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hey thanks for taking the time to help, I really appreciate it!

So I ran OTL again with the pasted information, and after the reboot I did the quick scan. Everything worked fine there, but once I downloaded the aswMBR.exe and pressed scan, I immediately got a blue error screen, and the computer rebooted. After several attempts I cannot start a scan at all, I just keep getting confronted with the error. I have the OTL log, but cannot get the other program to scan at all.


OTL logfile created on: 19/05/2011 10:14:27 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Christina\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.98 Gb Total Space | 202.95 Gb Free Space | 70.97% Space Free | Partition Type: NTFS
Drive D: | 12.11 Gb Total Space | 1.94 Gb Free Space | 16.02% Space Free | Partition Type: NTFS

Computer Name: CHRISTINA-PC | User Name: Christina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/16 17:11:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
PRC - [2011/05/11 00:07:33 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/02 22:33:19 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/08/25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2010/06/01 16:50:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2010/06/01 16:50:00 | 000,140,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2010/06/01 16:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2010/06/01 16:50:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
PRC - [2010/01/15 09:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/10/06 13:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe


========== Modules (SafeList) ==========

MOD - [2011/05/16 17:11:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 12:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/25 21:07:00 | 000,077,968 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/07/14 01:34:04 | 000,946,688 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV:64bit: - [2009/07/12 19:55:02 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV:64bit: - [2009/07/12 19:51:08 | 000,690,688 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV:64bit: - [2008/01/20 23:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/17 20:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2011/02/16 15:49:08 | 000,101,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/08/25 21:07:00 | 000,181,480 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield)
SRV - [2010/08/25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010/08/25 21:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService)
SRV - [2010/06/01 16:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 09:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/03/30 01:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/06 13:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/17 10:07:26 | 000,020,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 21:07:00 | 000,470,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/08/25 21:07:00 | 000,120,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/08/25 21:07:00 | 000,098,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/08/25 21:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2010/08/25 21:07:00 | 000,078,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/30 21:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/01/16 04:58:26 | 000,020,480 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vfilter.sys -- (vflt)
DRV:64bit: - [2008/12/20 04:03:08 | 001,344,000 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/12/11 00:52:00 | 000,012,800 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\virtualnet.sys -- (vnet)
DRV:64bit: - [2008/09/19 21:43:58 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/06/29 11:52:44 | 000,126,976 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/06/10 16:58:48 | 000,170,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/06/05 13:59:50 | 000,264,704 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2008/04/17 15:05:20 | 000,324,656 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/01/20 23:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 23:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/10/31 23:22:50 | 001,481,216 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2007/10/31 23:19:46 | 000,293,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2007/10/31 23:18:32 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/10/17 20:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/10/03 22:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 18:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/06/18 19:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1D C2 4F 13 BF 58 25 4D 97 63 1C DA BA 83 FC FB [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.youtube.com/"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/05/19 22:01:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/16 14:59:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/16 14:59:11 | 000,000,000 | ---D | M]

[2009/10/18 14:51:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christina\AppData\Roaming\Mozilla\Extensions
[2009/10/18 14:51:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christina\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/05/17 14:15:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\qfcs0rwo.default\extensions
[2009/10/20 21:46:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\qfcs0rwo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/17 14:15:34 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\qfcs0rwo.default\extensions\{a4a01b52-2429-4db8-8b46-1d66a48eeb77}
[2011/05/16 14:40:29 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\qfcs0rwo.default\extensions\[email protected]
[2011/05/16 14:40:33 | 000,002,568 | ---- | M] () -- C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\qfcs0rwo.default\searchplugins\askcom.xml
[2009/12/02 19:34:14 | 000,001,504 | ---- | M] () -- C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\qfcs0rwo.default\searchplugins\givoogle.xml
[2011/02/21 19:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/25 18:00:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/13 14:50:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/15 11:10:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/21 19:05:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/19 22:01:36 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/05/11 00:07:32 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/08/25 21:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/17 14:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npkimi.dll
[2011/05/11 00:07:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/19 22:06:16 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {0686E051-FCD1-4C73-A1C4-1F4699C6453c} - C:\Windows\SysWOW64\AuthFWGP32.dll (Borland Software Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Plugin Install] C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [EA Core] File not found
O4 - HKCU..\Run: [spwizuiwow.exe] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\ProgramData\AuthFWGP32.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Christina\Pictures\pink_skull_myspace_background_by_Rose_Coloured_Bullet2.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christina\Pictures\pink_skull_myspace_background_by_Rose_Coloured_Bullet2.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/19 22:03:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/19 21:57:25 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{CCB40459-F659-4470-AA96-4415280CF2E9}
[2011/05/17 14:15:28 | 000,417,792 | ---- | C] (Borland Software Corporation) -- C:\Windows\SysWow64\AuthFWGP32.dll
[2011/05/17 10:08:58 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{30E45C4A-B430-418E-8827-F33A4CB165E3}
[2011/05/16 17:11:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
[2011/05/16 16:22:32 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/16 16:20:21 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTM.exe
[2011/05/16 15:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/05/16 15:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/05/16 15:58:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/05/16 14:10:01 | 000,000,000 | ---D | C] -- C:\Users\Christina\FrostWire
[2011/05/16 14:09:48 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
[2011/05/16 14:09:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2011/05/16 14:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QT Lite
[2011/05/16 12:15:22 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{9FBF96BA-C401-492D-A18A-E4C56BD9CFAF}
[2011/05/14 22:11:09 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{2C735B74-8C4C-4E75-A9E2-8A8629062F33}
[2011/05/14 14:55:05 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{9599D92E-FFD2-46E1-9BE0-FEE2A45A3A3B}
[2011/05/13 10:40:48 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{F8D100F2-DC91-41ED-B486-7B935135CBA6}
[2011/05/11 14:37:25 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{180B7BB8-BF97-46F3-AD70-6C85FF71126B}
[2011/05/10 22:49:13 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{D286990B-8271-484D-B875-F55B1A156785}
[2011/05/09 17:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/09 17:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/09 17:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/09 17:56:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/05/09 17:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/09 17:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/05/09 17:41:02 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{9913BD52-59EE-44DF-84C3-C42C5FE755B3}
[2011/05/08 22:44:45 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{DE47E771-87AF-4EB6-A30F-BA0C1D9EF793}
[2011/05/06 23:31:37 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{3EEF195A-83E2-4B7C-BACE-CAF4090ED84C}
[2011/05/06 10:25:34 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{27C59F21-CAB5-4105-AAFF-3139566977AA}
[2011/05/04 12:48:11 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{541255FE-8CF7-412E-A4A4-E32C493DFE0F}
[2011/05/02 09:26:06 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{842B12F1-FE49-484F-B9E3-E07AF8F93AAF}
[2011/04/29 07:37:38 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{E12E258A-40CE-47D1-894B-AE1839529C58}
[2011/04/28 18:02:17 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{963D5186-A9AE-44FC-9A76-21B46C80BF0D}
[2011/04/27 22:51:55 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{5215ED02-366D-444B-A600-765A084FFE31}
[2011/04/25 23:44:48 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{085542B9-EB96-4DFC-845A-FDF8195498C2}
[2011/04/25 10:37:26 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{3A812827-06B8-45AD-B0F1-EAD58C56CD59}
[2011/04/24 22:00:09 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{AC4D544F-6AEB-4F25-B918-E5B850938DD4}
[2011/04/24 09:59:23 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{84566CFE-ADA1-449E-95AE-ABC551400163}
[2011/04/22 20:31:34 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{255EC262-3888-4F58-9599-94FD20B12067}
[2011/04/21 12:10:08 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{DE3CDB47-3B5F-4987-BB34-78E0AE693FBC}
[2011/04/20 23:12:30 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{7427F4D6-E9EE-49A6-B9E0-FEAB05559B8A}

========== Files - Modified Within 30 Days ==========

[2011/05/19 22:11:41 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/05/19 22:09:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/19 22:09:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/19 22:09:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/19 22:09:24 | 4193,456,128 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/17 14:15:28 | 000,417,792 | ---- | M] (Borland Software Corporation) -- C:\Windows\SysWow64\AuthFWGP32.dll
[2011/05/17 10:07:26 | 000,020,040 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/05/16 17:18:47 | 000,000,350 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2011/05/16 17:11:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
[2011/05/16 16:20:31 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTM.exe
[2011/05/16 14:58:59 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/09 17:58:37 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/09 00:19:05 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChristina.job
[2011/05/06 13:42:20 | 000,015,872 | ---- | M] () -- C:\Users\Christina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/24 10:02:01 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011/05/16 16:12:04 | 000,000,350 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2011/05/16 15:59:25 | 000,020,040 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/05/16 14:05:59 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/11 00:07:48 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/09 17:58:37 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/27 11:47:17 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/07/27 11:47:16 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/12/16 19:21:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/03 13:03:16 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 13:02:40 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 13:02:11 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/20 11:49:12 | 000,015,872 | ---- | C] () -- C:\Users\Christina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/12 23:31:08 | 000,001,272 | ---- | C] () -- C:\Users\Christina\AppData\Roaming\wklnhst.dat
[2009/10/26 14:12:31 | 000,005,972 | ---- | C] () -- C:\Users\Christina\AppData\Local\d3d9caps.dat
[2009/10/19 23:28:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/10 05:27:12 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/04/23 20:23:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/07/06 17:20:48 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/01/20 23:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 12:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 09:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 09:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 09:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 06:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[1999/01/22 15:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== LOP Check ==========

[2010/09/05 01:53:06 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\BitTorrent
[2010/11/19 02:10:35 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Dev-Cpp
[2011/05/16 14:38:00 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\FrostWire
[2010/10/18 19:34:07 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\OpenOffice.org
[2009/11/12 23:31:20 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Template
[2011/05/19 22:08:42 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#4
Essexboy
Posted 20 May 2011 - 11:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try a diffferent programme

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/05/17 14:15:34 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\qfcs0rwo.default\extensions\{a4a01b52-2429-4db8-8b46-1d66a48eeb77}
    O2 - BHO: (no name) - {0686E051-FCD1-4C73-A1C4-1F4699C6453c} - C:\Windows\SysWOW64\AuthFWGP32.dll (Borland Software Corporation)
    O4 - HKCU..\Run: [spwizuiwow.exe] File not found
    O20 - AppInit_DLLs: (C:\ProgramData\AuthFWGP32.dll) - File not found
    [2011/05/17 14:15:28 | 000,417,792 | ---- | C] (Borland Software Corporation) -- C:\Windows\SysWow64\AuthFWGP32.dll

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#5
onesickchick
Posted 21 May 2011 - 08:44 PM

onesickchick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OTL logfile created on: 21/05/2011 11:25:41 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Christina\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 48.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.98 Gb Total Space | 203.30 Gb Free Space | 71.09% Space Free | Partition Type: NTFS
Drive D: | 12.11 Gb Total Space | 1.94 Gb Free Space | 16.02% Space Free | Partition Type: NTFS

Computer Name: CHRISTINA-PC | User Name: Christina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/16 17:11:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
PRC - [2011/05/11 00:07:33 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/02 22:33:19 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/08/25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2010/06/01 16:50:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2010/06/01 16:50:00 | 000,140,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2010/06/01 16:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2010/06/01 16:50:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
PRC - [2010/01/15 09:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/10/06 13:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe


========== Modules (SafeList) ==========

MOD - [2011/05/16 17:11:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 12:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/25 21:07:00 | 000,077,968 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/07/14 01:34:04 | 000,946,688 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV:64bit: - [2009/07/12 19:55:02 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV:64bit: - [2009/07/12 19:51:08 | 000,690,688 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV:64bit: - [2008/01/20 23:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/17 20:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2011/02/16 15:49:08 | 000,101,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/08/25 21:07:00 | 000,181,480 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield)
SRV - [2010/08/25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010/08/25 21:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService)
SRV - [2010/06/01 16:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 09:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/03/30 01:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/06 13:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/17 10:07:26 | 000,020,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 21:07:00 | 000,470,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/08/25 21:07:00 | 000,120,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/08/25 21:07:00 | 000,098,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/08/25 21:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2010/08/25 21:07:00 | 000,078,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/30 21:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/01/16 04:58:26 | 000,020,480 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vfilter.sys -- (vflt)
DRV:64bit: - [2008/12/20 04:03:08 | 001,344,000 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/12/11 00:52:00 | 000,012,800 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\virtualnet.sys -- (vnet)
DRV:64bit: - [2008/09/19 21:43:58 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/06/29 11:52:44 | 000,126,976 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/06/10 16:58:48 | 000,170,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/06/05 13:59:50 | 000,264,704 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2008/04/17 15:05:20 | 000,324,656 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/01/20 23:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 23:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/10/31 23:22:50 | 001,481,216 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2007/10/31 23:19:46 | 000,293,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2007/10/31 23:18:32 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/10/17 20:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/10/03 22:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 18:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/06/18 19:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1D C2 4F 13 BF 58 25 4D 97 63 1C DA BA 83 FC FB [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.youtube.com/"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/05/19 22:01:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/16 14:59:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/16 14:59:11 | 000,000,000 | ---D | M]

[2009/10/18 14:51:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christina\AppData\Roaming\Mozilla\Extensions
[2009/10/18 14:51:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christina\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/05/21 23:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\qfcs0rwo.default\extensions
[2009/10/20 21:46:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\qfcs0rwo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/16 14:40:29 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\qfcs0rwo.default\extensions\[email protected]
[2011/05/16 14:40:33 | 000,002,568 | ---- | M] () -- C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\qfcs0rwo.default\searchplugins\askcom.xml
[2009/12/02 19:34:14 | 000,001,504 | ---- | M] () -- C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\qfcs0rwo.default\searchplugins\givoogle.xml
[2011/02/21 19:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/25 18:00:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/13 14:50:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/15 11:10:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/21 19:05:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/19 22:01:36 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/05/11 00:07:32 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/08/25 21:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/17 14:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npkimi.dll
[2011/05/11 00:07:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/21 23:18:24 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Plugin Install] C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [EA Core] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Christina\Pictures\pink_skull_myspace_background_by_Rose_Coloured_Bullet2.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christina\Pictures\pink_skull_myspace_background_by_Rose_Coloured_Bullet2.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/21 23:08:43 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{CFEA8037-38CE-4F20-9E30-548559139C24}
[2011/05/20 11:24:30 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{3695974C-C591-417D-8926-EE49746731FA}
[2011/05/19 22:26:42 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Christina\Desktop\aswMBR.exe
[2011/05/19 22:03:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/19 21:57:25 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{CCB40459-F659-4470-AA96-4415280CF2E9}
[2011/05/17 10:08:58 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{30E45C4A-B430-418E-8827-F33A4CB165E3}
[2011/05/16 17:11:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
[2011/05/16 16:22:32 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/16 16:20:21 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTM.exe
[2011/05/16 15:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/05/16 15:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/05/16 15:58:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/05/16 14:10:01 | 000,000,000 | ---D | C] -- C:\Users\Christina\FrostWire
[2011/05/16 14:09:48 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
[2011/05/16 14:09:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2011/05/16 14:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QT Lite
[2011/05/16 12:15:22 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{9FBF96BA-C401-492D-A18A-E4C56BD9CFAF}
[2011/05/14 22:11:09 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{2C735B74-8C4C-4E75-A9E2-8A8629062F33}
[2011/05/14 14:55:05 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{9599D92E-FFD2-46E1-9BE0-FEE2A45A3A3B}
[2011/05/13 10:40:48 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{F8D100F2-DC91-41ED-B486-7B935135CBA6}
[2011/05/11 14:37:25 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{180B7BB8-BF97-46F3-AD70-6C85FF71126B}
[2011/05/10 22:49:13 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{D286990B-8271-484D-B875-F55B1A156785}
[2011/05/09 17:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/09 17:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/09 17:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/09 17:56:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/05/09 17:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/09 17:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/05/09 17:41:02 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{9913BD52-59EE-44DF-84C3-C42C5FE755B3}
[2011/05/08 22:44:45 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{DE47E771-87AF-4EB6-A30F-BA0C1D9EF793}
[2011/05/06 23:31:37 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{3EEF195A-83E2-4B7C-BACE-CAF4090ED84C}
[2011/05/06 10:25:34 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{27C59F21-CAB5-4105-AAFF-3139566977AA}
[2011/05/04 12:48:11 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{541255FE-8CF7-412E-A4A4-E32C493DFE0F}
[2011/05/02 09:26:06 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{842B12F1-FE49-484F-B9E3-E07AF8F93AAF}
[2011/04/29 07:37:38 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{E12E258A-40CE-47D1-894B-AE1839529C58}
[2011/04/28 18:02:17 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{963D5186-A9AE-44FC-9A76-21B46C80BF0D}
[2011/04/27 22:51:55 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{5215ED02-366D-444B-A600-765A084FFE31}
[2011/04/25 23:44:48 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{085542B9-EB96-4DFC-845A-FDF8195498C2}
[2011/04/25 10:37:26 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{3A812827-06B8-45AD-B0F1-EAD58C56CD59}
[2011/04/24 22:00:09 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{AC4D544F-6AEB-4F25-B918-E5B850938DD4}
[2011/04/24 09:59:23 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{84566CFE-ADA1-449E-95AE-ABC551400163}
[2011/04/22 20:31:34 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{255EC262-3888-4F58-9599-94FD20B12067}

========== Files - Modified Within 30 Days ==========

[2011/05/21 23:22:10 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/05/21 23:20:58 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/21 23:20:57 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/21 23:20:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/21 23:20:37 | 4193,456,128 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/19 22:34:02 | 413,299,006 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/19 22:26:45 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Christina\Desktop\aswMBR.exe
[2011/05/17 10:07:26 | 000,020,040 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/05/16 17:18:47 | 000,000,350 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2011/05/16 17:11:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
[2011/05/16 16:20:31 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTM.exe
[2011/05/16 14:58:59 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/09 17:58:37 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/09 00:19:05 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChristina.job
[2011/05/06 13:42:20 | 000,015,872 | ---- | M] () -- C:\Users\Christina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/24 10:02:01 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011/05/16 16:12:04 | 000,000,350 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2011/05/16 15:59:25 | 000,020,040 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/05/16 14:05:59 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/11 00:07:48 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/09 17:58:37 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/27 11:47:17 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/07/27 11:47:16 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/12/16 19:21:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/03 13:03:16 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 13:02:40 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 13:02:11 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/20 11:49:12 | 000,015,872 | ---- | C] () -- C:\Users\Christina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/12 23:31:08 | 000,001,272 | ---- | C] () -- C:\Users\Christina\AppData\Roaming\wklnhst.dat
[2009/10/26 14:12:31 | 000,005,972 | ---- | C] () -- C:\Users\Christina\AppData\Local\d3d9caps.dat
[2009/10/19 23:28:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/10 05:27:12 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/04/23 20:23:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/07/06 17:20:48 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/01/20 23:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 12:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 09:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 09:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 09:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 06:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[1999/01/22 15:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== LOP Check ==========

[2010/09/05 01:53:06 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\BitTorrent
[2010/11/19 02:10:35 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Dev-Cpp
[2011/05/16 14:38:00 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\FrostWire
[2010/10/18 19:34:07 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\OpenOffice.org
[2009/11/12 23:31:20 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Template
[2011/05/21 23:19:56 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >





TDSS Report:


2011/05/21 23:41:06.0075 4868 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/21 23:41:06.0920 4868 ================================================================================
2011/05/21 23:41:06.0921 4868 SystemInfo:
2011/05/21 23:41:06.0921 4868
2011/05/21 23:41:06.0921 4868 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/21 23:41:06.0921 4868 Product type: Workstation
2011/05/21 23:41:06.0921 4868 ComputerName: CHRISTINA-PC
2011/05/21 23:41:06.0921 4868 UserName: Christina
2011/05/21 23:41:06.0922 4868 Windows directory: C:\Windows
2011/05/21 23:41:06.0922 4868 System windows directory: C:\Windows
2011/05/21 23:41:06.0922 4868 Running under WOW64
2011/05/21 23:41:06.0922 4868 Processor architecture: Intel x64
2011/05/21 23:41:06.0922 4868 Number of processors: 2
2011/05/21 23:41:06.0922 4868 Page size: 0x1000
2011/05/21 23:41:06.0922 4868 Boot type: Normal boot
2011/05/21 23:41:06.0922 4868 ================================================================================
2011/05/21 23:41:07.0473 4868 Initialize success
2011/05/21 23:41:18.0495 4428 ================================================================================
2011/05/21 23:41:18.0495 4428 Scan started
2011/05/21 23:41:18.0495 4428 Mode: Manual;
2011/05/21 23:41:18.0495 4428 ================================================================================
2011/05/21 23:41:19.0593 4428 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/05/21 23:41:19.0694 4428 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/05/21 23:41:19.0797 4428 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/05/21 23:41:19.0841 4428 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/05/21 23:41:19.0913 4428 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/05/21 23:41:20.0015 4428 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2011/05/21 23:41:20.0188 4428 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/05/21 23:41:20.0258 4428 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/05/21 23:41:20.0342 4428 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
2011/05/21 23:41:20.0467 4428 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
2011/05/21 23:41:20.0580 4428 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/05/21 23:41:20.0681 4428 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/05/21 23:41:20.0719 4428 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/05/21 23:41:20.0777 4428 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/21 23:41:20.0839 4428 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/05/21 23:41:20.0936 4428 athr (90524c76a8f32f656cf73af0509f693a) C:\Windows\system32\DRIVERS\athrx.sys
2011/05/21 23:41:21.0293 4428 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/05/21 23:41:21.0442 4428 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/21 23:41:21.0596 4428 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/21 23:41:21.0671 4428 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/05/21 23:41:21.0753 4428 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/05/21 23:41:21.0805 4428 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/05/21 23:41:21.0871 4428 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/21 23:41:21.0908 4428 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/05/21 23:41:21.0980 4428 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/05/21 23:41:22.0108 4428 CAXHWAZL (942bd3cb0933febd194b42d4e489c246) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
2011/05/21 23:41:22.0244 4428 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/21 23:41:22.0319 4428 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/21 23:41:22.0394 4428 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/05/21 23:41:22.0470 4428 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/05/21 23:41:22.0578 4428 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/21 23:41:22.0609 4428 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
2011/05/21 23:41:22.0766 4428 CnxtHdAudService (09699dc18521bcd82a7b39b187ba4c91) C:\Windows\system32\drivers\CHDRT64.sys
2011/05/21 23:41:22.0915 4428 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/21 23:41:22.0971 4428 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/21 23:41:23.0052 4428 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2011/05/21 23:41:23.0132 4428 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/05/21 23:41:23.0232 4428 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/05/21 23:41:23.0385 4428 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/21 23:41:23.0555 4428 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/05/21 23:41:23.0719 4428 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/05/21 23:41:23.0799 4428 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/05/21 23:41:23.0882 4428 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/05/21 23:41:23.0972 4428 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/05/21 23:41:24.0040 4428 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/05/21 23:41:24.0086 4428 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/21 23:41:24.0153 4428 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/05/21 23:41:24.0192 4428 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/05/21 23:41:24.0243 4428 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/21 23:41:24.0299 4428 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/05/21 23:41:24.0456 4428 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/21 23:41:24.0492 4428 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/21 23:41:24.0563 4428 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/21 23:41:24.0780 4428 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/05/21 23:41:24.0878 4428 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/21 23:41:25.0002 4428 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/05/21 23:41:25.0058 4428 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/05/21 23:41:25.0107 4428 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/21 23:41:25.0208 4428 hitmanpro35 (f0269e9f841c4e39ebbb366531b8290f) C:\Windows\system32\drivers\hitmanpro35.sys
2011/05/21 23:41:25.0363 4428 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/05/21 23:41:25.0437 4428 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/05/21 23:41:25.0609 4428 HSF_DPV (dda869537ae9ce501954cb7793134d96) C:\Windows\system32\DRIVERS\CAX_DPV.sys
2011/05/21 23:41:25.0988 4428 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/05/21 23:41:26.0078 4428 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/05/21 23:41:26.0154 4428 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/21 23:41:26.0213 4428 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/05/21 23:41:26.0590 4428 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/05/21 23:41:26.0912 4428 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/05/21 23:41:27.0019 4428 IntcHdmiAddService (bd37227c07179b1040a8896b9c0c146b) C:\Windows\system32\drivers\IntcHdmi.sys
2011/05/21 23:41:27.0171 4428 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
2011/05/21 23:41:27.0308 4428 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/21 23:41:27.0385 4428 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/21 23:41:27.0505 4428 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/21 23:41:27.0582 4428 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/21 23:41:27.0667 4428 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/05/21 23:41:27.0721 4428 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/05/21 23:41:27.0873 4428 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/21 23:41:27.0915 4428 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/05/21 23:41:27.0980 4428 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/05/21 23:41:28.0020 4428 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/21 23:41:28.0062 4428 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/21 23:41:28.0144 4428 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/21 23:41:28.0226 4428 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/05/21 23:41:28.0358 4428 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/21 23:41:28.0439 4428 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/21 23:41:28.0488 4428 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/21 23:41:28.0552 4428 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/21 23:41:28.0598 4428 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/05/21 23:41:28.0944 4428 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/21 23:41:29.0097 4428 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/05/21 23:41:29.0201 4428 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/05/21 23:41:29.0292 4428 mfeapfk (07795c10658fa4350d222c7ef9077798) C:\Windows\system32\drivers\mfeapfk.sys
2011/05/21 23:41:29.0454 4428 mfeavfk (3825f334915733b85eed24f0640fadae) C:\Windows\system32\drivers\mfeavfk.sys
2011/05/21 23:41:29.0595 4428 mfehidk (6fe6964a4b4797eb6ef253e0de8d64e4) C:\Windows\system32\drivers\mfehidk.sys
2011/05/21 23:41:29.0757 4428 mferkdet (5f21288266b9b51a61272b192365e87c) C:\Windows\system32\drivers\mferkdet.sys
2011/05/21 23:41:29.0908 4428 mfetdik (b6170fad509317a963be6d4c2e104d2f) C:\Windows\system32\drivers\mfetdik.sys
2011/05/21 23:41:30.0045 4428 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/05/21 23:41:30.0085 4428 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/21 23:41:30.0136 4428 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/21 23:41:30.0195 4428 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/21 23:41:30.0256 4428 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/05/21 23:41:30.0331 4428 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/05/21 23:41:30.0391 4428 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/21 23:41:30.0441 4428 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/21 23:41:30.0506 4428 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/05/21 23:41:30.0575 4428 mrxsmb (dc434b4769e18da09ce1b7755d4c64e9) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/21 23:41:30.0722 4428 mrxsmb10 (64713fcfe3de8881d62f8f3f2f794241) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/21 23:41:30.0839 4428 mrxsmb20 (0005c599a2abf767a815afcd32e523e3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/21 23:41:31.0001 4428 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
2011/05/21 23:41:31.0064 4428 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/05/21 23:41:31.0141 4428 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/05/21 23:41:31.0215 4428 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/05/21 23:41:31.0315 4428 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/21 23:41:31.0359 4428 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/21 23:41:31.0407 4428 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/05/21 23:41:31.0473 4428 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/05/21 23:41:31.0531 4428 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/21 23:41:31.0596 4428 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/05/21 23:41:31.0688 4428 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/05/21 23:41:31.0767 4428 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/21 23:41:31.0883 4428 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/05/21 23:41:31.0993 4428 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/21 23:41:32.0033 4428 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/21 23:41:32.0106 4428 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/21 23:41:32.0169 4428 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/05/21 23:41:32.0236 4428 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/21 23:41:32.0343 4428 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/21 23:41:32.0555 4428 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
2011/05/21 23:41:32.0740 4428 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/05/21 23:41:32.0804 4428 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/05/21 23:41:32.0859 4428 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/21 23:41:32.0972 4428 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/05/21 23:41:33.0058 4428 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/05/21 23:41:33.0099 4428 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/05/21 23:41:33.0144 4428 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/05/21 23:41:33.0190 4428 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/05/21 23:41:33.0357 4428 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/21 23:41:33.0453 4428 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/05/21 23:41:33.0518 4428 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/05/21 23:41:33.0593 4428 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/05/21 23:41:33.0646 4428 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys
2011/05/21 23:41:33.0770 4428 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/05/21 23:41:33.0835 4428 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/05/21 23:41:34.0124 4428 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/21 23:41:34.0182 4428 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/05/21 23:41:34.0257 4428 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/21 23:41:34.0333 4428 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/05/21 23:41:34.0455 4428 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/05/21 23:41:34.0509 4428 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/21 23:41:34.0552 4428 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/21 23:41:34.0651 4428 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/21 23:41:34.0728 4428 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/21 23:41:34.0793 4428 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/21 23:41:34.0863 4428 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/21 23:41:35.0026 4428 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/21 23:41:35.0106 4428 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/05/21 23:41:35.0164 4428 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/21 23:41:35.0237 4428 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/05/21 23:41:35.0399 4428 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/21 23:41:35.0473 4428 RTL8169 (f49d8df8895d809cb0a4deb44113de6f) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/05/21 23:41:35.0602 4428 RTSTOR (aa3987386cf7d9005c42bc974634bd56) C:\Windows\system32\drivers\RTSTOR64.SYS
2011/05/21 23:41:35.0735 4428 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/05/21 23:41:35.0823 4428 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/21 23:41:35.0893 4428 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/21 23:41:35.0956 4428 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/05/21 23:41:36.0003 4428 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/05/21 23:41:36.0049 4428 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/05/21 23:41:36.0141 4428 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/05/21 23:41:36.0191 4428 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/21 23:41:36.0233 4428 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/21 23:41:36.0273 4428 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/05/21 23:41:36.0346 4428 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/05/21 23:41:36.0387 4428 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/05/21 23:41:36.0467 4428 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/05/21 23:41:36.0582 4428 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/05/21 23:41:36.0729 4428 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/05/21 23:41:36.0938 4428 srv2 (fa36d119249bf27bc4c0079734e1f33b) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/21 23:41:37.0070 4428 srvnet (cfe7bc92d52c7e79427545909a0182f8) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/21 23:41:37.0218 4428 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/21 23:41:37.0293 4428 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/05/21 23:41:37.0367 4428 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/05/21 23:41:37.0409 4428 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/05/21 23:41:37.0464 4428 SynTP (e33b57c4aa60288e9971277d88ce9b67) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/21 23:41:37.0666 4428 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/05/21 23:41:38.0046 4428 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/21 23:41:38.0118 4428 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/21 23:41:38.0191 4428 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/05/21 23:41:38.0239 4428 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/05/21 23:41:38.0307 4428 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/21 23:41:38.0388 4428 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/21 23:41:38.0534 4428 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/21 23:41:38.0600 4428 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/21 23:41:38.0686 4428 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/21 23:41:38.0742 4428 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/05/21 23:41:38.0824 4428 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/21 23:41:38.0926 4428 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/21 23:41:38.0983 4428 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/05/21 23:41:39.0032 4428 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/05/21 23:41:39.0136 4428 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/05/21 23:41:39.0190 4428 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/21 23:41:39.0278 4428 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/05/21 23:41:39.0416 4428 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/21 23:41:39.0479 4428 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/05/21 23:41:39.0553 4428 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/21 23:41:39.0617 4428 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/21 23:41:39.0671 4428 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/05/21 23:41:39.0726 4428 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/21 23:41:39.0783 4428 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/21 23:41:39.0840 4428 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/21 23:41:39.0952 4428 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/21 23:41:40.0057 4428 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/21 23:41:40.0180 4428 vflt (2da25f77572027c23a61fa62b84d38a6) C:\Windows\system32\DRIVERS\vfilter.sys
2011/05/21 23:41:40.0318 4428 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/21 23:41:40.0375 4428 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/05/21 23:41:40.0443 4428 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
2011/05/21 23:41:40.0575 4428 vnet (6d0f66a820205dc6cbaaefcc5790031d) C:\Windows\system32\DRIVERS\virtualnet.sys
2011/05/21 23:41:40.0706 4428 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/05/21 23:41:40.0790 4428 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/05/21 23:41:40.0868 4428 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/05/21 23:41:40.0918 4428 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/05/21 23:41:41.0007 4428 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/05/21 23:41:41.0070 4428 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/21 23:41:41.0098 4428 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/21 23:41:41.0166 4428 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/05/21 23:41:41.0231 4428 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/21 23:41:41.0424 4428 winachsf (590812dd01a4fe83c6e92fdb701e59a6) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
2011/05/21 23:41:41.0725 4428 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/21 23:41:41.0852 4428 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/21 23:41:41.0939 4428 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/21 23:41:42.0059 4428 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/21 23:41:42.0169 4428 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
2011/05/21 23:41:42.0345 4428 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
2011/05/21 23:41:42.0477 4428 ================================================================================
2011/05/21 23:41:42.0477 4428 Scan finished
2011/05/21 23:41:42.0477 4428 ================================================================================
  • 0

#6
Essexboy
Posted 22 May 2011 - 05:19 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you still getting the redirects ?.

Download ComboFix from one of these locations:


Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
onesickchick
Posted 23 May 2011 - 05:53 PM

onesickchick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
After the TDSSKiller and such the other day I still had some redirects. But today is the first time I've used the system since, and after I turned the system on today the redirects seem to have stopped. I've searched about 60 different things just to test it out and I haven't had a single redirect so I think we might have got rid of whatever was hiding in there. I ran the Combofix anyway just to be safe.



ComboFix 11-05-23.02 - Christina 23/05/2011 19:33:27.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3998.2388 [GMT -3:00]
Running from: c:\users\Christina\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-23 to 2011-05-23 )))))))))))))))))))))))))))))))
.
.
2011-05-23 23:23 . 2011-05-23 23:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-23 23:23 . 2011-05-23 23:23 -------- d-----w- c:\users\Christina\AppData\Local\temp
2011-05-23 22:01 . 2011-05-23 22:01 -------- d-----w- c:\users\Christina\AppData\Local\{39FBB098-391D-4B28-B858-1A48CF19E1DA}
2011-05-22 02:16 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95D9199B-2891-4D1C-8315-7193B3FEEA55}\mpengine.dll
2011-05-22 02:08 . 2011-05-22 02:08 -------- d-----w- c:\users\Christina\AppData\Local\{CFEA8037-38CE-4F20-9E30-548559139C24}
2011-05-20 14:24 . 2011-05-20 14:24 -------- d-----w- c:\users\Christina\AppData\Local\{3695974C-C591-417D-8926-EE49746731FA}
2011-05-20 01:03 . 2011-05-20 01:03 -------- d-----w- C:\_OTL
2011-05-20 00:57 . 2011-05-20 00:57 -------- d-----w- c:\users\Christina\AppData\Local\{CCB40459-F659-4470-AA96-4415280CF2E9}
2011-05-17 13:08 . 2011-05-17 13:09 -------- d-----w- c:\users\Christina\AppData\Local\{30E45C4A-B430-418E-8827-F33A4CB165E3}
2011-05-16 19:22 . 2011-05-16 19:22 -------- d-----w- C:\_OTM
2011-05-16 18:59 . 2011-05-17 13:07 20040 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-16 18:59 . 2011-05-16 18:59 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-05-16 18:58 . 2011-05-16 19:11 -------- d-----w- c:\programdata\Hitman Pro
2011-05-16 17:59 . 2011-05-16 17:59 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2011-05-16 17:59 . 2011-05-16 17:59 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2011-05-16 17:59 . 2011-05-16 17:59 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2011-05-16 17:10 . 2011-05-16 17:11 -------- d-----w- c:\users\Christina\FrostWire
2011-05-16 17:09 . 2011-05-16 17:09 -------- d-----w- c:\program files (x86)\Ask.com
2011-05-16 17:04 . 2011-05-16 17:05 -------- d-----w- c:\program files (x86)\QT Lite
2011-05-16 15:15 . 2011-05-16 15:15 -------- d-----w- c:\users\Christina\AppData\Local\{9FBF96BA-C401-492D-A18A-E4C56BD9CFAF}
2011-05-15 01:11 . 2011-05-15 01:11 -------- d-----w- c:\users\Christina\AppData\Local\{2C735B74-8C4C-4E75-A9E2-8A8629062F33}
2011-05-14 17:55 . 2011-05-14 17:55 -------- d-----w- c:\users\Christina\AppData\Local\{9599D92E-FFD2-46E1-9BE0-FEE2A45A3A3B}
2011-05-13 13:40 . 2011-05-13 13:42 -------- d-----w- c:\users\Christina\AppData\Local\{F8D100F2-DC91-41ED-B486-7B935135CBA6}
2011-05-11 17:37 . 2011-05-11 17:37 -------- d-----w- c:\users\Christina\AppData\Local\{180B7BB8-BF97-46F3-AD70-6C85FF71126B}
2011-05-11 03:07 . 2011-05-11 03:07 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-11 03:07 . 2011-05-11 03:07 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-11 03:07 . 2011-05-11 03:07 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-11 03:07 . 2011-05-11 03:07 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-11 03:07 . 2011-05-11 03:07 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-11 03:07 . 2011-05-11 03:07 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-11 03:07 . 2011-05-11 03:07 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-11 03:07 . 2011-05-11 03:07 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-11 02:01 . 2011-04-07 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-11 02:01 . 2011-04-07 12:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-05-11 01:49 . 2011-05-11 01:49 -------- d-----w- c:\users\Christina\AppData\Local\{D286990B-8271-484D-B875-F55B1A156785}
2011-05-09 20:56 . 2011-05-09 20:56 -------- d-----w- c:\program files\iPod
2011-05-09 20:56 . 2011-05-09 20:58 -------- d-----w- c:\program files\iTunes
2011-05-09 20:56 . 2011-05-09 20:58 -------- d-----w- c:\program files (x86)\iTunes
2011-05-09 20:52 . 2011-05-09 20:52 -------- d-----w- c:\program files\Bonjour
2011-05-09 20:52 . 2011-05-09 20:52 -------- d-----w- c:\program files (x86)\Bonjour
2011-05-09 20:41 . 2011-05-09 20:41 -------- d-----w- c:\users\Christina\AppData\Local\{9913BD52-59EE-44DF-84C3-C42C5FE755B3}
2011-05-09 01:44 . 2011-05-09 01:44 -------- d-----w- c:\users\Christina\AppData\Local\{DE47E771-87AF-4EB6-A30F-BA0C1D9EF793}
2011-05-07 02:31 . 2011-05-07 02:32 -------- d-----w- c:\users\Christina\AppData\Local\{3EEF195A-83E2-4B7C-BACE-CAF4090ED84C}
2011-05-06 13:25 . 2011-05-06 13:25 -------- d-----w- c:\users\Christina\AppData\Local\{27C59F21-CAB5-4105-AAFF-3139566977AA}
2011-05-04 15:48 . 2011-05-04 15:48 -------- d-----w- c:\users\Christina\AppData\Local\{541255FE-8CF7-412E-A4A4-E32C493DFE0F}
2011-05-02 12:26 . 2011-05-02 12:26 -------- d-----w- c:\users\Christina\AppData\Local\{842B12F1-FE49-484F-B9E3-E07AF8F93AAF}
2011-04-29 10:37 . 2011-04-29 10:37 -------- d-----w- c:\users\Christina\AppData\Local\{E12E258A-40CE-47D1-894B-AE1839529C58}
2011-04-28 21:02 . 2011-04-28 21:02 -------- d-----w- c:\users\Christina\AppData\Local\{963D5186-A9AE-44FC-9A76-21B46C80BF0D}
2011-04-28 02:04 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-28 02:04 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-28 02:04 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 02:04 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2011-04-28 02:04 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-04-28 02:04 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 01:51 . 2011-04-28 01:52 -------- d-----w- c:\users\Christina\AppData\Local\{5215ED02-366D-444B-A600-765A084FFE31}
2011-04-26 02:44 . 2011-04-26 02:45 -------- d-----w- c:\users\Christina\AppData\Local\{085542B9-EB96-4DFC-845A-FDF8195498C2}
2011-04-25 13:37 . 2011-04-25 13:37 -------- d-----w- c:\users\Christina\AppData\Local\{3A812827-06B8-45AD-B0F1-EAD58C56CD59}
2011-04-25 01:00 . 2011-04-25 01:00 -------- d-----w- c:\users\Christina\AppData\Local\{AC4D544F-6AEB-4F25-B918-E5B850938DD4}
2011-04-24 12:59 . 2011-04-24 12:59 -------- d-----w- c:\users\Christina\AppData\Local\{84566CFE-ADA1-449E-95AE-ABC551400163}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 19:26 . 2011-04-06 19:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 19:26 . 2011-04-06 19:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 19:20 . 2011-04-06 19:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 19:20 . 2011-04-06 19:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-13 14:39 . 2010-06-24 14:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-10 17:18 . 2011-04-13 12:18 1360384 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:18 . 2011-04-13 12:18 1398784 ----a-w- c:\windows\system32\mfc42.dll
2011-03-10 17:03 . 2011-04-13 12:18 1162240 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-10 17:03 . 2011-04-13 12:18 1136640 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-03 16:02 . 2011-04-13 12:21 975872 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:59 . 2011-04-28 02:04 100352 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:59 . 2011-04-28 02:04 331776 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:59 . 2011-04-28 02:04 284672 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:42 . 2011-04-13 12:21 739328 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-03 15:40 . 2011-04-28 02:04 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 02:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 02:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 02:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:46 . 2011-04-13 12:19 2762240 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 16:12 . 2011-04-13 12:17 117760 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-24 16:38 . 2011-04-13 12:21 991104 ----a-w- c:\windows\system32\winresume.efi
2011-02-24 16:38 . 2011-04-13 12:21 979840 ----a-w- c:\windows\system32\winresume.exe
2011-02-24 16:37 . 2011-04-13 12:21 1076608 ----a-w- c:\windows\system32\winload.efi
2011-02-24 16:37 . 2011-04-13 12:21 1063296 ----a-w- c:\windows\system32\winload.exe
2011-02-24 16:37 . 2011-04-13 12:20 20864 ----a-w- c:\windows\system32\kdusb.dll
2011-02-24 16:37 . 2011-04-13 12:20 18816 ----a-w- c:\windows\system32\kd1394.dll
2011-02-24 16:37 . 2011-04-13 12:20 17792 ----a-w- c:\windows\system32\kdcom.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-08-26 124224]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2010-06-01 140608]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-10-03 202256]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"QuickTime Plugin Install"="c:\program files (x86)\QuickTime\Plugins\DeleteMe1.exe" [2011-05-16 86016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw3v64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [x]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2009-07-12 50688]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2009-07-14 946688]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2009-07-12 690688]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2011-02-16 101048]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-08-26 20792]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-10-06 365952]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-09 c:\windows\Tasks\HPCeeScheduleForChristina.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-23 18:34]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1237288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {87942C22-D5ED-4523-9CF3-B8F3F41CB99C} = 129.173.1.100,129.173.5.100
FF - ProfilePath - c:\users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\qfcs0rwo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-05-23 20:49:41
ComboFix-quarantined-files.txt 2011-05-23 23:49
.
Pre-Run: 217,069,404,160 bytes free
Post-Run: 217,011,634,176 bytes free
.
- - End Of File - - 32F7444D762AE268A1663644BA9F1A70
  • 0

#8
Essexboy
Posted 24 May 2011 - 10:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets have a quick sweep for orphans before I remove my tools and tidy you up

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#9
Essexboy
Posted 28 May 2011 - 06:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP