Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PUM.Hijiack AND Trojan.FakeMS HELP PLEASE!


  • This topic is locked This topic is locked

#1
cgrout

cgrout

    New Member

  • Member
  • Pip
  • 9 posts
Forgive me as I don't know much about fixing computers. My computer started running really slow and then had these blue screens pop up all the time that said crash dump and it would restart my computer. Then all my programs and files were gone from my computer. I had nothing on the desktop, start up menu, or task bar but windows recovery. I followed some of the formums and I unhid my files so I can see some of them again. I ran spybot search and destroy and malwarebyte's anti malware. It found adware, malware, PUM.Hijack.Task and Trojan.fakeMS. I ran the combo fix as I read in a forum. My task bar is back but all of my programs are still gone. I have nothing but EI and there is a folder called start up but it is empty. PLEASE HELP! I am going to attach all of the logs that I have.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/4/2011 11:26:58 PM
mbam-log-2011-06-04 (23-26-58).txt

Scan type: Quick scan
Objects scanned: 161780
Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 33
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 14
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451c-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.Info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.Info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790570BC76555731A895 (Malware.Trace) -> Value: SRS_IT_E8790570BC76555731A895 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (Adware.ClickPotato) -> Value: [email protected] -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\queryexplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.624.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.624.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.624.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.624.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464} (Adware.QueryExplorer) -> Delete on reboot.
c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults (Adware.QueryExplorer) -> Delete on reboot.
c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults\preferences (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files (x86)\queryexplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\dqmiuymnarayqk.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\Users\Carie\AppData\Local\Temp\Low\adobe_flash_player.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\Users\Carie\AppData\Local\Temp\Low\tmp997B.tmp (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.624.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome.manifest (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\install.rdf (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome\queryexplorer.jar (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults\preferences\prefs.js (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files (x86)\queryexplorer\uninstall.exe (Adware.QueryExplorer) -> Quarantined and deleted successfully.




Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/5/2011 2:38:03 AM
mbam-log-2011-06-05 (02-38-03).txt

Scan type: Quick scan
Objects scanned: 161906
Time elapsed: 1 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



RogueKiller V5.2.2 [06/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Carie [Restricted rights]
Mode: Shortcuts HJfix -- Date : 06/05/2011 01:14:38

Bad processes: 0

File attributes restored:
Desktop: Success 58 / Fail 2
Quick launch: Success 19 / Fail 0
Programs: Success 92687 / Fail 7334
Start menu: Success 36 / Fail 75
User folder: Success 9392 / Fail 228
My documents: Success 463 / Fail 0
My favorites: Success 139 / Fail 0
My pictures: Success 1268 / Fail 0
My music: Success 95 / Fail 0
My videos: Success 6 / Fail 0
Local drives: Success 32835 / Fail 7857
Backup: [FOUND] Success 5 / Fail 240

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped
[Q:] \Device\SftVol -- 0x3 --> Restored

Finished : << \RKreport[1].txt >>
RKreport[1].txt
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there - could you run RogueKiller again selecting option 6 and post that log

THEN


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

FINALLY

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
cgrout

cgrout

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thank you so much for the fast ressponse! Here is the RogueKiller log

RogueKiller V5.2.2 [06/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Carie [Restricted rights]
Mode: Shortcuts HJfix -- Date : 06/07/2011 12:49:17

Bad processes: 0

File attributes restored:
Desktop: Success 0 / Fail 2
Quick launch: Success 0 / Fail 0
Programs: Success 9281 / Fail 7253
Start menu: Success 0 / Fail 266
User folder: Success 27 / Fail 3
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 9531 / Fail 7545
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped
[Q:] \Device\SftVol -- 0x3 --> Restored

Finished : << \RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When you run RogueKiller could you right click it and select run as administrator please. Retry that again by right clicking and select option 6
  • 0

#5
cgrout

cgrout

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ok here is the new roguekiller log and the otl log





OTL logfile created on: 6/7/2011 1:06:38 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Carie\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 44.52% Memory free
7.61 Gb Paging File | 5.32 Gb Available in Paging File | 69.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.61 Gb Total Space | 227.58 Gb Free Space | 79.96% Space Free | Partition Type: NTFS
Drive D: | 13.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.88 Mb Free Space | 96.52% Space Free | Partition Type: FAT32

Computer Name: CARIE-PC | User Name: Carie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/07 12:52:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Carie\Desktop\OTL.exe
PRC - [2011/06/07 12:43:53 | 000,510,464 | ---- | M] () -- C:\Users\Carie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QGPYH5FG\RogueKiller[1].exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/12 01:15:53 | 000,304,304 | -H-- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/10/14 17:27:38 | 000,092,216 | -H-- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/04/24 02:10:34 | 000,209,768 | -H-- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 02:10:28 | 000,483,688 | -H-- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/10/01 00:01:32 | 002,320,920 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 00:01:30 | 000,268,824 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | -H-- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2011/06/07 12:52:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Carie\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/12 13:19:52 | 000,301,568 | ---- | M] (Computer Associates International, Inc.) [Disabled | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV:64bit: - [2010/10/18 23:24:07 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/18 23:24:06 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2009/09/04 16:35:12 | 000,873,248 | -H-- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 16:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2011/03/28 16:15:40 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/10/14 17:27:38 | 000,092,216 | -H-- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/07/28 17:36:52 | 000,246,520 | -H-- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/04/24 02:10:34 | 000,209,768 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 02:10:28 | 000,483,688 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/01 00:01:32 | 002,320,920 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/10/01 00:01:30 | 000,268,824 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/07/07 14:48:44 | 000,647,216 | -H-- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/01 17:07:59 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/04/01 17:07:59 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/18 23:24:09 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/10/18 23:21:08 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/04/24 02:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 02:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 02:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 02:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/10/08 12:37:50 | 007,749,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/26 11:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/09/17 16:56:24 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/09/17 16:56:16 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/09/17 16:56:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/09/17 16:56:10 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/02 13:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/15 02:54:54 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/08 00:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 23:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 16:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 16:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/29 14:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 17:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 12:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/09/02 13:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/linksys
IE - HKLM\..\URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\tbElf_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files (x86)\Road_Runner\prxtbRoad.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
IE - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.condui...&ctid=CT2856415
IE - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\..\URLSearchHook: {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files (x86)\Road_Runner\prxtbRoad.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...GO&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {27E679CC-6AAB-4B2A-BB87-096FE4178464}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: [email protected]:10.0.624.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/31 17:37:37 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/31 17:37:24 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/31 17:37:24 | 000,000,000 | -H-D | M]

[2011/01/15 16:29:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carie\AppData\Roaming\Mozilla\Extensions
[2010/07/26 13:06:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/04/17 22:29:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carie\AppData\Roaming\Mozilla\Firefox\Profiles\696kom1y.default\extensions
[2011/05/31 17:36:27 | 000,000,000 | ---D | M] (Road Runner) -- C:\Users\Carie\AppData\Roaming\Mozilla\Firefox\Profiles\696kom1y.default\extensions\{e4878b45-e2c0-4307-b6e8-734922f92f5b}
[2011/02/05 17:23:13 | 000,001,919 | ---- | M] () -- C:\Users\Carie\AppData\Roaming\Mozilla\Firefox\Profiles\696kom1y.default\searchplugins\bing-zugo.xml
[2011/06/05 00:22:40 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\CLICKPOTATOLITE\BIN\10.0.624.0\FIREFOX\EXTENSIONS
[2011/05/31 17:37:37 | 000,000,000 | -H-D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{27E679CC-6AAB-4B2A-BB87-096FE4178464}

O1 HOSTS File: ([2011/06/05 02:24:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Elf 1 Toolbar) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\tbElf_.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
O2 - BHO: (Updater For Simppull Toolbar) - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - File not found
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Road Runner Toolbar) - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files (x86)\Road_Runner\prxtbRoad.dll (Conduit Ltd.)
O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No CLSID value found.
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Elf 1 Toolbar) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\tbElf_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Road Runner Toolbar) - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files (x86)\Road_Runner\prxtbRoad.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O3 - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\..\Toolbar\WebBrowser: (Elf 1 Toolbar) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - C:\Program Files (x86)\Elf_1\tbElf_.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\..\Toolbar\WebBrowser: (Road Runner Toolbar) - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - C:\Program Files (x86)\Road_Runner\prxtbRoad.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKU\S-1-5-21-2292576695-2935708217-452489483-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4:64bit: - HKLM..\RunOnce: [ccube_Uninstall_Lock] C:\ProgramData\CA\Consumer\ISS\tmp\cacu_001.exe (Computer Associates International, Inc.)
O4:64bit: - HKLM..\RunOnce: [Qurb {EBA5BE5C}] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\PFW: DllName - Reg Error: Key error. - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/07 12:52:57 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Carie\Desktop\OTL.exe
[2011/06/05 02:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CA
[2011/06/05 01:49:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/05 01:49:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/05 01:49:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/05 01:48:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/05 01:28:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/05 01:27:44 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/06/05 01:18:35 | 004,112,369 | R--- | C] (Swearware) -- C:\Users\Carie\Desktop\ComboFix.exe
[2011/06/05 01:14:38 | 000,000,000 | ---D | C] -- C:\Users\Carie\Desktop\RK_Quarantine
[2011/06/04 23:21:57 | 000,000,000 | ---D | C] -- C:\Users\Carie\AppData\Roaming\Malwarebytes
[2011/06/04 23:21:34 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/04 23:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/04 23:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/04 23:21:28 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/06/04 23:21:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/04 21:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/04 21:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/06/04 21:54:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/05/31 18:02:21 | 000,000,000 | ---D | C] -- C:\Users\Carie\AppData\Local\MigWiz
[2011/05/29 23:50:32 | 000,000,000 | ---D | C] -- C:\Users\Carie\FrostWire
[2011/05/22 23:26:06 | 000,000,000 | ---D | C] -- C:\Users\Carie\AppData\Roaming\OpenCandy
[2011/05/22 23:26:05 | 000,000,000 | ---D | C] -- C:\Users\Carie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
[2011/05/22 22:41:04 | 008,166,056 | ---- | C] (FrostWire Team) -- C:\Users\Carie\Desktop\frostwire-4.21.7.windows.exe
[2011/05/15 15:22:44 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011/05/09 18:00:43 | 000,000,000 | ---D | C] -- C:\Users\Carie\AppData\Roaming\Avira
[2011/05/09 18:00:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/05/09 18:00:16 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/05/09 18:00:16 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/05/09 18:00:16 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Avira
[2011/05/09 18:00:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/05/09 14:05:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/05/09 02:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Anti-Theft
[2011/05/09 02:00:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Online Backup
[2011/05/09 01:58:57 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\McAfee Online Backup
[2011/05/09 01:58:18 | 000,000,000 | ---D | C] -- C:\Users\Carie\AppData\Local\McAfee Anti-Theft
[2011/05/09 01:42:20 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2011/05/09 01:38:39 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\McAfee
[2011/05/09 01:38:29 | 000,000,000 | -H-D | C] -- C:\Program Files\McAfee.com
[2011/05/09 01:37:05 | 000,000,000 | -H-D | C] -- C:\Program Files\McAfee
[2011/05/09 01:36:57 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\McAfee
[2011/05/09 00:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/07 12:52:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Carie\Desktop\OTL.exe
[2011/06/07 12:36:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/07 11:38:48 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/07 11:30:11 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/07 11:30:11 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/07 11:25:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/05 02:24:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/06/05 01:49:00 | 004,112,369 | R--- | M] (Swearware) -- C:\Users\Carie\Desktop\ComboFix.exe
[2011/06/05 00:21:54 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011/06/05 00:19:55 | 599,337,888 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/05 00:19:51 | 3063,046,144 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/04 23:27:49 | 000,137,436 | ---- | M] () -- C:\Windows\SysNative\drivers\KmxAgent.asc
[2011/06/04 23:27:49 | 000,000,249 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2
[2011/06/04 23:27:49 | 000,000,249 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1
[2011/06/04 23:27:49 | 000,000,249 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0
[2011/06/04 23:27:49 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7
[2011/06/04 23:27:49 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6
[2011/06/04 23:27:49 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5
[2011/06/04 23:27:49 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4
[2011/06/04 23:27:49 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3
[2011/06/04 23:21:34 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/04 21:54:59 | 000,001,282 | ---- | M] () -- C:\Users\Carie\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/04 21:54:59 | 000,001,258 | ---- | M] () -- C:\Users\Carie\Desktop\Spybot - Search & Destroy.lnk
[2011/05/31 10:36:22 | 000,000,448 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Carie.job
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/22 23:26:06 | 000,001,227 | ---- | M] () -- C:\Users\Carie\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.7.lnk
[2011/05/22 23:26:05 | 000,001,203 | ---- | M] () -- C:\Users\Carie\Desktop\FrostWire 4.21.7.lnk
[2011/05/22 22:41:09 | 008,166,056 | ---- | M] (FrostWire Team) -- C:\Users\Carie\Desktop\frostwire-4.21.7.windows.exe
[2011/05/19 23:26:23 | 000,000,392 | ---- | M] () -- C:\ProgramData\45473528
[2011/05/19 23:23:50 | 000,000,112 | ---- | M] () -- C:\ProgramData\~45473528
[2011/05/19 15:02:28 | 000,000,136 | ---- | M] () -- C:\ProgramData\~45473528r
[2011/05/09 13:56:06 | 052,676,424 | ---- | M] () -- C:\Users\Carie\Desktop\avira_antivir_personal_en.exe
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/05 02:14:33 | 000,001,547 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/06/05 02:14:33 | 000,001,246 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/06/05 02:14:32 | 000,002,567 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Magic.lnk
[2011/06/05 02:14:32 | 000,002,557 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/06/05 02:14:32 | 000,002,519 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/06/05 02:14:32 | 000,002,441 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/05 02:14:32 | 000,002,304 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Software Store.lnk
[2011/06/05 02:14:32 | 000,002,278 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2011/06/05 02:14:32 | 000,001,848 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2011/06/05 02:14:32 | 000,001,352 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/06/05 02:14:32 | 000,001,345 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/06/05 02:14:32 | 000,001,330 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/06/05 02:14:32 | 000,001,326 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/06/05 02:14:32 | 000,001,210 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/06/05 02:14:32 | 000,001,009 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2011/06/05 01:49:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/05 01:49:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/05 01:49:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/05 01:49:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/05 01:49:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/04 23:21:34 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/04 21:54:59 | 000,001,282 | ---- | C] () -- C:\Users\Carie\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/04 21:54:59 | 000,001,258 | ---- | C] () -- C:\Users\Carie\Desktop\Spybot - Search & Destroy.lnk
[2011/05/22 23:26:06 | 000,001,227 | ---- | C] () -- C:\Users\Carie\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.7.lnk
[2011/05/22 23:26:05 | 000,001,203 | ---- | C] () -- C:\Users\Carie\Desktop\FrostWire 4.21.7.lnk
[2011/05/19 14:52:08 | 000,000,136 | ---- | C] () -- C:\ProgramData\~45473528r
[2011/05/19 14:52:07 | 000,000,112 | ---- | C] () -- C:\ProgramData\~45473528
[2011/05/19 14:46:28 | 000,000,392 | ---- | C] () -- C:\ProgramData\45473528
[2011/05/09 13:57:29 | 052,676,424 | ---- | C] () -- C:\Users\Carie\Desktop\avira_antivir_personal_en.exe
[2011/04/17 22:25:33 | 000,259,408 | ---- | C] () -- C:\Windows\SysWow64\cfgmig32.exe
[2011/04/17 22:25:16 | 001,872,624 | ---- | C] () -- C:\Windows\SysWow64\winsflt.dll
[2011/01/15 16:29:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/07 22:57:29 | 001,180,219 | ---- | C] () -- C:\Users\Carie\AppData\Local\tmpSAM_0041.1
[2010/12/07 22:57:26 | 001,180,101 | ---- | C] () -- C:\Users\Carie\AppData\Local\tmpSAM_0041.JPG
[2010/12/07 22:57:25 | 003,210,089 | ---- | C] () -- C:\Users\Carie\AppData\Local\tmpSAM_0041.0
[2010/12/07 22:57:14 | 000,010,527 | ---- | C] () -- C:\Users\Carie\AppData\Local\tmpSAM_0041_navi.JPG
[2010/11/21 16:25:14 | 001,081,614 | ---- | C] () -- C:\Users\Carie\AppData\Local\tmp005.JPG
[2010/11/21 16:25:13 | 003,088,025 | ---- | C] () -- C:\Users\Carie\AppData\Local\tmp005.0
[2010/11/21 13:13:20 | 003,112,404 | ---- | C] () -- C:\Users\Carie\AppData\Local\tmp004.JPG
[2010/11/12 00:50:19 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/09 22:38:16 | 000,000,000 | ---- | C] () -- C:\Users\Carie\AppData\Roaming\wklnhst.dat
[2010/09/07 20:47:53 | 000,040,192 | ---- | C] () -- C:\Users\Carie\AppData\Local\tmp1036.0
[2010/09/07 20:47:53 | 000,013,354 | ---- | C] () -- C:\Users\Carie\AppData\Local\tmp1036.JPG
[2010/03/22 05:18:32 | 000,000,283 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/03/22 05:18:32 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2009/10/08 12:34:52 | 000,874,032 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2009/10/08 12:34:52 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2009/10/08 12:34:52 | 000,049,712 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009/10/08 11:36:18 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009/10/08 11:36:18 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/09/29 19:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/12/24 13:47:46 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\acccore
[2011/05/31 17:36:29 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\Azureus
[2010/11/10 19:36:20 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\FCSB000063123
[2011/05/30 14:36:20 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\FrostWire
[2010/07/25 02:20:41 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\iWin
[2011/05/31 17:36:28 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\kikin
[2011/03/09 14:02:54 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\LimeWire
[2011/05/31 17:36:27 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\OpenCandy
[2010/10/24 22:02:24 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\OpenOffice.org
[2010/11/09 22:38:16 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\Template
[2010/11/15 00:37:58 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\TP
[2010/10/24 21:55:21 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\WeatherBug
[2010/07/25 01:46:34 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\WildTangent
[2010/11/30 23:19:04 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\Zeon
[2011/05/19 23:06:43 | 000,031,434 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2010/01/09 19:53:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/01/09 19:53:41 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/01/09 19:53:41 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/01/09 19:53:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/12/03 15:35:07 | 000,553,696 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/12/03 15:35:07 | 000,553,696 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/12/03 15:35:07 | 000,553,696 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2010/12/03 15:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2010/12/03 15:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2010/12/03 15:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/02/24 01:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/02/24 01:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2010/12/03 15:35:07 | 000,553,696 | -H-- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2010/12/03 15:35:07 | 000,553,696 | -H-- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2010/12/03 15:35:07 | 000,553,696 | -H-- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2010/12/03 15:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2010/12/03 15:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2010/12/03 15:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/02/24 01:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/02/24 01:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)

< >

< End of report >
  • 0

#6
cgrout

cgrout

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
RogueKiller V5.2.2 [06/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Carie [Admin rights]
Mode: Shortcuts HJfix -- Date : 06/07/2011 13:34:18

Bad processes: 1
[SUSP PATH] OTL.exe -- c:\users\carie\desktop\otl.exe -> KILLED

File attributes restored:
Desktop: Success 2 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 83079 / Fail 0
Start menu: Success 231 / Fail 0
User folder: Success 49 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 677 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped
[Q:] \Device\SftVol -- 0x3 --> Restored

Finished : << \RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You should now have all your files and folders back - on completion can you let me know what problems remain

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/06/05 00:22:40 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    File not found (No name found) -- C:\PROGRAM FILES (X86)\CLICKPOTATOLITE\BIN\10.0.624.0\FIREFOX\EXTENSIONS
    File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{27E679CC-6AAB-4B2A-BB87-096FE4178464}
    O2 - BHO: (Updater For Simppull Toolbar) - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - File not found
    O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No CLSID value found.
    O3 - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
    O4:64bit: - HKLM..\RunOnce: [Qurb {EBA5BE5C}] File not found
    [2011/05/19 23:26:23 | 000,000,392 | ---- | M] () -- C:\ProgramData\45473528
    [2011/05/19 23:23:50 | 000,000,112 | ---- | M] () -- C:\ProgramData\~45473528
    [2011/05/19 15:02:28 | 000,000,136 | ---- | M] () -- C:\ProgramData\~45473528r
    [2011/05/19 14:52:08 | 000,000,136 | ---- | C] () -- C:\ProgramData\~45473528r
    [2011/05/19 14:52:07 | 000,000,112 | ---- | C] () -- C:\ProgramData\~45473528
    [2011/05/19 14:46:28 | 000,000,392 | ---- | C] () -- C:\ProgramData\45473528

    :files
    attrib -H c:\*.* /s /d /c
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#8
cgrout

cgrout

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL logfile created on: 6/7/2011 3:33:11 PM - Run 4
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Carie\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 54.63% Memory free
7.61 Gb Paging File | 5.62 Gb Available in Paging File | 73.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.61 Gb Total Space | 228.36 Gb Free Space | 80.24% Space Free | Partition Type: NTFS
Drive D: | 13.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.88 Mb Free Space | 96.52% Space Free | Partition Type: FAT32

Computer Name: CARIE-PC | User Name: Carie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/07 12:52:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Carie\Desktop\OTL.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/12 01:15:53 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/04/24 02:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 02:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/10/06 02:08:42 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/01 00:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 00:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | R-S- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2011/06/07 12:52:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Carie\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/18 23:24:07 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/18 23:24:06 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2009/09/04 16:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 16:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/07/28 17:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/04/24 02:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 02:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/01 00:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/10/01 00:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/01 17:07:59 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/04/01 17:07:59 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/18 23:24:09 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/10/18 23:21:08 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/04/24 02:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 02:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 02:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 02:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/10/08 12:37:50 | 007,749,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/26 11:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/09/17 16:56:24 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/09/17 16:56:16 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/09/17 16:56:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/09/17 16:56:10 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/02 13:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/15 02:54:54 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/08 00:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 23:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 16:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 16:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/29 14:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 17:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 12:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/09/02 13:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/linksys
IE - HKLM\..\URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\tbElf_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files (x86)\Road_Runner\prxtbRoad.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
IE - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.condui...&ctid=CT2856415
IE - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\..\URLSearchHook: {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files (x86)\Road_Runner\prxtbRoad.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...GO&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {27E679CC-6AAB-4B2A-BB87-096FE4178464}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: [email protected]:10.0.624.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/31 17:37:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/31 17:37:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/31 17:37:24 | 000,000,000 | ---D | M]

[2011/01/15 16:29:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carie\AppData\Roaming\Mozilla\Extensions
[2010/07/26 13:06:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/04/17 22:29:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carie\AppData\Roaming\Mozilla\Firefox\Profiles\696kom1y.default\extensions
[2011/05/31 17:36:27 | 000,000,000 | ---D | M] (Road Runner) -- C:\Users\Carie\AppData\Roaming\Mozilla\Firefox\Profiles\696kom1y.default\extensions\{e4878b45-e2c0-4307-b6e8-734922f92f5b}
[2011/02/05 17:23:13 | 000,001,919 | ---- | M] () -- C:\Users\Carie\AppData\Roaming\Mozilla\Firefox\Profiles\696kom1y.default\searchplugins\bing-zugo.xml
File not found (No name found) -- C:\PROGRAM FILES (X86)\CLICKPOTATOLITE\BIN\10.0.624.0\FIREFOX\EXTENSIONS
[2011/05/31 17:37:37 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{27E679CC-6AAB-4B2A-BB87-096FE4178464}

O1 HOSTS File: ([2011/06/07 15:24:17 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Elf 1 Toolbar) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\tbElf_.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Road Runner Toolbar) - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files (x86)\Road_Runner\prxtbRoad.dll (Conduit Ltd.)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Elf 1 Toolbar) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\tbElf_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Road Runner Toolbar) - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files (x86)\Road_Runner\prxtbRoad.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\..\Toolbar\WebBrowser: (Elf 1 Toolbar) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - C:\Program Files (x86)\Elf_1\tbElf_.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\..\Toolbar\WebBrowser: (Road Runner Toolbar) - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - C:\Program Files (x86)\Road_Runner\prxtbRoad.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKU\S-1-5-21-2292576695-2935708217-452489483-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2292576695-2935708217-452489483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\PFW: DllName - Reg Error: Key error. - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/07 15:09:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/07 14:57:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/07 13:24:11 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Carie\Desktop\aswMBR.exe
[2011/06/07 12:52:57 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Carie\Desktop\OTL.exe
[2011/06/05 01:49:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/05 01:49:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/05 01:49:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/05 01:48:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/05 01:28:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/05 01:27:44 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/06/05 01:18:35 | 004,112,369 | R--- | C] (Swearware) -- C:\Users\Carie\Desktop\ComboFix.exe
[2011/06/05 01:14:38 | 000,000,000 | ---D | C] -- C:\Users\Carie\Desktop\RK_Quarantine
[2011/06/04 23:21:57 | 000,000,000 | ---D | C] -- C:\Users\Carie\AppData\Roaming\Malwarebytes
[2011/06/04 23:21:34 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/04 23:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/04 23:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/04 23:21:28 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/06/04 23:21:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/04 21:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/04 21:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/06/04 21:54:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/05/31 18:02:21 | 000,000,000 | ---D | C] -- C:\Users\Carie\AppData\Local\MigWiz
[2011/05/29 23:50:32 | 000,000,000 | ---D | C] -- C:\Users\Carie\FrostWire
[2011/05/22 23:26:06 | 000,000,000 | ---D | C] -- C:\Users\Carie\AppData\Roaming\OpenCandy
[2011/05/22 23:26:05 | 000,000,000 | ---D | C] -- C:\Users\Carie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
[2011/05/22 22:41:04 | 008,166,056 | ---- | C] (FrostWire Team) -- C:\Users\Carie\Desktop\frostwire-4.21.7.windows.exe
[2011/05/15 15:22:44 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011/05/09 18:00:43 | 000,000,000 | ---D | C] -- C:\Users\Carie\AppData\Roaming\Avira
[2011/05/09 18:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/05/09 18:00:16 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/05/09 18:00:16 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/05/09 18:00:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/05/09 18:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/05/09 14:05:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/05/09 02:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Anti-Theft
[2011/05/09 02:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Online Backup
[2011/05/09 01:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Online Backup
[2011/05/09 01:58:18 | 000,000,000 | ---D | C] -- C:\Users\Carie\AppData\Local\McAfee Anti-Theft
[2011/05/09 01:42:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2011/05/09 01:38:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2011/05/09 01:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/05/09 01:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/05/09 01:36:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2011/05/09 00:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

========== Files - Modified Within 30 Days ==========

[2011/06/07 15:36:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/07 15:29:20 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011/06/07 15:27:39 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/07 15:27:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/07 15:27:20 | 3063,046,144 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/07 15:24:17 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/06/07 15:17:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/07 15:17:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/07 15:05:57 | 000,144,716 | ---- | M] () -- C:\Windows\SysNative\drivers\KmxAgent.asc
[2011/06/07 14:54:48 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Carie.job
[2011/06/07 13:24:17 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Carie\Desktop\aswMBR.exe
[2011/06/07 12:52:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Carie\Desktop\OTL.exe
[2011/06/05 01:49:00 | 004,112,369 | R--- | M] (Swearware) -- C:\Users\Carie\Desktop\ComboFix.exe
[2011/06/05 00:19:55 | 599,337,888 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/04 23:27:49 | 000,000,249 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2
[2011/06/04 23:27:49 | 000,000,249 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1
[2011/06/04 23:27:49 | 000,000,249 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0
[2011/06/04 23:27:49 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7
[2011/06/04 23:27:49 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6
[2011/06/04 23:27:49 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5
[2011/06/04 23:27:49 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4
[2011/06/04 23:27:49 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3
[2011/06/04 23:21:34 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/04 21:54:59 | 000,001,282 | ---- | M] () -- C:\Users\Carie\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/04 21:54:59 | 000,001,258 | ---- | M] () -- C:\Users\Carie\Desktop\Spybot - Search & Destroy.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/22 23:26:06 | 000,001,227 | ---- | M] () -- C:\Users\Carie\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.7.lnk
[2011/05/22 23:26:05 | 000,001,203 | ---- | M] () -- C:\Users\Carie\Desktop\FrostWire 4.21.7.lnk
[2011/05/22 22:41:09 | 008,166,056 | ---- | M] (FrostWire Team) -- C:\Users\Carie\Desktop\frostwire-4.21.7.windows.exe
[2011/05/09 13:56:06 | 052,676,424 | ---- | M] () -- C:\Users\Carie\Desktop\avira_antivir_personal_en.exe

========== Files Created - No Company Name ==========

[2011/06/05 02:14:33 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/06/05 02:14:33 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/06/05 02:14:32 | 000,002,567 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Magic.lnk
[2011/06/05 02:14:32 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/06/05 02:14:32 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/06/05 02:14:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/05 02:14:32 | 000,002,304 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Software Store.lnk
[2011/06/05 02:14:32 | 000,002,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2011/06/05 02:14:32 | 000,001,848 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2011/06/05 02:14:32 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/06/05 02:14:32 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/06/05 02:14:32 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/06/05 02:14:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/06/05 02:14:32 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/06/05 02:14:32 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2011/06/05 01:49:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/05 01:49:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/05 01:49:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/05 01:49:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/05 01:49:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/04 23:21:34 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/04 21:54:59 | 000,001,282 | ---- | C] () -- C:\Users\Carie\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/04 21:54:59 | 000,001,258 | ---- | C] () -- C:\Users\Carie\Desktop\Spybot - Search & Destroy.lnk
[2011/05/22 23:26:06 | 000,001,227 | ---- | C] () -- C:\Users\Carie\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.7.lnk
[2011/05/22 23:26:05 | 000,001,203 | ---- | C] () -- C:\Users\Carie\Desktop\FrostWire 4.21.7.lnk
[2011/05/09 13:57:29 | 052,676,424 | ---- | C] () -- C:\Users\Carie\Desktop\avira_antivir_personal_en.exe
[2011/01/15 16:29:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/07 22:57:29 | 001,180,219 | ---- | C] () -- C:\Users\Carie\AppData\Local\tmpSAM_0041.1
[2010/12/07 22:57:26 | 001,180,101 | ---- | C] () -- C:\Users\Carie\AppData\Local\tmpSAM_0041.JPG
[2010/12/07 22:57:25 | 003,210,089 | ---- | C] () -- C:\Users\Carie\AppData\Local\tmpSAM_0041.0
[2010/12/07 22:57:14 | 000,010,527 | ---- | C] () -- C:\Users\Carie\AppData\Local\tmpSAM_0041_navi.JPG
[2010/11/21 16:25:14 | 001,081,614 | ---- | C] () -- C:\Users\Carie\AppData\Local\tmp005.JPG
[2010/11/21 16:25:13 | 003,088,025 | ---- | C] () -- C:\Users\Carie\AppData\Local\tmp005.0
[2010/11/21 13:13:20 | 003,112,404 | ---- | C] () -- C:\Users\Carie\AppData\Local\tmp004.JPG
[2010/11/12 00:50:19 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/09 22:38:16 | 000,000,000 | ---- | C] () -- C:\Users\Carie\AppData\Roaming\wklnhst.dat
[2010/09/07 20:47:53 | 000,040,192 | ---- | C] () -- C:\Users\Carie\AppData\Local\tmp1036.0
[2010/09/07 20:47:53 | 000,013,354 | ---- | C] () -- C:\Users\Carie\AppData\Local\tmp1036.JPG
[2010/03/22 05:18:32 | 000,000,283 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/03/22 05:18:32 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2009/10/08 12:34:52 | 000,874,032 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2009/10/08 12:34:52 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2009/10/08 12:34:52 | 000,049,712 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009/10/08 11:36:18 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009/10/08 11:36:18 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/09/29 19:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/12/24 13:47:46 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\acccore
[2011/05/31 17:36:29 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\Azureus
[2010/11/10 19:36:20 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\FCSB000063123
[2011/05/30 14:36:20 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\FrostWire
[2010/07/25 02:20:41 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\iWin
[2011/05/31 17:36:28 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\kikin
[2011/03/09 14:02:54 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\LimeWire
[2011/05/31 17:36:27 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\OpenCandy
[2010/10/24 22:02:24 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\OpenOffice.org
[2010/11/09 22:38:16 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\Template
[2010/11/15 00:37:58 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\TP
[2010/10/24 21:55:21 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\WeatherBug
[2010/07/25 01:46:34 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\WildTangent
[2010/11/30 23:19:04 | 000,000,000 | ---D | M] -- C:\Users\Carie\AppData\Roaming\Zeon
[2011/05/19 23:06:43 | 000,031,930 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#9
cgrout

cgrout

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
My programs and files are back! yay! thank you! Do I still need to run the aswMBR.exe?
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes please just to confirm that there is nothing in your MBR

What problems remain ?
  • 0

Advertisements


#11
cgrout

cgrout

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
here is the mbr log. everything seems to be running great! thank you so much for your help. should I keep sypbot and malwarebyte on my computer and continue to run thoes scans regularly?Attached File  aswMBR.txt   932bytes   109 downloads
  • 0

#12
cgrout

cgrout

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
actually take that back I think I jinxed myself. They blue screen just came up and said there is an erroer crash dump in 23 seconds.
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I would like to recheck the MBR with a different tool this time... What error was there when the blue screen appeared ?

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#14
cgrout

cgrout

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
The blue screen goes away pretty fast but it said something about check for a new program that was recently installed and at the bottom it said crash dump in 20 seconds and it counts down and restarts my computer





2011/06/08 23:00:53.0031 4940 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/08 23:00:53.0998 4940 ================================================================================
2011/06/08 23:00:53.0998 4940 SystemInfo:
2011/06/08 23:00:53.0998 4940
2011/06/08 23:00:53.0998 4940 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/08 23:00:53.0998 4940 Product type: Workstation
2011/06/08 23:00:53.0998 4940 ComputerName: CARIE-PC
2011/06/08 23:00:53.0998 4940 UserName: Carie
2011/06/08 23:00:53.0998 4940 Windows directory: C:\Windows
2011/06/08 23:00:53.0998 4940 System windows directory: C:\Windows
2011/06/08 23:00:53.0998 4940 Running under WOW64
2011/06/08 23:00:53.0998 4940 Processor architecture: Intel x64
2011/06/08 23:00:53.0998 4940 Number of processors: 4
2011/06/08 23:00:53.0998 4940 Page size: 0x1000
2011/06/08 23:00:53.0998 4940 Boot type: Normal boot
2011/06/08 23:00:53.0998 4940 ================================================================================
2011/06/08 23:00:54.0513 4940 Initialize success
2011/06/08 23:01:06.0113 6304 ================================================================================
2011/06/08 23:01:06.0113 6304 Scan started
2011/06/08 23:01:06.0113 6304 Mode: Manual;
2011/06/08 23:01:06.0113 6304 ================================================================================
2011/06/08 23:01:06.0715 6304 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/08 23:01:06.0767 6304 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/06/08 23:01:06.0823 6304 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/08 23:01:06.0859 6304 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/08 23:01:06.0901 6304 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/08 23:01:07.0013 6304 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/08 23:01:07.0076 6304 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/08 23:01:07.0185 6304 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/06/08 23:01:07.0310 6304 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/08 23:01:07.0388 6304 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/08 23:01:07.0403 6304 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/08 23:01:07.0466 6304 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/08 23:01:07.0559 6304 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/08 23:01:07.0622 6304 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/06/08 23:01:07.0684 6304 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/08 23:01:07.0747 6304 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/06/08 23:01:07.0949 6304 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/06/08 23:01:08.0043 6304 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/08 23:01:08.0121 6304 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/08 23:01:08.0168 6304 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/08 23:01:08.0215 6304 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/08 23:01:08.0339 6304 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/06/08 23:01:08.0355 6304 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/06/08 23:01:08.0433 6304 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/08 23:01:08.0573 6304 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/08 23:01:08.0698 6304 BCM43XX (6c95dd14cfd30b0617b91dc6a0b1a1fb) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/06/08 23:01:08.0854 6304 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/08 23:01:08.0917 6304 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/08 23:01:08.0979 6304 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/08 23:01:09.0088 6304 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/08 23:01:09.0119 6304 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/08 23:01:09.0151 6304 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/08 23:01:09.0197 6304 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/08 23:01:09.0229 6304 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/08 23:01:09.0260 6304 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/08 23:01:09.0369 6304 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/06/08 23:01:09.0416 6304 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/08 23:01:09.0478 6304 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/08 23:01:09.0603 6304 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2011/06/08 23:01:09.0743 6304 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2011/06/08 23:01:09.0790 6304 btwaudio (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys
2011/06/08 23:01:09.0837 6304 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/06/08 23:01:09.0946 6304 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/06/08 23:01:09.0993 6304 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/06/08 23:01:10.0087 6304 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/08 23:01:10.0196 6304 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/08 23:01:10.0243 6304 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/08 23:01:10.0305 6304 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/08 23:01:10.0477 6304 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/08 23:01:10.0508 6304 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/08 23:01:10.0555 6304 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/06/08 23:01:10.0711 6304 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/08 23:01:10.0742 6304 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/08 23:01:10.0804 6304 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/08 23:01:10.0976 6304 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/06/08 23:01:11.0023 6304 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/08 23:01:11.0085 6304 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/08 23:01:11.0241 6304 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/08 23:01:11.0303 6304 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/08 23:01:11.0506 6304 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/08 23:01:11.0678 6304 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/08 23:01:11.0740 6304 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
2011/06/08 23:01:11.0849 6304 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/08 23:01:11.0927 6304 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/08 23:01:11.0959 6304 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/08 23:01:12.0021 6304 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/08 23:01:12.0115 6304 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/08 23:01:12.0161 6304 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/08 23:01:12.0177 6304 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/08 23:01:12.0224 6304 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/06/08 23:01:12.0255 6304 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/08 23:01:12.0302 6304 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/08 23:01:12.0364 6304 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/08 23:01:12.0489 6304 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/08 23:01:12.0567 6304 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/08 23:01:12.0739 6304 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/08 23:01:12.0801 6304 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/06/08 23:01:12.0863 6304 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/08 23:01:12.0988 6304 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/06/08 23:01:13.0035 6304 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/08 23:01:13.0066 6304 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/08 23:01:13.0113 6304 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/08 23:01:13.0238 6304 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/08 23:01:13.0347 6304 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/06/08 23:01:13.0472 6304 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/06/08 23:01:13.0565 6304 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/08 23:01:13.0706 6304 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/06/08 23:01:13.0768 6304 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/08 23:01:13.0831 6304 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/08 23:01:13.0940 6304 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/08 23:01:14.0002 6304 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/06/08 23:01:14.0267 6304 igfx (404548917acaaa314165c2882b045c94) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/06/08 23:01:14.0470 6304 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/08 23:01:14.0564 6304 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/06/08 23:01:14.0595 6304 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/08 23:01:14.0704 6304 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/08 23:01:14.0782 6304 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/08 23:01:14.0829 6304 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/08 23:01:14.0860 6304 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/08 23:01:14.0969 6304 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/08 23:01:15.0001 6304 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/08 23:01:15.0047 6304 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/08 23:01:15.0110 6304 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/08 23:01:15.0219 6304 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/08 23:01:15.0266 6304 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/08 23:01:15.0313 6304 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/08 23:01:15.0344 6304 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/08 23:01:15.0515 6304 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/08 23:01:15.0593 6304 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/08 23:01:15.0640 6304 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/08 23:01:15.0671 6304 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/08 23:01:15.0781 6304 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/08 23:01:15.0843 6304 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/08 23:01:15.0890 6304 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/08 23:01:15.0937 6304 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/08 23:01:16.0046 6304 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/08 23:01:16.0093 6304 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/08 23:01:16.0139 6304 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/08 23:01:16.0202 6304 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/08 23:01:16.0295 6304 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/06/08 23:01:16.0327 6304 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/08 23:01:16.0373 6304 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/08 23:01:16.0420 6304 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/08 23:01:16.0467 6304 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/08 23:01:16.0498 6304 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/08 23:01:16.0529 6304 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/08 23:01:16.0623 6304 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/08 23:01:16.0670 6304 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/08 23:01:16.0732 6304 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/08 23:01:16.0748 6304 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/08 23:01:16.0795 6304 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/08 23:01:16.0919 6304 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/08 23:01:16.0951 6304 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/08 23:01:16.0997 6304 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/08 23:01:17.0044 6304 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/06/08 23:01:17.0107 6304 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/08 23:01:17.0138 6304 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/08 23:01:17.0247 6304 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/08 23:01:17.0278 6304 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/08 23:01:17.0356 6304 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/08 23:01:17.0497 6304 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/06/08 23:01:17.0637 6304 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/08 23:01:17.0684 6304 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/08 23:01:17.0715 6304 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/08 23:01:17.0746 6304 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/08 23:01:17.0793 6304 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/06/08 23:01:17.0918 6304 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/08 23:01:17.0965 6304 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/08 23:01:18.0136 6304 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/06/08 23:01:18.0292 6304 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/08 23:01:18.0355 6304 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/08 23:01:18.0401 6304 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/08 23:01:18.0495 6304 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/06/08 23:01:18.0620 6304 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/08 23:01:18.0682 6304 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/06/08 23:01:18.0713 6304 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/06/08 23:01:18.0776 6304 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/08 23:01:18.0916 6304 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/08 23:01:18.0994 6304 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/08 23:01:19.0025 6304 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/06/08 23:01:19.0088 6304 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/06/08 23:01:19.0181 6304 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/08 23:01:19.0213 6304 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/08 23:01:19.0259 6304 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/08 23:01:19.0291 6304 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/08 23:01:19.0478 6304 pnarp (fb83b6c62dff5abe36304351d2bed581) C:\Windows\system32\DRIVERS\pnarp.sys
2011/06/08 23:01:19.0571 6304 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/08 23:01:19.0618 6304 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/08 23:01:19.0727 6304 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/08 23:01:19.0790 6304 purendis (1b3434642ce3c26e6f24d3a76d749c2a) C:\Windows\system32\DRIVERS\purendis.sys
2011/06/08 23:01:19.0852 6304 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/08 23:01:19.0961 6304 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/08 23:01:20.0039 6304 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/08 23:01:20.0102 6304 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/08 23:01:20.0195 6304 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/08 23:01:20.0242 6304 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/08 23:01:20.0273 6304 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/08 23:01:20.0305 6304 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/08 23:01:20.0367 6304 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/08 23:01:20.0445 6304 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/08 23:01:20.0492 6304 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/08 23:01:20.0539 6304 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/08 23:01:20.0570 6304 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/08 23:01:20.0648 6304 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/06/08 23:01:20.0741 6304 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/06/08 23:01:20.0804 6304 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/08 23:01:20.0913 6304 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/08 23:01:21.0022 6304 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys
2011/06/08 23:01:21.0085 6304 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/06/08 23:01:21.0178 6304 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/08 23:01:21.0303 6304 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/08 23:01:21.0412 6304 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/08 23:01:21.0459 6304 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/08 23:01:21.0553 6304 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/08 23:01:21.0584 6304 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/08 23:01:21.0677 6304 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/08 23:01:21.0740 6304 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/08 23:01:21.0787 6304 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/08 23:01:21.0818 6304 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/08 23:01:21.0880 6304 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/08 23:01:21.0958 6304 Sftfs (72cd52403efc137290cb5a328510ebca) C:\Windows\system32\DRIVERS\Sftfslh.sys
2011/06/08 23:01:22.0067 6304 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2011/06/08 23:01:22.0145 6304 Sftredir (2d969194fcc8eb41ed1d52863bfe7f52) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2011/06/08 23:01:22.0192 6304 Sftvol (08b36d2f63af3ca2248458a4280c0c50) C:\Windows\system32\DRIVERS\Sftvollh.sys
2011/06/08 23:01:22.0301 6304 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/08 23:01:22.0379 6304 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/08 23:01:22.0442 6304 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/08 23:01:22.0535 6304 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/08 23:01:22.0645 6304 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/06/08 23:01:22.0738 6304 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/08 23:01:22.0816 6304 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/06/08 23:01:22.0879 6304 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/06/08 23:01:22.0988 6304 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/06/08 23:01:23.0128 6304 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/08 23:01:23.0191 6304 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/08 23:01:23.0269 6304 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/06/08 23:01:23.0393 6304 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/08 23:01:23.0471 6304 SynTP (924d711941956f7420a4925592be8253) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/08 23:01:23.0581 6304 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/06/08 23:01:23.0799 6304 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/08 23:01:23.0924 6304 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/08 23:01:23.0971 6304 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/08 23:01:23.0986 6304 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/08 23:01:24.0017 6304 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/08 23:01:24.0064 6304 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/08 23:01:24.0220 6304 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/08 23:01:24.0283 6304 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/08 23:01:24.0329 6304 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/08 23:01:24.0439 6304 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/08 23:01:24.0501 6304 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/08 23:01:24.0548 6304 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/08 23:01:24.0579 6304 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/08 23:01:24.0704 6304 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/06/08 23:01:24.0751 6304 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/08 23:01:24.0797 6304 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/08 23:01:24.0844 6304 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
2011/06/08 23:01:24.0938 6304 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/08 23:01:25.0000 6304 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
2011/06/08 23:01:25.0047 6304 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/08 23:01:25.0094 6304 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/06/08 23:01:25.0203 6304 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
2011/06/08 23:01:25.0250 6304 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/06/08 23:01:25.0328 6304 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/08 23:01:25.0453 6304 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/08 23:01:25.0484 6304 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/08 23:01:25.0531 6304 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/08 23:01:25.0562 6304 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/08 23:01:25.0593 6304 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/08 23:01:25.0655 6304 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/06/08 23:01:25.0765 6304 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/08 23:01:25.0827 6304 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/08 23:01:25.0874 6304 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/08 23:01:25.0905 6304 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/08 23:01:25.0999 6304 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/06/08 23:01:26.0061 6304 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/08 23:01:26.0108 6304 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/08 23:01:26.0139 6304 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/08 23:01:26.0217 6304 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/08 23:01:26.0248 6304 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/08 23:01:26.0420 6304 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/08 23:01:26.0451 6304 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/08 23:01:26.0576 6304 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/08 23:01:26.0685 6304 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/08 23:01:26.0732 6304 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/08 23:01:26.0779 6304 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/06/08 23:01:26.0810 6304 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/08 23:01:26.0872 6304 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/06/08 23:01:26.0935 6304 MBR (0x1B8) (033f8948d40d140a14c502a061765842) \Device\Harddisk0\DR0
2011/06/08 23:01:26.0935 6304 ================================================================================
2011/06/08 23:01:26.0935 6304 Scan finished
2011/06/08 23:01:26.0935 6304 ================================================================================
2011/06/08 23:01:26.0950 0372 Detected object count: 0
2011/06/08 23:01:26.0950 0372 Actual detected object count: 0
2011/06/08 23:01:59.0232 4040 Deinitialize success
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets do a further check... What are your current problems ?

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP