Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect and Windows 7 Repair & Hidden Files


  • Please log in to reply

#1
wadeRandel

wadeRandel

    New Member

  • Member
  • Pip
  • 1 posts
I have several problems and can't seem to fix...
1. Google redirects
2. Windows 7 Repair Malware
3. All files are now hidden

Here is my otl log

OTL logfile created on: 7/6/2011 7:03:00 PM - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\wade\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 60.35% Memory free
6.73 Gb Paging File | 5.27 Gb Available in Paging File | 78.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.90 Gb Total Space | 10.17 Gb Free Space | 18.20% Space Free | Partition Type: NTFS

Computer Name: WRANDELLT | User Name: wade | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 19:02:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\wade\Desktop\OTL.exe
PRC - [2011/07/06 18:38:43 | 002,424,192 | -H-- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/06/08 13:05:08 | 000,136,584 | -H-- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/06/08 13:04:54 | 000,374,152 | -H-- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | -H-- | M] (Dropbox, Inc.) -- C:\Users\wade\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/11 19:04:04 | 000,390,528 | -H-- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/01/11 19:04:04 | 000,063,048 | -H-- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/01/10 13:29:24 | 000,239,472 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
PRC - [2011/01/10 13:28:54 | 000,376,688 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSConnector.exe
PRC - [2011/01/10 13:28:52 | 000,097,136 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\esClient.exe
PRC - [2010/09/21 14:12:54 | 004,638,064 | -H-- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\ISD\ISD_Tablet.exe
PRC - [2010/09/21 14:12:54 | 001,086,320 | -H-- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
PRC - [2010/09/21 14:12:48 | 000,239,984 | -H-- | M] (Wacom Technology, Inc) -- C:\Program Files\Tablet\CalibrationAssistant.exe
PRC - [2010/02/05 16:05:32 | 000,435,584 | -H-- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
PRC - [2009/11/17 13:07:46 | 001,528,624 | -H-- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/09/25 13:16:06 | 000,093,960 | -H-- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/02 17:54:44 | 000,935,208 | -H-- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
PRC - [2009/05/22 18:14:52 | 001,325,128 | -H-- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2009/03/10 22:06:38 | 000,497,008 | -H-- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
PRC - [2008/10/15 17:13:58 | 000,439,632 | -H-- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2007/02/06 08:44:24 | 000,069,632 | -H-- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/06 19:02:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\wade\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/08 13:05:08 | 000,136,584 | -H-- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/06/08 13:04:54 | 000,374,152 | -H-- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/05/29 09:11:28 | 000,366,640 | -H-- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/01/11 19:04:04 | 000,390,528 | -H-- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/01/10 13:29:24 | 000,239,472 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
SRV - [2011/01/10 13:28:54 | 000,376,688 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV - [2011/01/10 13:28:52 | 000,097,136 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\esClient.exe -- (esClient)
SRV - [2010/10/08 01:18:42 | 000,726,288 | -H-- | M] () [On_Demand | Stopped] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV - [2010/10/08 01:18:42 | 000,541,968 | -H-- | M] () [On_Demand | Stopped] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV - [2010/10/08 01:18:42 | 000,054,544 | -H-- | M] () [On_Demand | Stopped] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV - [2010/09/21 14:12:54 | 004,638,064 | -H-- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\ISD\ISD_Tablet.exe -- (TabletServiceISD)
SRV - [2010/04/13 03:02:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/01/08 02:47:45 | 000,654,848 | -H-- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/17 13:07:46 | 001,528,624 | -H-- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/10/20 14:19:48 | 000,117,264 | -H-- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/10/02 18:48:26 | 000,595,232 | -H-- | M] (Broadcom Corporation.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/09/25 13:16:06 | 000,093,960 | -H-- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/21 03:35:00 | 000,341,256 | -H-- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/05/22 18:14:52 | 001,325,128 | -H-- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2009/05/22 18:12:44 | 001,262,888 | -H-- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2009/03/10 22:06:38 | 000,497,008 | -H-- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)
SRV - [2009/03/10 22:05:06 | 000,685,320 | -H-- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2008/10/15 17:13:58 | 000,439,632 | -H-- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2008/03/24 12:02:48 | 000,230,672 | -H-- | M] (SonicWALL, Inc.) [On_Demand | Stopped] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -- (RampartSvc)
SRV - [2007/02/06 08:44:24 | 000,069,632 | -H-- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/06/08 13:05:52 | 000,083,360 | -H-- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/05/29 09:11:30 | 000,039,984 | -H-- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/01/11 19:04:04 | 000,047,640 | -H-- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/01/11 19:04:04 | 000,012,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/12/15 11:19:50 | 000,039,936 | -H-- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Amtransv.sys -- (Amtrans)
DRV - [2010/09/02 17:49:06 | 000,013,312 | -H-- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pneteth.sys -- (pneteth)
DRV - [2010/09/02 03:18:48 | 000,017,920 | -H-- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)
DRV - [2010/09/02 03:18:48 | 000,013,824 | -H-- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)
DRV - [2010/06/14 13:08:56 | 000,035,696 | -H-- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wisdpen.sys -- (wisdpen)
DRV - [2010/05/10 14:41:30 | 000,067,656 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/30 18:09:44 | 000,020,096 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 18:09:22 | 000,021,248 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/04/21 09:27:02 | 000,131,000 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/04/03 11:02:54 | 000,240,608 | -H-- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2010/04/01 07:53:58 | 000,081,408 | -H-- | M] (Gigaware) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Svk2pl.sys -- (Svk2pl)
DRV - [2010/02/26 21:34:18 | 000,025,656 | -H-- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/02/26 21:33:56 | 000,033,848 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/02/17 14:25:48 | 000,012,872 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/04 16:39:06 | 000,230,928 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2009/12/04 16:38:18 | 000,036,368 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2009/12/04 16:05:06 | 001,322,680 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
DRV - [2009/11/17 13:07:06 | 000,308,859 | -H-- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/11/16 15:46:12 | 000,037,920 | -H-- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009/11/16 15:45:50 | 000,027,168 | -H-- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2009/11/16 15:45:50 | 000,027,168 | -H-- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2009/10/26 08:54:24 | 000,025,088 | -H-- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/10/20 14:19:44 | 000,050,704 | -H-- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/09/21 17:29:22 | 000,014,120 | -H-- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/07/13 21:19:10 | 000,175,824 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:18:07 | 000,017,920 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:12:52 | 000,030,720 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 18:13:48 | 001,035,776 | -H-- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 18:02:51 | 004,231,168 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/05/07 16:04:54 | 000,052,752 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/05/07 16:04:52 | 000,050,192 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/05/07 16:04:50 | 000,157,712 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/03/10 22:06:04 | 000,256,528 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2009/03/10 22:05:50 | 000,145,936 | -H-- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/03/10 22:05:20 | 000,083,728 | -H-- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2008/11/16 19:39:44 | 000,131,984 | -H-- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/10/31 11:32:42 | 000,008,192 | -H-- | M] (AirMagnet, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\AmDriver.sys -- (AmDriverAux)
DRV - [2008/10/31 11:32:42 | 000,008,192 | -H-- | M] (AirMagnet, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\AmDriver.sys -- (AmDriver)
DRV - [2008/03/19 11:12:42 | 000,086,552 | -H-- | M] (SonicWALL, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\RCFOX.SYS -- (RCFOX)
DRV - [2007/12/14 10:21:56 | 000,290,816 | -H-- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/08/28 16:47:36 | 000,146,560 | -H-- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/06/18 17:12:04 | 000,016,768 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/09 14:27:00 | 000,097,280 | -H-- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2007/04/25 14:32:42 | 000,031,232 | -H-- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2007/02/16 12:12:36 | 000,011,312 | -H-- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/01/18 21:28:02 | 000,005,275 | -H-- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/09/28 15:32:14 | 000,009,472 | -H-- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2005/11/08 10:58:20 | 000,024,876 | -H-- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rcvpn.sys -- (rcvpn)
DRV - [2005/09/19 14:24:10 | 000,009,344 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.608
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/01/25 12:51:43 | 000,000,000 | -H-D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/12 13:58:40 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/12 13:58:40 | 000,000,000 | -H-D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/12 13:58:40 | 000,000,000 | -H-D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/12 13:58:40 | 000,000,000 | -H-D | M]

[2010/09/21 08:34:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\wade\AppData\Roaming\Mozilla\Extensions
[2010/02/05 12:12:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\wade\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/09/22 17:09:27 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\wade\AppData\Roaming\Mozilla\Firefox\Profiles\7pop6iiq.default\extensions
[2010/09/21 08:36:46 | 000,000,000 | -H-D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\wade\AppData\Roaming\Mozilla\Firefox\Profiles\7pop6iiq.default\extensions\[email protected]
[2010/09/21 08:33:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/27 18:51:22 | 000,466,944 | -H-- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/05/27 18:51:22 | 000,466,944 | -H-- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2011/03/18 14:32:12 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2011/07/06 17:47:30 | 000,000,098 | -H-- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\12.0.742.112\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [dxYoRnHAtJN] File not found
O4 - HKCU..\Run: [Skype] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\wade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\wade\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: galotteryretailer.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: securespsites.com ([pfm] https in Trusted sites)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://corpserver01...ll/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://corpserver01...stall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingb...SlingPlayer.cab (WebSlingPlayer)
O16 - DPF: {C2CE96C6-0732-4A48-BA35-6060526BA7A2} http://192.168.1.123...eFileUpload.cab (HP Multiple File Upload Control)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.intel...c/scan/FMSI.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.m...etInstaller.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...ivex/RACtrl.cab (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\12.0.742.112\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\HPPUDCS {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppufile {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppusam {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppuzip {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll (Intuit Inc.)
O18 - Protocol\Handler\x-owacid {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files\Microsoft\Outlook Web Access SMIME Client\mimectl.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6ae010d4-0dd0-11e0-9d04-9aa5ba63a580}\Shell - "" = AutoRun
O33 - MountPoints2\{6ae010d4-0dd0-11e0-9d04-9aa5ba63a580}\Shell\AutoRun\command - "" = D:\Setup.exe
O33 - MountPoints2\{de6ea321-fccf-11de-9d71-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{de6ea321-fccf-11de-9d71-806e6f6e6963}\Shell\AutoRun\command - "" = D:\sources\sperr32.exe x64
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AtBrnmgr - (C:\Windows\system32\Optifmon.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/06 18:24:06 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\wade\Desktop\OTL.exe
[2011/07/06 17:47:28 | 000,000,000 | -H-D | C] -- C:\_OTM
[2011/07/06 17:32:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
[2011/07/06 17:32:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Emsisoft HiJackFree
[2011/07/06 15:40:06 | 000,000,000 | -H-D | C] -- C:\Windows\System32\%LocalAppData%
[2011/07/06 15:38:00 | 000,000,000 | -H-D | C] -- C:\Windows\System32\%APPDATA%
[2011/07/06 15:12:37 | 000,000,000 | -H-D | C] -- C:\Users\wade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair
[2011/07/06 11:52:44 | 000,089,952 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\SQSRVRES.DLL
[2011/07/06 11:07:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Atheros
[2011/07/06 10:59:11 | 000,000,000 | -H-D | C] -- C:\Users\wade\Documents\AirMagnet
[2011/07/06 10:36:08 | 000,039,936 | -H-- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\Amtransv.sys
[2011/07/06 10:34:31 | 000,032,768 | -H-- | C] (AirMagnet, Inc) -- C:\Windows\System32\AmDriver.dll
[2011/07/06 10:34:31 | 000,025,152 | -H-- | C] (AirMagnet) -- C:\Windows\System32\AmDriver_X64.sys
[2011/07/06 10:34:31 | 000,008,192 | -H-- | C] (AirMagnet, Inc) -- C:\Windows\System32\AmDriver.sys
[2011/07/06 10:34:30 | 000,000,000 | -H-D | C] -- C:\Program Files\AirMagnet Inc
[2011/07/06 10:34:28 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Crystal Decisions
[2011/07/06 10:32:24 | 000,000,000 | -H-D | C] -- C:\Users\wade\AppData\Roaming\Skype
[2011/07/06 10:25:17 | 000,000,000 | -H-D | C] -- C:\Users\wade\FrostWire
[2011/07/06 10:25:11 | 000,000,000 | -H-D | C] -- C:\Users\wade\AppData\Roaming\FrostWire
[2011/07/06 10:25:02 | 000,000,000 | -H-D | C] -- C:\Users\wade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
[2011/07/06 10:24:38 | 000,000,000 | -H-D | C] -- C:\Program Files\FrostWire
[2011/07/05 15:15:20 | 000,000,000 | -H-D | C] -- C:\Users\wade\Documents\Visual Studio 2005
[2011/07/05 15:14:36 | 000,000,000 | -H-D | C] -- C:\Users\wade\AppData\Local\Microsoft_Corporation
[2011/07/05 15:11:45 | 000,047,456 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
[2011/07/05 15:11:16 | 000,073,568 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll
[2011/07/05 15:10:22 | 000,000,000 | -H-D | C] -- C:\Users\wade\Documents\Integration Services Script Component
[2011/07/05 15:09:33 | 000,000,000 | -H-D | C] -- C:\Users\wade\Documents\Integration Services Script Task
[2011/07/05 15:08:52 | 000,000,000 | -H-D | C] -- C:\Users\wade\Documents\SQL Server Management Studio
[2011/07/05 15:07:42 | 000,000,000 | -H-D | C] -- C:\Windows\System32\RsFx
[2011/07/05 15:01:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2011/07/05 14:59:41 | 000,000,000 | -H-D | C] -- C:\Users\wade\Documents\Visual Studio 2008
[2011/07/05 14:56:10 | 000,000,000 | -H-D | C] -- C:\Program Files\Microsoft SDKs
[2011/07/05 14:56:06 | 000,000,000 | -H-D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2011/07/05 14:54:30 | 000,000,000 | -H-D | C] -- C:\Windows\System32\1033
[2011/07/05 14:49:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2
[2011/07/05 14:47:17 | 000,000,000 | -H-D | C] -- C:\Program Files\Microsoft SQL Server
[2011/07/05 14:36:18 | 000,000,000 | -H-D | C] -- C:\Users\wade\AppData\Roaming\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2011/07/05 14:36:05 | 000,000,000 | -H-D | C] -- C:\Program Files\FOX News Live
[2011/07/01 09:29:12 | 000,000,000 | -H-D | C] -- C:\Users\wade\Documents\Paint.NET User Files
[2011/07/01 00:18:32 | 000,000,000 | -H-D | C] -- C:\Users\wade\Documents\Outlook Files
[2011/06/28 15:58:18 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/06/28 15:58:18 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/06/28 15:58:18 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/06/28 15:58:18 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/06/28 15:58:18 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/06/28 15:58:18 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/06/27 09:31:20 | 000,000,000 | -H-D | C] -- C:\Program Files\Paint.NET
[2011/06/27 09:30:56 | 000,000,000 | -H-D | C] -- C:\Users\wade\AppData\Local\Paint.NET
[2011/06/26 00:57:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/06/23 23:00:46 | 000,000,000 | -H-D | C] -- C:\Users\wade\Desktop\tdsskiller
[2011/06/23 23:00:14 | 000,000,000 | -H-D | C] -- C:\Users\wade\Desktop\GooredFix Backups
[2011/06/23 22:59:57 | 000,071,398 | -H-- | C] (jpshortstuff) -- C:\Users\wade\Desktop\GooredFix.exe
[2011/06/22 15:29:17 | 000,000,000 | -H-D | C] -- C:\2600949
[2011/06/22 15:25:07 | 000,454,656 | -H-- | C] (Simon Tatham) -- C:\Users\wade\Desktop\putty.exe
[2011/06/22 15:22:32 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011/06/22 15:22:32 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/06/22 15:22:03 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011/06/22 15:22:03 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011/06/22 15:21:16 | 000,000,000 | -H-D | C] -- C:\0554a702684c780ecc54ce36b183
[2011/06/18 20:29:29 | 000,404,640 | -H-- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/18 18:59:56 | 000,000,000 | -H-D | C] -- C:\Users\wade\AppData\Roaming\SUPERAntiSpyware.com
[2011/06/18 18:59:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/06/18 18:59:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/18 18:59:48 | 000,000,000 | -H-D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/18 18:59:30 | 011,439,520 | -H-- | C] (SUPERAntiSpyware.com) -- C:\Users\wade\Desktop\SUPERAntiSpyware.exe
[2011/06/16 23:55:15 | 000,000,000 | -H-D | C] -- C:\Users\wade\Desktop\Splash97
[2011/06/15 22:07:41 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/06/15 22:07:41 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/15 22:07:41 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/15 22:07:41 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/15 22:07:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/15 22:07:41 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/15 22:07:41 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/15 22:07:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/06/15 22:07:40 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/15 22:07:40 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/15 22:07:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/06/15 22:07:30 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/06/15 22:07:30 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/06/15 19:02:17 | 000,000,000 | -H-D | C] -- C:\HomestoreHelpData
[5 C:\Users\wade\Documents\*.tmp files -> C:\Users\wade\Documents\*.tmp -> ]
[1 C:\Users\wade\AppData\Local\*.tmp files -> C:\Users\wade\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/06 19:02:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\wade\Desktop\OTL.exe
[2011/07/06 18:50:24 | 001,327,397 | ---- | M] () -- C:\Users\wade\Desktop\tdsskiller.zip
[2011/07/06 18:43:05 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/06 18:43:05 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/06 18:39:19 | 000,828,090 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/06 18:39:19 | 000,178,408 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/06 18:32:51 | 000,000,031 | -H-- | M] () -- C:\tmuninst.ini
[2011/07/06 18:31:49 | 000,000,882 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/06 18:31:30 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2011/07/06 18:31:25 | 2711,166,976 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/06 18:12:34 | 000,000,886 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/06 17:47:30 | 000,000,098 | -H-- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/07/06 15:12:37 | 000,000,641 | -H-- | M] () -- C:\Users\wade\Desktop\Windows 7 Repair.lnk
[2011/07/06 13:32:02 | 001,310,720 | -H-- | M] () -- C:\Users\wade\Documents\SplashScreen.accdb
[2011/07/06 11:01:27 | 000,000,049 | -H-- | M] () -- C:\Windows\SiteViewer.ini
[2011/07/06 11:01:27 | 000,000,020 | -H-- | M] () -- C:\SurveyInfo.arc
[2011/07/06 11:00:38 | 000,000,687 | -H-- | M] () -- C:\Windows\ODBC.INI
[2011/07/06 10:25:02 | 000,001,205 | -H-- | M] () -- C:\Users\wade\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/07/06 10:25:02 | 000,001,181 | -H-- | M] () -- C:\Users\wade\Desktop\FrostWire 4.21.8.lnk
[2011/07/05 11:28:23 | 000,002,046 | -H-- | M] () -- C:\Users\wade\Documents\Default.rdp
[2011/07/05 10:57:33 | 000,003,029 | -H-- | M] () -- C:\Users\wade\Desktop\Microsoft Outlook 2010.lnk
[2011/07/01 00:40:19 | 000,703,170 | -H-- | M] () -- C:\Users\wade\Documents\SalesReport.pdf
[2011/06/29 15:02:11 | 000,621,446 | -H-- | M] () -- C:\Users\wade\Documents\12 Month Sales History with Totals.pdf
[2011/06/29 03:18:34 | 002,421,480 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/29 02:22:35 | 000,589,211 | -H-- | M] () -- C:\Users\wade\Documents\12 Month Sales History.pdf
[2011/06/28 22:55:41 | 000,455,759 | -H-- | M] () -- C:\Users\wade\Documents\CommRecord_Crosstab1.pdf
[2011/06/23 23:00:09 | 000,071,398 | -H-- | M] (jpshortstuff) -- C:\Users\wade\Desktop\GooredFix.exe
[2011/06/22 15:25:13 | 000,454,656 | -H-- | M] (Simon Tatham) -- C:\Users\wade\Desktop\putty.exe
[2011/06/22 00:31:14 | 000,000,000 | -H-- | M] () -- C:\Users\wade\AppData\Local\{3FE34FEB-7BDD-4330-B8B8-11E8600D3572}
[2011/06/20 15:35:53 | 001,154,127 | -H-- | M] () -- C:\Users\wade\Desktop\2408218_6513_ENG_A_W.PDF
[2011/06/19 21:52:43 | 000,164,881 | -H-- | M] () -- C:\Users\wade\Documents\Totals Report.pdf
[2011/06/19 21:48:43 | 000,092,644 | -H-- | M] () -- C:\Users\wade\Documents\TotalsReport.pdf
[2011/06/19 21:02:08 | 000,136,996 | -H-- | M] () -- C:\Users\wade\Documents\Sales Report.pdf
[2011/06/18 20:29:29 | 000,404,640 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/18 18:59:36 | 011,439,520 | -H-- | M] (SUPERAntiSpyware.com) -- C:\Users\wade\Desktop\SUPERAntiSpyware.exe
[2011/06/18 00:11:24 | 000,001,101 | -H-- | M] () -- C:\Users\wade\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/16 23:54:06 | 000,300,473 | -H-- | M] () -- C:\Users\wade\Desktop\Splash97.zip
[2011/06/15 22:38:45 | 000,001,111 | -H-- | M] () -- C:\Users\wade\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/06/14 00:42:00 | 065,404,928 | -H-- | M] () -- C:\Users\wade\Documents\New Jersey.accdb
[2011/06/13 18:40:47 | 004,108,288 | -H-- | M] () -- C:\Users\wade\Documents\Database5_Backup.accdb
[2011/06/08 13:05:52 | 000,083,360 | -H-- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2011/06/08 13:05:18 | 000,029,568 | -H-- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2011/06/08 13:05:16 | 000,087,424 | -H-- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2011/06/07 08:41:06 | 000,125,158 | -H-- | M] () -- C:\Users\wade\Documents\Visio-Drawing1.pdf
[5 C:\Users\wade\Documents\*.tmp files -> C:\Users\wade\Documents\*.tmp -> ]
[1 C:\Users\wade\AppData\Local\*.tmp files -> C:\Users\wade\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/06 18:50:18 | 001,327,397 | ---- | C] () -- C:\Users\wade\Desktop\tdsskiller.zip
[2011/07/06 15:12:37 | 000,000,641 | -H-- | C] () -- C:\Users\wade\Desktop\Windows 7 Repair.lnk
[2011/07/06 11:01:27 | 000,000,020 | -H-- | C] () -- C:\SurveyInfo.arc
[2011/07/06 10:59:02 | 000,000,049 | -H-- | C] () -- C:\Windows\SiteViewer.ini
[2011/07/06 10:25:02 | 000,001,205 | -H-- | C] () -- C:\Users\wade\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/07/06 10:25:02 | 000,001,181 | -H-- | C] () -- C:\Users\wade\Desktop\FrostWire 4.21.8.lnk
[2011/07/05 10:57:33 | 000,003,029 | -H-- | C] () -- C:\Users\wade\Desktop\Microsoft Outlook 2010.lnk
[2011/07/01 00:40:19 | 000,703,170 | -H-- | C] () -- C:\Users\wade\Documents\SalesReport.pdf
[2011/06/29 15:02:11 | 000,621,446 | -H-- | C] () -- C:\Users\wade\Documents\12 Month Sales History with Totals.pdf
[2011/06/29 02:22:35 | 000,589,211 | -H-- | C] () -- C:\Users\wade\Documents\12 Month Sales History.pdf
[2011/06/28 22:55:38 | 000,455,759 | -H-- | C] () -- C:\Users\wade\Documents\CommRecord_Crosstab1.pdf
[2011/06/22 00:31:14 | 000,000,000 | -H-- | C] () -- C:\Users\wade\AppData\Local\{3FE34FEB-7BDD-4330-B8B8-11E8600D3572}
[2011/06/20 15:35:36 | 001,154,127 | -H-- | C] () -- C:\Users\wade\Desktop\2408218_6513_ENG_A_W.PDF
[2011/06/19 21:51:38 | 000,164,881 | -H-- | C] () -- C:\Users\wade\Documents\Totals Report.pdf
[2011/06/19 21:48:43 | 000,092,644 | -H-- | C] () -- C:\Users\wade\Documents\TotalsReport.pdf
[2011/06/19 21:02:08 | 000,136,996 | -H-- | C] () -- C:\Users\wade\Documents\Sales Report.pdf
[2011/06/16 23:54:27 | 001,310,720 | -H-- | C] () -- C:\Users\wade\Documents\SplashScreen.accdb
[2011/06/16 23:54:05 | 000,300,473 | -H-- | C] () -- C:\Users\wade\Desktop\Splash97.zip
[2011/06/15 22:38:45 | 000,001,111 | -H-- | C] () -- C:\Users\wade\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/06/13 20:49:34 | 000,000,913 | -H-- | C] () -- C:\Users\wade\Desktop\NJ_Postdel.sql
[2011/06/13 20:49:27 | 000,000,577 | -H-- | C] () -- C:\Users\wade\Desktop\NJ_PreDel.sql
[2011/06/13 18:41:41 | 004,108,288 | -H-- | C] () -- C:\Users\wade\Documents\Database5_Backup.accdb
[2011/06/07 08:41:06 | 000,125,158 | -H-- | C] () -- C:\Users\wade\Documents\Visio-Drawing1.pdf
[2011/05/20 23:08:59 | 000,000,000 | -H-- | C] () -- C:\ProgramData\Pop Kit
[2011/05/20 23:08:59 | 000,000,000 | -H-- | C] () -- C:\ProgramData\Piano
[2011/05/10 22:35:17 | 000,000,193 | -H-- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/10 22:34:37 | 000,000,184 | -H-- | C] () -- C:\Windows\BTI.INI
[2011/03/16 02:05:23 | 000,000,691 | -H-- | C] () -- C:\Users\wade\AppData\Roaming\GetValue.vbs
[2011/03/16 02:05:23 | 000,000,035 | -H-- | C] () -- C:\Users\wade\AppData\Roaming\SetValue.bat
[2011/03/16 02:04:56 | 000,075,776 | -H-- | C] () -- C:\Windows\System32\WS2Fix.exe
[2011/03/16 02:04:56 | 000,051,200 | -H-- | C] () -- C:\Windows\System32\dumphive.exe
[2011/03/16 02:04:56 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\swsc.exe
[2010/12/22 10:40:56 | 000,000,000 | -H-- | C] () -- C:\Windows\ViewNX2.INI
[2010/12/22 10:33:27 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2010/12/22 10:33:26 | 000,000,000 | -H-- | C] () -- C:\Users\wade\AppData\Roaming\PreferencePane
[2010/12/22 10:33:26 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2010/12/22 10:33:26 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010/12/22 09:56:33 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Vocal Transformer
[2010/12/22 09:56:33 | 000,000,268 | RH-- | C] () -- C:\Users\wade\AppData\Roaming\URLs
[2010/12/22 09:56:33 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010/12/22 09:56:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Vocals
[2010/12/22 09:56:32 | 000,000,268 | RH-- | C] () -- C:\Users\wade\AppData\Roaming\User Loops
[2010/12/22 09:52:55 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010/12/22 09:43:48 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Printer Icons
[2010/12/22 09:43:48 | 000,000,268 | RH-- | C] () -- C:\Users\wade\AppData\Roaming\Podcasting
[2010/12/22 09:43:48 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Resources
[2010/12/22 00:47:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2010/09/29 14:18:51 | 000,007,609 | -H-- | C] () -- C:\Users\wade\AppData\Local\Resmon.ResmonCfg
[2010/09/21 08:33:59 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2010/03/03 10:28:47 | 000,005,961 | -H-- | C] () -- C:\Windows\cfgspyps.ini
[2010/03/03 10:28:46 | 000,006,807 | -H-- | C] () -- C:\Windows\cfgps.ini
[2010/02/10 01:59:31 | 000,000,662 | -H-- | C] () -- C:\Windows\System32\sys32dlkb.dll
[2010/02/05 17:14:06 | 000,017,986 | -H-- | C] () -- C:\Windows\cfgall.ini
[2010/01/28 10:39:59 | 000,000,687 | -H-- | C] () -- C:\Windows\ODBC.INI
[2010/01/26 16:49:26 | 000,004,096 | -H-- | C] () -- C:\Users\wade\AppData\Local\keyfile3.drm
[2010/01/25 16:14:52 | 000,220,314 | -H-- | C] () -- C:\Windows\hpwins05.dat.temp
[2010/01/25 16:14:52 | 000,002,751 | -H-- | C] () -- C:\Windows\hpwmdl05.dat.temp
[2010/01/25 16:13:34 | 000,081,737 | -H-- | C] () -- C:\Windows\hpqins13.dat
[2010/01/25 16:02:20 | 000,219,318 | -H-- | C] () -- C:\Windows\hpwins05.dat
[2010/01/25 16:02:20 | 000,002,751 | -H-- | C] () -- C:\Windows\hpwmdl05.dat
[2010/01/25 12:58:06 | 000,462,848 | -H-- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2010/01/08 02:14:45 | 000,003,584 | -H-- | C] () -- C:\Users\wade\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/17 13:08:34 | 000,197,424 | -H-- | C] () -- C:\Windows\System32\vpnapi.dll
[2009/10/20 14:19:30 | 000,053,299 | -H-- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/07/14 00:57:37 | 000,067,584 | -H-- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 002,421,480 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,828,090 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,178,408 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/03/02 12:33:32 | 000,067,584 | -H-- | C] () -- C:\Windows\System32\ff_vfw.dll
[2006/03/09 10:58:00 | 001,060,424 | -H-- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\wade\Downloads:Shareaza.GUID

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,786 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************
:processes
killallprocesses

:OTL
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 1
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKCU..\Run: [dxYoRnHAtJN] File not found
O4 - HKCU..\Run: [Skype] File not found
O15 - HKCU\..Trusted Domains: galotteryretailer.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: securespsites.com ([pfm] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.intel...c/scan/FMSI.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{6ae010d4-0dd0-11e0-9d04-9aa5ba63a580}\Shell - "" = AutoRun
O33 - MountPoints2\{6ae010d4-0dd0-11e0-9d04-9aa5ba63a580}\Shell\AutoRun\command - "" = D:\Setup.exe
O33 - MountPoints2\{de6ea321-fccf-11de-9d71-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{de6ea321-fccf-11de-9d71-806e6f6e6963}\Shell\AutoRun\command - "" = D:\sources\sperr32.exe x64
O36 - AppCertDlls: AtBrnmgr - (C:\Windows\system32\Optifmon.dll) - File not found
[2011/07/06 15:40:06 | 000,000,000 | -H-D | C] -- C:\Windows\System32\%LocalAppData%
[2011/07/06 15:38:00 | 000,000,000 | -H-D | C] -- C:\Windows\System32\%APPDATA%
[2011/07/06 15:12:37 | 000,000,000 | -H-D | C] -- C:\Users\wade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair
[2011/07/06 15:12:37 | 000,000,641 | -H-- | C] () -- C:\Users\wade\Desktop\Windows 7 Repair.lnk


:files
xcopy %Temp%\smtmp C:\Users\wade\Desktop\MissingFiles /H /I /S /Y /C
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Commands
[purity]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Download, Save and Right click on unhide.exe and Run As Administrator from

http://download.blee...nler/unhide.exe


Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix


:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Right click and Run As Administrator the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image




Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it by right clicking and Run As Administrator. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Install the free Avast. Download and Save the install file to your desktop:

http://www.avast.com...ivirus-download

Right click and Run As Administrator

Once you have it installed and it has updated:
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

Are you still getting redirected? Did your Startup entries come back?

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP