Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Reroute Virus Help


  • This topic is locked This topic is locked

#1
melissaand

melissaand

    Member

  • Member
  • PipPip
  • 10 posts
I have been dealing with some major issues with my computer for 2 months now. I had the Windows Vista Recovery Virus, which I have been able to get rid of. However, I have many issues wrong with my system still. Most annoying is the reroute virus that I have on my system. I have downloaded and ran multiple scans as suggested to me by other websites, but none of them have been able to get it. I have Spybot S&D, Avast, My Faster PC (which helped my husband's computer a year ago with a similar issue), and MalwareBytes. Spybot does find some problems, but it cannot fix all the issues. I often get kicked off the internet with several warning pop-ups. I really cannot seem to figure it out. I am not a huge techie and actually end up doing more damage than good because I am nervous about some of the places that fix these types of problems.

If anyone can help me, please tell me what to do. I would be very appreciative. Thanks!
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello melissaand and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please un-install SpyBot Search & Destroy from your system before we start fixing your PC. Some of it components interfere with tools we use here.

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 4

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 5

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#3
melissaand

melissaand

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OTL logfile created on: 8/5/2011 10:07:49 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Melissa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 58.39% Memory free
6.73 Gb Paging File | 5.44 Gb Available in Paging File | 80.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.72 Gb Total Space | 373.27 Gb Free Space | 81.91% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.56 Gb Free Space | 55.55% Space Free | Partition Type: NTFS

Computer Name: MELISSA-PC | User Name: Melissa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/05 22:06:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.scr
PRC - [2011/03/14 08:31:03 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/04/10 23:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/04 17:16:46 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/07/15 12:20:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/05/02 03:42:18 | 000,059,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\LBTWiz.exe
PRC - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe


========== Modules (SafeList) ==========

MOD - [2011/08/05 22:06:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.scr
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (XAudioService)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/02/18 14:26:52 | 000,078,104 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2008/07/15 12:20:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/03 00:39:02 | 000,072,704 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2007/03/19 10:44:44 | 000,070,656 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 07:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/04 17:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/05/25 17:31:32 | 000,252,416 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2008/07/01 11:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/06/13 16:28:12 | 002,600,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/06/13 16:28:12 | 002,600,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/02/25 10:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/02 00:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?fr=fp-yie9"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/19 23:13:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/30 02:12:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/19 23:13:09 | 000,000,000 | ---D | M]

[2011/06/14 21:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Extensions
[2011/06/14 20:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/08/09 10:49:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/15 23:53:49 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [DefragReminder] C:\Program Files\ConsumerSoft\My Faster PC\My Defragmenter\DefragReminder.exe (ConsumerSoft)
O4 - HKCU..\Run: [My Faster PC] C:\Program Files\ConsumerSoft\My Faster PC\MFPCHelper.exe (ConsumerSoft)
O4 - Startup: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: coursecompass.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mathxl.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/05 22:07:14 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.scr
[2011/08/05 01:30:06 | 000,000,000 | ---D | C] -- C:\Users\Melissa\Documents\Add-in Express
[2011/08/04 22:13:09 | 000,000,000 | ---D | C] -- C:\Users\Melissa\Desktop\GooredFix Backups
[2011/08/04 22:13:00 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Melissa\Desktop\GooredFix.exe
[2011/08/04 22:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/04 22:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/08/04 22:11:51 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Melissa\Desktop\erunt-setup.exe
[2011/08/04 22:09:23 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTM.exe
[2011/08/04 22:07:44 | 000,000,000 | ---D | C] -- C:\Users\Melissa\Desktop\erunt
[2011/08/04 15:50:04 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/08/04 15:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/08/04 15:50:03 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/08/04 15:50:02 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/08/04 15:50:00 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/08/04 15:49:57 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/08/04 15:49:09 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/08/04 15:49:09 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/08/04 15:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/08/04 15:22:37 | 006,265,376 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2011/08/04 15:22:37 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2011/08/04 15:22:37 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2011/08/04 15:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/08/04 14:23:49 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\ConsumerSoft
[2011/08/04 14:23:47 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Faster PC
[2011/08/04 14:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\ConsumerSoft
[2011/07/29 22:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/29 15:16:05 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\PCToolsFirewallPlus
[2011/07/29 15:16:04 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Spam Monitor
[2011/07/29 15:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/07/21 00:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/07/20 17:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AT&T Games
[2011/07/20 17:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\att games
[2011/07/15 23:25:26 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/07/15 23:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/07/15 23:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/07/15 23:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2006/10/11 18:01:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcqpmui.dll
[2006/10/11 17:59:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcqserv.dll
[2006/10/11 17:54:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcqcomm.dll
[2006/10/11 17:48:58 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcqpplc.dll
[2006/10/11 17:48:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcqcomc.dll
[2006/10/11 17:47:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcqprox.dll
[2006/10/11 17:41:04 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcqusb1.dll
[2006/10/11 17:37:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcqhbn3.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/05 22:08:13 | 000,615,676 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/05 22:08:13 | 000,107,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/05 22:06:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.scr
[2011/08/05 22:02:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/05 22:02:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011/08/05 22:01:59 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/05 22:01:59 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/05 22:01:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/05 01:32:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/05 01:31:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/04 22:13:38 | 001,388,094 | ---- | M] () -- C:\Users\Melissa\Desktop\tdsskiller.zip
[2011/08/04 22:13:00 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Melissa\Desktop\GooredFix.exe
[2011/08/04 22:12:17 | 000,000,915 | ---- | M] () -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/04 22:12:09 | 000,000,735 | ---- | M] () -- C:\Users\Melissa\Desktop\NTREGOPT.lnk
[2011/08/04 22:12:09 | 000,000,716 | ---- | M] () -- C:\Users\Melissa\Desktop\ERUNT.lnk
[2011/08/04 22:11:55 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Melissa\Desktop\erunt-setup.exe
[2011/08/04 22:08:54 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTM.exe
[2011/08/04 22:07:06 | 000,513,320 | ---- | M] () -- C:\Users\Melissa\Desktop\erunt.zip
[2011/08/04 15:50:04 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/04 15:49:57 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/08/04 15:23:08 | 002,469,154 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/08/04 14:23:48 | 000,000,933 | ---- | M] () -- C:\Users\Melissa\Desktop\Get Tech Support.lnk
[2011/08/04 14:23:48 | 000,000,913 | ---- | M] () -- C:\Users\Melissa\Desktop\My Faster PC.lnk
[2011/08/04 10:53:55 | 000,021,064 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/07/29 15:27:43 | 000,000,876 | ---- | M] () -- C:\Users\Melissa\AppData\Roaming\SMRResults200.dat
[2011/07/21 22:26:44 | 000,000,990 | ---- | M] () -- C:\Users\Melissa\Desktop\DriverBoost.exe - Shortcut.lnk
[2011/07/21 13:24:09 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/07/21 00:17:08 | 000,001,957 | ---- | M] () -- C:\Users\Melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/20 23:08:55 | 000,000,932 | ---- | M] () -- C:\Users\Melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/19 15:23:37 | 000,429,974 | ---- | M] () -- C:\Users\Melissa\Desktop\dietary_guidelines_sleeve_gastrectomy[1].pdf
[2011/07/18 23:27:24 | 000,084,334 | ---- | M] () -- C:\Users\Melissa\Desktop\CountyEmploymentApp.pdf
[2011/07/18 22:36:51 | 000,320,404 | ---- | M] () -- C:\Users\Melissa\Desktop\Pre-Bankruptcy Report.pdf
[2011/07/15 23:53:49 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/07/15 23:30:51 | 000,004,800 | ---- | M] () -- C:\Users\Melissa\Documents\log.xml
[2011/07/15 23:25:26 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/07/14 21:54:24 | 000,000,396 | ---- | M] () -- C:\Users\Melissa\Desktop\Photos - Shortcut.lnk
[2011/07/13 23:09:45 | 000,540,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/05 01:21:05 | 000,513,016 | ---- | C] () -- C:\Users\Melissa\Desktop\issetup.exe
[2011/08/04 22:13:31 | 001,388,094 | ---- | C] () -- C:\Users\Melissa\Desktop\tdsskiller.zip
[2011/08/04 22:12:17 | 000,000,915 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/04 22:12:09 | 000,000,735 | ---- | C] () -- C:\Users\Melissa\Desktop\NTREGOPT.lnk
[2011/08/04 22:12:09 | 000,000,716 | ---- | C] () -- C:\Users\Melissa\Desktop\ERUNT.lnk
[2011/08/04 22:07:37 | 000,513,320 | ---- | C] () -- C:\Users\Melissa\Desktop\erunt.zip
[2011/08/04 15:50:04 | 000,001,842 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/04 14:23:48 | 000,000,933 | ---- | C] () -- C:\Users\Melissa\Desktop\Get Tech Support.lnk
[2011/08/04 14:23:48 | 000,000,913 | ---- | C] () -- C:\Users\Melissa\Desktop\My Faster PC.lnk
[2011/07/29 22:05:06 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/07/29 15:27:04 | 000,000,876 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\SMRResults200.dat
[2011/07/21 22:26:44 | 000,000,990 | ---- | C] () -- C:\Users\Melissa\Desktop\DriverBoost.exe - Shortcut.lnk
[2011/07/21 00:16:20 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/07/21 00:16:20 | 000,001,957 | ---- | C] () -- C:\Users\Melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/19 15:23:37 | 000,429,974 | ---- | C] () -- C:\Users\Melissa\Desktop\dietary_guidelines_sleeve_gastrectomy[1].pdf
[2011/07/18 23:27:24 | 000,084,334 | ---- | C] () -- C:\Users\Melissa\Desktop\CountyEmploymentApp.pdf
[2011/07/18 22:36:51 | 000,320,404 | ---- | C] () -- C:\Users\Melissa\Desktop\Pre-Bankruptcy Report.pdf
[2011/07/15 23:30:51 | 000,004,800 | ---- | C] () -- C:\Users\Melissa\Documents\log.xml
[2011/07/15 23:18:23 | 000,021,064 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/07/14 21:54:24 | 000,000,396 | ---- | C] () -- C:\Users\Melissa\Desktop\Photos - Shortcut.lnk
[2011/07/04 02:28:51 | 000,000,240 | ---- | C] () -- C:\ProgramData\~41474148
[2011/07/04 02:28:51 | 000,000,184 | ---- | C] () -- C:\ProgramData\~41474148r
[2011/07/04 02:18:46 | 000,000,336 | ---- | C] () -- C:\ProgramData\41474148
[2011/06/07 22:08:22 | 000,176,583 | ---- | C] () -- C:\Windows\hpwins19.dat
[2011/06/07 13:00:51 | 000,012,324 | -HS- | C] () -- C:\ProgramData\qf7j006i307x31d2eq0db61ygjdt21e46428472a
[2011/05/25 09:16:55 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/24 09:43:32 | 000,000,344 | ---- | C] () -- C:\ProgramData\41540268
[2011/04/24 21:37:56 | 000,145,512 | ---- | C] () -- C:\Windows\hpwins37.dat
[2011/04/24 21:37:56 | 000,000,376 | ---- | C] () -- C:\Windows\hpwmdl37.dat
[2011/03/21 17:20:19 | 000,276,132 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/01/13 15:00:09 | 000,001,536 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\Sketchpad 5 Preferences.dat
[2011/01/11 02:25:14 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011/01/11 01:30:42 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011/01/08 17:16:41 | 000,000,760 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\setup_ldm.iss
[2011/01/08 09:34:30 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/07/23 13:14:29 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2010/07/22 14:19:38 | 000,000,070 | ---- | C] () -- C:\Windows\sbwin.ini
[2010/04/27 22:38:15 | 000,026,340 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\UserTile.png
[2010/01/19 23:12:23 | 000,023,114 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/08 03:33:14 | 000,000,900 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/12/15 02:43:17 | 000,077,353 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/12/01 09:50:17 | 000,019,501 | ---- | C] () -- C:\Windows\hpqins13.dat
[2009/11/02 09:46:44 | 000,000,562 | ---- | C] () -- C:\Windows\eReg.dat
[2009/10/21 15:30:28 | 000,010,563 | R--- | C] () -- C:\Windows\hpwscr19.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/27 22:47:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/27 22:47:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/01/29 17:31:10 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/01/07 14:03:35 | 000,100,352 | ---- | C] () -- C:\Windows\System32\PG32CONV.DLL
[2009/01/07 14:03:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\IMPLODE.DLL
[2008/09/05 12:18:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/29 20:16:12 | 001,049,639 | ---- | C] () -- C:\Windows\Prison Tycoon 3 Uninstaller.exe
[2008/06/03 23:05:05 | 000,001,028 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\WavCodec.wff
[2008/02/24 13:07:34 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2008/02/24 13:07:34 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2008/02/24 13:07:02 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2008/01/07 07:08:10 | 000,000,997 | R--- | C] () -- C:\Windows\hpwmdl19.dat
[2008/01/03 17:39:42 | 000,000,164 | ---- | C] () -- \install.dat
[2007/12/11 23:16:05 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2007/09/28 13:55:58 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/09/28 13:55:55 | 000,001,737 | ---- | C] () -- C:\Windows\wininit.ini
[2007/08/25 10:38:16 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/08/03 08:18:55 | 000,005,229 | RH-- | C] () -- \dell.sdr
[2007/08/03 08:18:44 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/08/03 08:18:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/08/03 00:39:48 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2007/08/03 00:39:47 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2007/08/03 00:39:47 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2007/02/13 12:14:18 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/10 06:22:24 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2006/11/10 06:22:23 | 000,333,257 | RHS- | C] () -- \bootmgr
[2006/11/07 12:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,540,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,615,676 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,107,716 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/01 23:25:08 | 000,000,010 | ---- | C] () -- \config.sys
[2006/10/20 20:26:34 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcqinsr.dll
[2006/10/20 20:25:52 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcqcur.dll
[2006/10/20 20:22:56 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcqjswr.dll
[2006/10/20 20:17:44 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcqinsb.dll
[2006/10/20 20:17:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcqcub.dll
[2006/10/20 20:15:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcqcu.dll
[2006/10/20 20:14:54 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcqins.dll
[2006/10/20 20:09:16 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcqutil.dll
[2006/10/20 19:46:42 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcqgrd.dll
[2006/09/16 21:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 21:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/09/06 06:12:00 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dlcqcfg.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/01/16 22:39:30 | 000,000,000 | -HSD | M] -- C:\Users\Melissa\AppData\Roaming\.#
[2008/03/03 16:11:39 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Atari
[2011/06/22 16:43:45 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Avery
[2008/02/20 13:11:49 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Aveyond II
[2008/11/19 01:36:15 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\BeachPartyCraze
[2011/06/21 01:13:02 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\BLG
[2009/04/18 09:20:36 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Boolat Games
[2010/06/11 10:53:44 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/22 10:09:32 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\com.verizon.mediastore.vzwdownloadmanager.BEEF85639ECFAE88C004EA3A5F976EE5386C7526.1
[2011/08/04 14:23:49 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\ConsumerSoft
[2008/12/24 00:17:23 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\DataSafeOnline
[2009/01/16 17:39:44 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\eGames
[2008/11/06 20:11:52 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Eyeblaster
[2010/06/15 19:38:34 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Farm Mania 2
[2008/11/05 00:13:38 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Flood Light Games
[2011/07/29 23:08:42 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\FrostWire
[2009/10/30 19:14:27 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\GameInvest
[2009/05/25 14:07:01 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Gamelab
[2011/06/26 23:44:48 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\GetRightToGo
[2011/05/24 08:32:01 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\iolo
[2007/11/22 11:17:40 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Jane s Hotel
[2008/01/12 10:16:26 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Leadertech
[2010/07/25 02:00:01 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\LimeWire
[2009/05/28 21:55:38 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Masque
[2009/09/24 23:09:30 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Merscom
[2007/10/04 19:19:07 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\MusicNet
[2008/06/25 08:36:33 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\NCH Swift Sound
[2008/10/02 04:42:12 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Oberon Games
[2011/07/20 17:06:59 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Oberon Media
[2011/06/27 00:08:43 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\PCTools
[2011/07/29 15:16:06 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\PCToolsFirewallPlus
[2010/04/27 22:38:15 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\PeerNetworking
[2010/07/25 02:00:00 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Phex
[2011/07/20 17:07:31 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\PlayFirst
[2010/03/24 21:24:07 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Playrix Entertainment
[2010/06/21 09:04:49 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Registry Mechanic
[2011/07/29 15:16:04 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Spam Monitor
[2010/11/22 00:08:15 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\SulusGames
[2011/04/04 23:42:44 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Supermarket Mania 2
[2010/03/24 21:27:25 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Temp
[2011/06/27 01:35:38 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Uniblue
[2011/02/22 12:09:55 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\WebSentinel
[2011/08/05 22:02:01 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2011/08/05 01:32:55 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 20:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 15:12:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 15:12:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 19:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 02:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 00:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 02:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 00:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 00:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 00:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 00:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 02:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 02:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 00:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/27 21:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/27 21:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/27 21:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/27 23:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/27 23:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/27 21:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/27 21:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/27 21:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/27 23:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/27 23:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\SCC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\WGU Masters Program:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\Weed Elementary:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\TurboTax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\Slingo Mystery Documents:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\SimCity 4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\Quicken:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\Prison Tycoon 3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\New Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\My Scans:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\LimeWire:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\LDW:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\Kids Xmas 2009 002.AVI:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\Jojos Fashion Show:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\Jojos Fashion Show 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\JOB SEARCH:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\HOMESCHOOL:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\GIRL SCOUTS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\FrostWire:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\Bluetooth Exchange Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\BASEBALL:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\2010 MAnderson Recom 1t001.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\18 WoS American Long Haul:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Desktop\WGU folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Desktop\TODD FIRE PHOTOS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Desktop\Photos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Desktop\My MUSIC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Desktop\My GAMES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Desktop\MISC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Desktop\GIRL SCOUTS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Desktop\GAMES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Desktop\Anti-Virus:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Bluetooth Software:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\WebSentinel:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Temp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Supermarket Mania 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\SulusGames:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Registry Mechanic:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Playrix Entertainment:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Phex:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\PeerNetworking:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Oberon Media:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Oberon Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Mozilla:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prison Tycoon 3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Merscom:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Masque:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Malwarebytes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Logitech:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Leadertech:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Jane s Hotel:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\iolo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Intuit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\HpUpdate:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\HPAppData:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\HP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\GetRightToGo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Gamelab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\GameInvest:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\FrostWire:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Flood Light Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Eyeblaster:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\eGames:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\DataSafeOnline:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Creative:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Boolat Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\BLG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\BeachPartyCraze:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Aveyond II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Atari:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\.#:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\{d073fae9-adea-4545-86ac-4676e82b8ffe}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\.SunDownloadManager:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\.housecall6.6:Roxio EMC Stream
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:A53EDDED
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E8F2A400
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:DA5926CF
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:64A7B9DE
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:BB709C37
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:72598408
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:DE33A453
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:27219865
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9950163C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:62BF0372
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:4363DE71
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:F7E353AA
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EA701346
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:F9BCB534

< End of report >
  • 0

#4
melissaand

melissaand

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OTL logfile created on: 8/5/2011 10:07:49 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Melissa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 58.39% Memory free
6.73 Gb Paging File | 5.44 Gb Available in Paging File | 80.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.72 Gb Total Space | 373.27 Gb Free Space | 81.91% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.56 Gb Free Space | 55.55% Space Free | Partition Type: NTFS

Computer Name: MELISSA-PC | User Name: Melissa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/05 22:06:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.scr
PRC - [2011/03/14 08:31:03 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/04/10 23:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/04 17:16:46 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/07/15 12:20:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/05/02 03:42:18 | 000,059,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\LBTWiz.exe
PRC - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe


========== Modules (SafeList) ==========

MOD - [2011/08/05 22:06:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.scr
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (XAudioService)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/02/18 14:26:52 | 000,078,104 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2008/07/15 12:20:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/03 00:39:02 | 000,072,704 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2007/03/19 10:44:44 | 000,070,656 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 07:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/04 17:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/05/25 17:31:32 | 000,252,416 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2008/07/01 11:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/06/13 16:28:12 | 002,600,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/06/13 16:28:12 | 002,600,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/02/25 10:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/02 00:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?fr=fp-yie9"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/19 23:13:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/30 02:12:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/19 23:13:09 | 000,000,000 | ---D | M]

[2011/06/14 21:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Extensions
[2011/06/14 20:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/08/09 10:49:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/15 23:53:49 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [DefragReminder] C:\Program Files\ConsumerSoft\My Faster PC\My Defragmenter\DefragReminder.exe (ConsumerSoft)
O4 - HKCU..\Run: [My Faster PC] C:\Program Files\ConsumerSoft\My Faster PC\MFPCHelper.exe (ConsumerSoft)
O4 - Startup: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: coursecompass.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mathxl.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/05 22:07:14 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.scr
[2011/08/05 01:30:06 | 000,000,000 | ---D | C] -- C:\Users\Melissa\Documents\Add-in Express
[2011/08/04 22:13:09 | 000,000,000 | ---D | C] -- C:\Users\Melissa\Desktop\GooredFix Backups
[2011/08/04 22:13:00 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Melissa\Desktop\GooredFix.exe
[2011/08/04 22:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/04 22:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/08/04 22:11:51 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Melissa\Desktop\erunt-setup.exe
[2011/08/04 22:09:23 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTM.exe
[2011/08/04 22:07:44 | 000,000,000 | ---D | C] -- C:\Users\Melissa\Desktop\erunt
[2011/08/04 15:50:04 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/08/04 15:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/08/04 15:50:03 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/08/04 15:50:02 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/08/04 15:50:00 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/08/04 15:49:57 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/08/04 15:49:09 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/08/04 15:49:09 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/08/04 15:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/08/04 15:22:37 | 006,265,376 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2011/08/04 15:22:37 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2011/08/04 15:22:37 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2011/08/04 15:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/08/04 14:23:49 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\ConsumerSoft
[2011/08/04 14:23:47 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Faster PC
[2011/08/04 14:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\ConsumerSoft
[2011/07/29 22:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/29 15:16:05 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\PCToolsFirewallPlus
[2011/07/29 15:16:04 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Spam Monitor
[2011/07/29 15:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/07/21 00:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/07/20 17:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AT&T Games
[2011/07/20 17:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\att games
[2011/07/15 23:25:26 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/07/15 23:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/07/15 23:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/07/15 23:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2006/10/11 18:01:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcqpmui.dll
[2006/10/11 17:59:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcqserv.dll
[2006/10/11 17:54:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcqcomm.dll
[2006/10/11 17:48:58 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcqpplc.dll
[2006/10/11 17:48:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcqcomc.dll
[2006/10/11 17:47:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcqprox.dll
[2006/10/11 17:41:04 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcqusb1.dll
[2006/10/11 17:37:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcqhbn3.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/05 22:08:13 | 000,615,676 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/05 22:08:13 | 000,107,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/05 22:06:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.scr
[2011/08/05 22:02:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/05 22:02:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011/08/05 22:01:59 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/05 22:01:59 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/05 22:01:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/05 01:32:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/05 01:31:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/04 22:13:38 | 001,388,094 | ---- | M] () -- C:\Users\Melissa\Desktop\tdsskiller.zip
[2011/08/04 22:13:00 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Melissa\Desktop\GooredFix.exe
[2011/08/04 22:12:17 | 000,000,915 | ---- | M] () -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/04 22:12:09 | 000,000,735 | ---- | M] () -- C:\Users\Melissa\Desktop\NTREGOPT.lnk
[2011/08/04 22:12:09 | 000,000,716 | ---- | M] () -- C:\Users\Melissa\Desktop\ERUNT.lnk
[2011/08/04 22:11:55 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Melissa\Desktop\erunt-setup.exe
[2011/08/04 22:08:54 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTM.exe
[2011/08/04 22:07:06 | 000,513,320 | ---- | M] () -- C:\Users\Melissa\Desktop\erunt.zip
[2011/08/04 15:50:04 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/04 15:49:57 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/08/04 15:23:08 | 002,469,154 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/08/04 14:23:48 | 000,000,933 | ---- | M] () -- C:\Users\Melissa\Desktop\Get Tech Support.lnk
[2011/08/04 14:23:48 | 000,000,913 | ---- | M] () -- C:\Users\Melissa\Desktop\My Faster PC.lnk
[2011/08/04 10:53:55 | 000,021,064 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/07/29 15:27:43 | 000,000,876 | ---- | M] () -- C:\Users\Melissa\AppData\Roaming\SMRResults200.dat
[2011/07/21 22:26:44 | 000,000,990 | ---- | M] () -- C:\Users\Melissa\Desktop\DriverBoost.exe - Shortcut.lnk
[2011/07/21 13:24:09 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/07/21 00:17:08 | 000,001,957 | ---- | M] () -- C:\Users\Melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/20 23:08:55 | 000,000,932 | ---- | M] () -- C:\Users\Melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/19 15:23:37 | 000,429,974 | ---- | M] () -- C:\Users\Melissa\Desktop\dietary_guidelines_sleeve_gastrectomy[1].pdf
[2011/07/18 23:27:24 | 000,084,334 | ---- | M] () -- C:\Users\Melissa\Desktop\CountyEmploymentApp.pdf
[2011/07/18 22:36:51 | 000,320,404 | ---- | M] () -- C:\Users\Melissa\Desktop\Pre-Bankruptcy Report.pdf
[2011/07/15 23:53:49 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/07/15 23:30:51 | 000,004,800 | ---- | M] () -- C:\Users\Melissa\Documents\log.xml
[2011/07/15 23:25:26 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/07/14 21:54:24 | 000,000,396 | ---- | M] () -- C:\Users\Melissa\Desktop\Photos - Shortcut.lnk
[2011/07/13 23:09:45 | 000,540,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/05 01:21:05 | 000,513,016 | ---- | C] () -- C:\Users\Melissa\Desktop\issetup.exe
[2011/08/04 22:13:31 | 001,388,094 | ---- | C] () -- C:\Users\Melissa\Desktop\tdsskiller.zip
[2011/08/04 22:12:17 | 000,000,915 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/04 22:12:09 | 000,000,735 | ---- | C] () -- C:\Users\Melissa\Desktop\NTREGOPT.lnk
[2011/08/04 22:12:09 | 000,000,716 | ---- | C] () -- C:\Users\Melissa\Desktop\ERUNT.lnk
[2011/08/04 22:07:37 | 000,513,320 | ---- | C] () -- C:\Users\Melissa\Desktop\erunt.zip
[2011/08/04 15:50:04 | 000,001,842 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/04 14:23:48 | 000,000,933 | ---- | C] () -- C:\Users\Melissa\Desktop\Get Tech Support.lnk
[2011/08/04 14:23:48 | 000,000,913 | ---- | C] () -- C:\Users\Melissa\Desktop\My Faster PC.lnk
[2011/07/29 22:05:06 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/07/29 15:27:04 | 000,000,876 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\SMRResults200.dat
[2011/07/21 22:26:44 | 000,000,990 | ---- | C] () -- C:\Users\Melissa\Desktop\DriverBoost.exe - Shortcut.lnk
[2011/07/21 00:16:20 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/07/21 00:16:20 | 000,001,957 | ---- | C] () -- C:\Users\Melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/19 15:23:37 | 000,429,974 | ---- | C] () -- C:\Users\Melissa\Desktop\dietary_guidelines_sleeve_gastrectomy[1].pdf
[2011/07/18 23:27:24 | 000,084,334 | ---- | C] () -- C:\Users\Melissa\Desktop\CountyEmploymentApp.pdf
[2011/07/18 22:36:51 | 000,320,404 | ---- | C] () -- C:\Users\Melissa\Desktop\Pre-Bankruptcy Report.pdf
[2011/07/15 23:30:51 | 000,004,800 | ---- | C] () -- C:\Users\Melissa\Documents\log.xml
[2011/07/15 23:18:23 | 000,021,064 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/07/14 21:54:24 | 000,000,396 | ---- | C] () -- C:\Users\Melissa\Desktop\Photos - Shortcut.lnk
[2011/07/04 02:28:51 | 000,000,240 | ---- | C] () -- C:\ProgramData\~41474148
[2011/07/04 02:28:51 | 000,000,184 | ---- | C] () -- C:\ProgramData\~41474148r
[2011/07/04 02:18:46 | 000,000,336 | ---- | C] () -- C:\ProgramData\41474148
[2011/06/07 22:08:22 | 000,176,583 | ---- | C] () -- C:\Windows\hpwins19.dat
[2011/06/07 13:00:51 | 000,012,324 | -HS- | C] () -- C:\ProgramData\qf7j006i307x31d2eq0db61ygjdt21e46428472a
[2011/05/25 09:16:55 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/24 09:43:32 | 000,000,344 | ---- | C] () -- C:\ProgramData\41540268
[2011/04/24 21:37:56 | 000,145,512 | ---- | C] () -- C:\Windows\hpwins37.dat
[2011/04/24 21:37:56 | 000,000,376 | ---- | C] () -- C:\Windows\hpwmdl37.dat
[2011/03/21 17:20:19 | 000,276,132 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/01/13 15:00:09 | 000,001,536 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\Sketchpad 5 Preferences.dat
[2011/01/11 02:25:14 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011/01/11 01:30:42 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011/01/08 17:16:41 | 000,000,760 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\setup_ldm.iss
[2011/01/08 09:34:30 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/07/23 13:14:29 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2010/07/22 14:19:38 | 000,000,070 | ---- | C] () -- C:\Windows\sbwin.ini
[2010/04/27 22:38:15 | 000,026,340 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\UserTile.png
[2010/01/19 23:12:23 | 000,023,114 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/08 03:33:14 | 000,000,900 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/12/15 02:43:17 | 000,077,353 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/12/01 09:50:17 | 000,019,501 | ---- | C] () -- C:\Windows\hpqins13.dat
[2009/11/02 09:46:44 | 000,000,562 | ---- | C] () -- C:\Windows\eReg.dat
[2009/10/21 15:30:28 | 000,010,563 | R--- | C] () -- C:\Windows\hpwscr19.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/27 22:47:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/27 22:47:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/01/29 17:31:10 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/01/07 14:03:35 | 000,100,352 | ---- | C] () -- C:\Windows\System32\PG32CONV.DLL
[2009/01/07 14:03:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\IMPLODE.DLL
[2008/09/05 12:18:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/29 20:16:12 | 001,049,639 | ---- | C] () -- C:\Windows\Prison Tycoon 3 Uninstaller.exe
[2008/06/03 23:05:05 | 000,001,028 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\WavCodec.wff
[2008/02/24 13:07:34 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2008/02/24 13:07:34 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2008/02/24 13:07:02 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2008/01/07 07:08:10 | 000,000,997 | R--- | C] () -- C:\Windows\hpwmdl19.dat
[2008/01/03 17:39:42 | 000,000,164 | ---- | C] () -- \install.dat
[2007/12/11 23:16:05 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2007/09/28 13:55:58 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/09/28 13:55:55 | 000,001,737 | ---- | C] () -- C:\Windows\wininit.ini
[2007/08/25 10:38:16 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/08/03 08:18:55 | 000,005,229 | RH-- | C] () -- \dell.sdr
[2007/08/03 08:18:44 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/08/03 08:18:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/08/03 00:39:48 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2007/08/03 00:39:47 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2007/08/03 00:39:47 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2007/02/13 12:14:18 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/10 06:22:24 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2006/11/10 06:22:23 | 000,333,257 | RHS- | C] () -- \bootmgr
[2006/11/07 12:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,540,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,615,676 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,107,716 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/01 23:25:08 | 000,000,010 | ---- | C] () -- \config.sys
[2006/10/20 20:26:34 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcqinsr.dll
[2006/10/20 20:25:52 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcqcur.dll
[2006/10/20 20:22:56 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcqjswr.dll
[2006/10/20 20:17:44 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcqinsb.dll
[2006/10/20 20:17:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcqcub.dll
[2006/10/20 20:15:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcqcu.dll
[2006/10/20 20:14:54 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcqins.dll
[2006/10/20 20:09:16 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcqutil.dll
[2006/10/20 19:46:42 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcqgrd.dll
[2006/09/16 21:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 21:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/09/06 06:12:00 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dlcqcfg.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/01/16 22:39:30 | 000,000,000 | -HSD | M] -- C:\Users\Melissa\AppData\Roaming\.#
[2008/03/03 16:11:39 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Atari
[2011/06/22 16:43:45 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Avery
[2008/02/20 13:11:49 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Aveyond II
[2008/11/19 01:36:15 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\BeachPartyCraze
[2011/06/21 01:13:02 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\BLG
[2009/04/18 09:20:36 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Boolat Games
[2010/06/11 10:53:44 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/22 10:09:32 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\com.verizon.mediastore.vzwdownloadmanager.BEEF85639ECFAE88C004EA3A5F976EE5386C7526.1
[2011/08/04 14:23:49 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\ConsumerSoft
[2008/12/24 00:17:23 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\DataSafeOnline
[2009/01/16 17:39:44 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\eGames
[2008/11/06 20:11:52 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Eyeblaster
[2010/06/15 19:38:34 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Farm Mania 2
[2008/11/05 00:13:38 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Flood Light Games
[2011/07/29 23:08:42 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\FrostWire
[2009/10/30 19:14:27 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\GameInvest
[2009/05/25 14:07:01 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Gamelab
[2011/06/26 23:44:48 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\GetRightToGo
[2011/05/24 08:32:01 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\iolo
[2007/11/22 11:17:40 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Jane s Hotel
[2008/01/12 10:16:26 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Leadertech
[2010/07/25 02:00:01 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\LimeWire
[2009/05/28 21:55:38 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Masque
[2009/09/24 23:09:30 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Merscom
[2007/10/04 19:19:07 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\MusicNet
[2008/06/25 08:36:33 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\NCH Swift Sound
[2008/10/02 04:42:12 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Oberon Games
[2011/07/20 17:06:59 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Oberon Media
[2011/06/27 00:08:43 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\PCTools
[2011/07/29 15:16:06 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\PCToolsFirewallPlus
[2010/04/27 22:38:15 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\PeerNetworking
[2010/07/25 02:00:00 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Phex
[2011/07/20 17:07:31 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\PlayFirst
[2010/03/24 21:24:07 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Playrix Entertainment
[2010/06/21 09:04:49 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Registry Mechanic
[2011/07/29 15:16:04 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Spam Monitor
[2010/11/22 00:08:15 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\SulusGames
[2011/04/04 23:42:44 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Supermarket Mania 2
[2010/03/24 21:27:25 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Temp
[2011/06/27 01:35:38 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Uniblue
[2011/02/22 12:09:55 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\WebSentinel
[2011/08/05 22:02:01 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2011/08/05 01:32:55 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 20:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 15:12:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 15:12:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 19:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 02:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 00:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 02:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 00:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 00:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 00:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 00:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 02:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 02:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 00:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/27 21:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/27 21:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/27 21:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/27 23:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/27 23:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/27 21:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/27 21:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/27 21:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/27 23:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/27 23:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\SCC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\WGU Masters Program:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\Weed Elementary:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\TurboTax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\Slingo Mystery Documents:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\SimCity 4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\Quicken:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\Prison Tycoon 3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\New Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\My Scans:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\LimeWire:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\LDW:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\Kids Xmas 2009 002.AVI:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\Jojos Fashion Show:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\Jojos Fashion Show 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\JOB SEARCH:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\HOMESCHOOL:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\GIRL SCOUTS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\FrostWire:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\Bluetooth Exchange Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\BASEBALL:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\2010 MAnderson Recom 1t001.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Documents\18 WoS American Long Haul:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Desktop\WGU folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Desktop\TODD FIRE PHOTOS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Desktop\Photos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Desktop\My MUSIC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Desktop\My GAMES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Desktop\MISC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Desktop\GIRL SCOUTS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Desktop\GAMES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Desktop\Anti-Virus:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\Bluetooth Software:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\WebSentinel:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Temp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Supermarket Mania 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\SulusGames:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Registry Mechanic:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Playrix Entertainment:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Phex:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\PeerNetworking:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Oberon Media:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Oberon Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Mozilla:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prison Tycoon 3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Merscom:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Masque:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Malwarebytes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Logitech:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Leadertech:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Jane s Hotel:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\iolo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Intuit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\HpUpdate:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\HPAppData:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\HP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\GetRightToGo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Gamelab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\GameInvest:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\FrostWire:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Flood Light Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Eyeblaster:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\eGames:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\DataSafeOnline:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Creative:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Boolat Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\BLG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\BeachPartyCraze:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Aveyond II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\Atari:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\AppData\Roaming\.#:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\{d073fae9-adea-4545-86ac-4676e82b8ffe}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\.SunDownloadManager:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Melissa\.housecall6.6:Roxio EMC Stream
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:A53EDDED
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E8F2A400
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:DA5926CF
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:64A7B9DE
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:BB709C37
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:72598408
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:DE33A453
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:27219865
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9950163C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:62BF0372
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:4363DE71
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:F7E353AA
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EA701346
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:F9BCB534

< End of report >
  • 0

#5
melissaand

melissaand

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
2011/08/05 22:21:31.0433 0500 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/05 22:21:31.0829 0500 ================================================================================
2011/08/05 22:21:31.0829 0500 SystemInfo:
2011/08/05 22:21:31.0829 0500
2011/08/05 22:21:31.0829 0500 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/05 22:21:31.0829 0500 Product type: Workstation
2011/08/05 22:21:31.0830 0500 ComputerName: MELISSA-PC
2011/08/05 22:21:31.0830 0500 UserName: Melissa
2011/08/05 22:21:31.0830 0500 Windows directory: C:\Windows
2011/08/05 22:21:31.0830 0500 System windows directory: C:\Windows
2011/08/05 22:21:31.0830 0500 Processor architecture: Intel x86
2011/08/05 22:21:31.0830 0500 Number of processors: 2
2011/08/05 22:21:31.0830 0500 Page size: 0x1000
2011/08/05 22:21:31.0830 0500 Boot type: Normal boot
2011/08/05 22:21:31.0830 0500 ================================================================================
2011/08/05 22:21:32.0731 0500 Initialize success
2011/08/05 22:21:46.0631 1996 ================================================================================
2011/08/05 22:21:46.0631 1996 Scan started
2011/08/05 22:21:46.0631 1996 Mode: Manual;
2011/08/05 22:21:46.0631 1996 ================================================================================
2011/08/05 22:21:47.0380 1996 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/05 22:21:47.0434 1996 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/08/05 22:21:47.0494 1996 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/08/05 22:21:47.0546 1996 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/08/05 22:21:47.0605 1996 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/08/05 22:21:47.0684 1996 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/05 22:21:47.0711 1996 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/08/05 22:21:47.0765 1996 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/05 22:21:47.0800 1996 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
2011/08/05 22:21:47.0824 1996 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/08/05 22:21:47.0876 1996 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
2011/08/05 22:21:47.0925 1996 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/08/05 22:21:47.0966 1996 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/08/05 22:21:48.0037 1996 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/08/05 22:21:48.0099 1996 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/08/05 22:21:48.0154 1996 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
2011/08/05 22:21:48.0226 1996 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
2011/08/05 22:21:48.0285 1996 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
2011/08/05 22:21:48.0341 1996 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
2011/08/05 22:21:48.0405 1996 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
2011/08/05 22:21:48.0455 1996 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/05 22:21:48.0484 1996 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/08/05 22:21:48.0606 1996 atikmdag (641449667853591a5a12cd9d0621fba5) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/05 22:21:48.0787 1996 BCM43XV (9fa35e676acdfecc3730f39933affc4d) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/08/05 22:21:49.0154 1996 BCM43XX (9fa35e676acdfecc3730f39933affc4d) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/08/05 22:21:49.0223 1996 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/05 22:21:49.0339 1996 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/05 22:21:49.0371 1996 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/05 22:21:49.0401 1996 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/05 22:21:49.0449 1996 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/05 22:21:49.0508 1996 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/05 22:21:49.0560 1996 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/05 22:21:49.0597 1996 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/05 22:21:49.0638 1996 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/08/05 22:21:49.0665 1996 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/05 22:21:49.0697 1996 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/05 22:21:49.0774 1996 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
2011/08/05 22:21:49.0855 1996 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
2011/08/05 22:21:49.0913 1996 btwaudio (fc23e3a7ae18b02dcc1a34cbef3f80af) C:\Windows\system32\drivers\btwaudio.sys
2011/08/05 22:21:49.0961 1996 btwavdt (5e14c92763e51130bfb9a670afd7eddf) C:\Windows\system32\drivers\btwavdt.sys
2011/08/05 22:21:50.0026 1996 btwrchid (ac3fd5a3bbfa114098f75b80c4c1f3e7) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/08/05 22:21:50.0081 1996 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/05 22:21:50.0127 1996 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/05 22:21:50.0170 1996 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/08/05 22:21:50.0218 1996 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/05 22:21:50.0266 1996 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
2011/08/05 22:21:50.0320 1996 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/08/05 22:21:50.0367 1996 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/08/05 22:21:50.0409 1996 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/08/05 22:21:50.0512 1996 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/05 22:21:50.0573 1996 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/05 22:21:50.0645 1996 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS
2011/08/05 22:21:50.0678 1996 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS
2011/08/05 22:21:50.0707 1996 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
2011/08/05 22:21:50.0760 1996 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS
2011/08/05 22:21:50.0782 1996 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS
2011/08/05 22:21:50.0825 1996 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS
2011/08/05 22:21:50.0882 1996 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS
2011/08/05 22:21:50.0928 1996 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
2011/08/05 22:21:51.0034 1996 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS
2011/08/05 22:21:51.0152 1996 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS
2011/08/05 22:21:51.0239 1996 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/08/05 22:21:51.0287 1996 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/08/05 22:21:51.0319 1996 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/08/05 22:21:51.0368 1996 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/05 22:21:51.0414 1996 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
2011/08/05 22:21:51.0459 1996 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
2011/08/05 22:21:51.0540 1996 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/08/05 22:21:51.0625 1996 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
2011/08/05 22:21:51.0715 1996 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/05 22:21:51.0781 1996 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/08/05 22:21:51.0831 1996 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/05 22:21:51.0893 1996 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/05 22:21:51.0953 1996 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/08/05 22:21:52.0023 1996 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/05 22:21:52.0058 1996 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/05 22:21:52.0122 1996 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/05 22:21:52.0223 1996 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/05 22:21:52.0267 1996 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/05 22:21:52.0384 1996 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/05 22:21:52.0437 1996 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/05 22:21:52.0491 1996 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/05 22:21:52.0544 1996 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/05 22:21:52.0585 1996 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/08/05 22:21:52.0698 1996 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/08/05 22:21:52.0788 1996 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/05 22:21:52.0851 1996 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/05 22:21:52.0904 1996 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/05 22:21:52.0966 1996 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/05 22:21:53.0085 1996 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/08/05 22:21:53.0157 1996 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/08/05 22:21:53.0198 1996 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/08/05 22:21:53.0249 1996 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/05 22:21:53.0292 1996 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
2011/08/05 22:21:53.0378 1996 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/08/05 22:21:53.0455 1996 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/05 22:21:53.0557 1996 IntcAzAudAddService (9b89f2e3d705651dec1f01033b9d6b24) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/05 22:21:53.0650 1996 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/05 22:21:53.0688 1996 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/05 22:21:53.0842 1996 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/05 22:21:53.0888 1996 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/05 22:21:53.0989 1996 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/05 22:21:54.0100 1996 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/08/05 22:21:54.0164 1996 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/05 22:21:54.0317 1996 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/05 22:21:54.0443 1996 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/05 22:21:54.0513 1996 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/05 22:21:54.0554 1996 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/05 22:21:54.0619 1996 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/05 22:21:54.0731 1996 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/08/05 22:21:54.0783 1996 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/05 22:21:54.0821 1996 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/08/05 22:21:54.0878 1996 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/05 22:21:54.0924 1996 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/05 22:21:55.0013 1996 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/05 22:21:55.0077 1996 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/05 22:21:55.0180 1996 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/08/05 22:21:55.0286 1996 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\Windows\system32\drivers\mfeavfk.sys
2011/08/05 22:21:55.0335 1996 mfebopk (1d003e3056a43d881597d6763e83b943) C:\Windows\system32\drivers\mfebopk.sys
2011/08/05 22:21:55.0432 1996 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
2011/08/05 22:21:55.0467 1996 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
2011/08/05 22:21:55.0523 1996 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/05 22:21:55.0558 1996 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/05 22:21:55.0595 1996 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/05 22:21:55.0636 1996 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/05 22:21:55.0704 1996 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/05 22:21:55.0786 1996 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/08/05 22:21:55.0841 1996 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/05 22:21:55.0882 1996 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/05 22:21:55.0921 1996 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/05 22:21:55.0954 1996 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/05 22:21:55.0992 1996 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/05 22:21:56.0052 1996 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/05 22:21:56.0131 1996 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
2011/08/05 22:21:56.0182 1996 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/08/05 22:21:56.0268 1996 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/05 22:21:56.0303 1996 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/05 22:21:56.0398 1996 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/05 22:21:56.0443 1996 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/05 22:21:56.0490 1996 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/05 22:21:56.0543 1996 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/05 22:21:56.0604 1996 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/05 22:21:56.0731 1996 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/05 22:21:56.0878 1996 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/05 22:21:56.0967 1996 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/05 22:21:57.0089 1996 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/05 22:21:57.0133 1996 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/05 22:21:57.0173 1996 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/05 22:21:57.0218 1996 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/05 22:21:57.0278 1996 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/05 22:21:57.0322 1996 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/05 22:21:57.0361 1996 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/05 22:21:57.0444 1996 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/05 22:21:57.0491 1996 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/05 22:21:57.0543 1996 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/05 22:21:57.0629 1996 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/05 22:21:57.0715 1996 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/05 22:21:57.0764 1996 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/05 22:21:57.0791 1996 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/08/05 22:21:57.0826 1996 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/08/05 22:21:57.0862 1996 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/08/05 22:21:57.0962 1996 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/08/05 22:21:58.0004 1996 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/05 22:21:58.0051 1996 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/05 22:21:58.0090 1996 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/05 22:21:58.0139 1996 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/05 22:21:58.0161 1996 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/08/05 22:21:58.0198 1996 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/05 22:21:58.0248 1996 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/05 22:21:58.0415 1996 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/05 22:21:58.0483 1996 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/08/05 22:21:58.0543 1996 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/05 22:21:58.0602 1996 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\Windows\system32\Drivers\PxHelp20.sys
2011/08/05 22:21:58.0692 1996 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/08/05 22:21:58.0738 1996 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/05 22:21:58.0796 1996 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/05 22:21:58.0981 1996 R300 (641449667853591a5a12cd9d0621fba5) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/05 22:21:59.0097 1996 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/05 22:21:59.0178 1996 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/05 22:21:59.0276 1996 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/05 22:21:59.0419 1996 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/05 22:21:59.0742 1996 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/05 22:21:59.0862 1996 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/05 22:22:00.0017 1996 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2011/08/05 22:22:00.0036 1996 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/05 22:22:00.0119 1996 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/05 22:22:00.0201 1996 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/05 22:22:00.0288 1996 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/05 22:22:00.0391 1996 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/05 22:22:00.0450 1996 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/05 22:22:00.0513 1996 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/05 22:22:00.0612 1996 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/05 22:22:00.0661 1996 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/05 22:22:00.0733 1996 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/08/05 22:22:00.0800 1996 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/05 22:22:00.0878 1996 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/05 22:22:00.0927 1996 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/05 22:22:01.0040 1996 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/08/05 22:22:01.0087 1996 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/08/05 22:22:01.0148 1996 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/08/05 22:22:01.0277 1996 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/05 22:22:01.0372 1996 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/05 22:22:01.0440 1996 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/05 22:22:01.0506 1996 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/05 22:22:01.0542 1996 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/05 22:22:01.0612 1996 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/05 22:22:01.0655 1996 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/05 22:22:01.0704 1996 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/05 22:22:01.0739 1996 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/05 22:22:01.0814 1996 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/08/05 22:22:01.0914 1996 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/05 22:22:01.0995 1996 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/05 22:22:02.0071 1996 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/05 22:22:02.0117 1996 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/05 22:22:02.0156 1996 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/05 22:22:02.0266 1996 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/05 22:22:02.0415 1996 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/05 22:22:02.0476 1996 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/05 22:22:02.0588 1996 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/05 22:22:02.0620 1996 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/08/05 22:22:02.0688 1996 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/05 22:22:02.0948 1996 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/05 22:22:02.0989 1996 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/08/05 22:22:03.0020 1996 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/05 22:22:03.0072 1996 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/05 22:22:03.0130 1996 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/05 22:22:03.0201 1996 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/05 22:22:03.0271 1996 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/08/05 22:22:03.0346 1996 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys
2011/08/05 22:22:03.0398 1996 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/05 22:22:03.0471 1996 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/05 22:22:03.0529 1996 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2011/08/05 22:22:03.0569 1996 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/05 22:22:03.0624 1996 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/05 22:22:03.0710 1996 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2011/08/05 22:22:03.0806 1996 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/08/05 22:22:03.0885 1996 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/05 22:22:03.0931 1996 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/05 22:22:03.0968 1996 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/05 22:22:04.0074 1996 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/05 22:22:04.0119 1996 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/08/05 22:22:04.0171 1996 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/05 22:22:04.0217 1996 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/05 22:22:04.0267 1996 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/08/05 22:22:04.0297 1996 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/08/05 22:22:04.0329 1996 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
2011/08/05 22:22:04.0387 1996 VMUVC (0f0cfdb1ebff88ab998003c65cd79b4b) C:\Windows\system32\Drivers\VMUVC.sys
2011/08/05 22:22:04.0462 1996 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/05 22:22:04.0542 1996 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/05 22:22:04.0618 1996 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/05 22:22:04.0663 1996 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/08/05 22:22:04.0742 1996 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
2011/08/05 22:22:04.0961 1996 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/08/05 22:22:05.0086 1996 vvftUVC (d3ee7cc6b0c29083a874db9d890bceb5) C:\Windows\system32\drivers\vvftUVC.sys
2011/08/05 22:22:05.0251 1996 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/05 22:22:05.0327 1996 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/05 22:22:05.0340 1996 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/05 22:22:05.0408 1996 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/08/05 22:22:05.0470 1996 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/05 22:22:05.0580 1996 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/08/05 22:22:05.0695 1996 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/05 22:22:05.0779 1996 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/05 22:22:05.0897 1996 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/05 22:22:05.0984 1996 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/05 22:22:06.0070 1996 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/08/05 22:22:06.0101 1996 Boot (0x1200) (176690d2feb6c8682adde09f1cd0a80f) \Device\Harddisk0\DR0\Partition0
2011/08/05 22:22:06.0111 1996 Boot (0x1200) (2dace1f1f34c0310fc7bf8e0e808ab2d) \Device\Harddisk0\DR0\Partition1
2011/08/05 22:22:06.0121 1996 ================================================================================
2011/08/05 22:22:06.0121 1996 Scan finished
2011/08/05 22:22:06.0121 1996 ================================================================================
2011/08/05 22:22:06.0133 3744 Detected object count: 0
2011/08/05 22:22:06.0133 3744 Actual detected object count: 0
  • 0

#6
melissaand

melissaand

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-05 22:24:40
-----------------------------
22:24:40.954 OS Version: Windows 6.0.6002 Service Pack 2
22:24:40.954 Number of processors: 2 586 0xF06
22:24:40.955 ComputerName: MELISSA-PC UserName: Melissa
22:24:44.326 Initialize success
22:24:44.496 AVAST engine defs: 11080501
22:24:58.198 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1
22:24:58.200 Disk 0 Vendor: ST3500630AS 3.ADG Size: 476940MB BusType: 3
22:25:00.232 Disk 0 MBR read successfully
22:25:00.234 Disk 0 MBR scan
22:25:00.238 Disk 0 Windows VISTA default MBR code
22:25:00.242 Disk 0 scanning sectors +976771072
22:25:00.312 Disk 0 scanning C:\Windows\system32\drivers
22:25:10.770 Service scanning
22:25:12.612 Modules scanning
22:25:19.346 Disk 0 trace - called modules:
22:25:19.364 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
22:25:19.368 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86518968]
22:25:19.372 3 CLASSPNP.SYS[839a98b3] -> nt!IofCallDriver -> [0x86539558]
22:25:19.377 5 acpi.sys[806966bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-1[0x8653db98]
22:25:21.067 AVAST engine scan C:\Windows
22:25:27.056 AVAST engine scan C:\Windows\system32
22:27:19.878 AVAST engine scan C:\Windows\system32\drivers
22:27:35.980 AVAST engine scan C:\Users\Melissa
22:49:24.619 AVAST engine scan C:\ProgramData
22:57:20.684 Scan finished successfully
22:58:36.162 Disk 0 MBR has been saved successfully to "C:\Users\Melissa\Desktop\MBR.dat"
22:58:36.168 The log file has been saved successfully to "C:\Users\Melissa\Desktop\aswMBR.txt"
  • 0

#7
melissaand

melissaand

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
That should be all 4 logs that you requested that I post. Please let me know what to do next. Thank you for your help!
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi melissaand,

Do you get redirected in all browsers you use or this redirection only effect one browser?

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/07/04 02:28:51 | 000,000,240 | ---- | C] () -- C:\ProgramData\~41474148
    [2011/07/04 02:28:51 | 000,000,184 | ---- | C] () -- C:\ProgramData\~41474148r
    [2011/07/04 02:18:46 | 000,000,336 | ---- | C] () -- C:\ProgramData\41474148
    [2011/06/07 13:00:51 | 000,012,324 | -HS- | C] () -- C:\ProgramData\qf7j006i307x31d2eq0db61ygjdt21e46428472a
    [2011/05/24 09:43:32 | 000,000,344 | ---- | C] () -- C:\ProgramData\41540268
    [2009/01/16 22:39:30 | 000,000,000 | -HSD | M] -- C:\Users\Melissa\AppData\Roaming\.#

    :Files
    ipconfig /flushdns /c
    ipconfig /all /c
    nslookup google.com /c
    nslookup yahoo.com /c
    ping -n 2 google.com /c
    ping -n 2 yahoo.com /c
    route print /c

    :Commands
    [emptytemp]
    [emptyflash]
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt log in your next reply.

Step 3


Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#9
melissaand

melissaand

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Before my posts, I ran some of the checks as referenced in another topic on this website. I did find and fix one item, but I don't remember what it was. Since then, I have not had any issues with the redirect virus. I had not tried the internet before I ran all the checks as you asked.

Tomorrow, I will follow your next steps. If you see any other issues within my logs, please let me know so I can correct them.

Oh! and the redirect was occuring with all my browsers! Firefox, Chrome, and Internet Explorer. It wasn't picky at all!

Edited by melissaand, 06 August 2011 - 01:20 AM.

  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Run my scans and post logs here for me.
  • 0

Advertisements


#11
melissaand

melissaand

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
All processes killed
========== OTL ==========
C:\ProgramData\~41474148 moved successfully.
C:\ProgramData\~41474148r moved successfully.
C:\ProgramData\41474148 moved successfully.
C:\ProgramData\qf7j006i307x31d2eq0db61ygjdt21e46428472a moved successfully.
C:\ProgramData\41540268 moved successfully.
C:\Users\Melissa\AppData\Roaming\.# folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Melissa\Desktop\cmd.bat deleted successfully.
C:\Users\Melissa\Desktop\cmd.txt deleted successfully.
< ipconfig /all /c >
Windows IP Configuration
Host Name . . . . . . . . . . . . : Melissa-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter
Physical Address. . . . . . . . . : 00-1B-FC-D4-4A-83
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e867:60ca:3cc8:2f9d%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 167779324
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-44-90-15-00-1A-A0-89-EA-B6
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Anderson Router:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection
Physical Address. . . . . . . . . : 00-1A-A0-89-EA-B6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c5e3:ee34:3ff2:c22a%9(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, August 08, 2011 8:21:43 AM
Lease Expires . . . . . . . . . . : Tuesday, August 09, 2011 8:21:43 AM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 201333408
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-44-90-15-00-1A-A0-89-EA-B6
DNS Servers . . . . . . . . . . . : 10.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{059F7549-B545-4ACE-A8C6-1773B754D5EE}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{059F7549-B545-4ACE-A8C6-1773B754D5EE}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 14:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{059F7549-B545-4ACE-A8C6-1773B754D5EE}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 15:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{0D58555F-CE6A-4DC0-846D-327427BB64E0}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 16:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{09DD13A0-9C95-4314-8A3B-E46B87918E8B}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Melissa\Desktop\cmd.bat deleted successfully.
C:\Users\Melissa\Desktop\cmd.txt deleted successfully.
< nslookup google.com /c >
Server: UnKnown
Address: 10.0.0.1
Name: google.com
Addresses: 74.125.224.144
74.125.224.147
74.125.224.145
74.125.224.148
74.125.224.146
C:\Users\Melissa\Desktop\cmd.bat deleted successfully.
C:\Users\Melissa\Desktop\cmd.txt deleted successfully.
< nslookup yahoo.com /c >
Server: UnKnown
Address: 10.0.0.1
Name: yahoo.com
Addresses: 98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43
C:\Users\Melissa\Desktop\cmd.bat deleted successfully.
C:\Users\Melissa\Desktop\cmd.txt deleted successfully.
< ping -n 2 google.com /c >
Pinging google.com [74.125.224.145] with 32 bytes of data:
Reply from 74.125.224.145: bytes=32 time=35ms TTL=53
Reply from 74.125.224.145: bytes=32 time=35ms TTL=53
Ping statistics for 74.125.224.145:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 35ms, Maximum = 35ms, Average = 35ms
C:\Users\Melissa\Desktop\cmd.bat deleted successfully.
C:\Users\Melissa\Desktop\cmd.txt deleted successfully.
< ping -n 2 yahoo.com /c >
Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=34ms TTL=54
Reply from 98.137.149.56: bytes=32 time=34ms TTL=54
Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 34ms, Maximum = 34ms, Average = 34ms
C:\Users\Melissa\Desktop\cmd.bat deleted successfully.
C:\Users\Melissa\Desktop\cmd.txt deleted successfully.
< route print /c >
===========================================================================
Interface List
10 ...00 1b fc d4 4a 83 ...... Broadcom 802.11g Network Adapter
9 ...00 1a a0 89 ea b6 ...... Intel® 82562V-2 10/100 Network Connection
1 ........................... Software Loopback Interface 1
8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
17 ...00 00 00 00 00 00 00 e0 isatap.{059F7549-B545-4ACE-A8C6-1773B754D5EE}
16 ...00 00 00 00 00 00 00 e0 isatap.{059F7549-B545-4ACE-A8C6-1773B754D5EE}
15 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
18 ...00 00 00 00 00 00 00 e0 isatap.{059F7549-B545-4ACE-A8C6-1773B754D5EE}
21 ...00 00 00 00 00 00 00 e0 isatap.{0D58555F-CE6A-4DC0-846D-327427BB64E0}
22 ...00 00 00 00 00 00 00 e0 isatap.{09DD13A0-9C95-4314-8A3B-E46B87918E8B}
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.2 20
10.0.0.0 255.255.255.0 On-link 10.0.0.2 276
10.0.0.2 255.255.255.255 On-link 10.0.0.2 276
10.0.0.255 255.255.255.255 On-link 10.0.0.2 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.1 281
192.168.0.1 255.255.255.255 On-link 192.168.0.1 281
192.168.0.255 255.255.255.255 On-link 192.168.0.1 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.2 276
224.0.0.0 240.0.0.0 On-link 192.168.0.1 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.2 276
255.255.255.255 255.255.255.255 On-link 192.168.0.1 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
9 276 fe80::/64 On-link
10 281 fe80::/64 On-link
9 276 fe80::c5e3:ee34:3ff2:c22a/128
On-link
10 281 fe80::e867:60ca:3cc8:2f9d/128
On-link
1 306 ff00::/8 On-link
9 276 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
C:\Users\Melissa\Desktop\cmd.bat deleted successfully.
C:\Users\Melissa\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
->Temp folder emptied: 200 bytes

User: Default
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temporary Internet Files folder emptied: 47620393 bytes
->Flash cache emptied: 3391 bytes

User: Melissa
->Temporary Internet Files folder emptied: 73609207 bytes
->Flash cache emptied: 8082051 bytes

User: Public

User: TEMP
->Temporary Internet Files folder emptied: 98304 bytes

User: TEMP.Melissa-PC
->Temporary Internet Files folder emptied: 507904 bytes

User: TEMP.Melissa-PC.000
->Temporary Internet Files folder emptied: 344064 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 85229 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 124.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Melissa
->Flash cache emptied: 0 bytes

User: Public

User: TEMP

User: TEMP.Melissa-PC

User: TEMP.Melissa-PC.000

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08082011_083728

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#12
melissaand

melissaand

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ComboFix 11-08-08.01 - Melissa 08/08/2011 12:19:14.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1950 [GMT -7:00]
Running from: c:\users\Melissa\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-08 to 2011-08-08 )))))))))))))))))))))))))))))))
.
.
2011-08-08 19:25 . 2011-08-08 19:25 -------- d-----w- c:\users\Melissa\AppData\Local\temp
2011-08-08 19:25 . 2011-08-08 19:25 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-08-08 19:25 . 2011-08-08 19:25 -------- d-----w- c:\users\TEMP.Melissa-PC\AppData\Local\temp
2011-08-08 19:25 . 2011-08-08 19:25 -------- d-----w- c:\users\TEMP.Melissa-PC.000\AppData\Local\temp
2011-08-08 19:25 . 2011-08-08 19:25 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-08-08 19:25 . 2011-08-08 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-08 15:37 . 2011-08-08 15:37 -------- d-----w- C:\_OTL
2011-08-05 08:25 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57F5F400-B610-447D-8D83-DF1DE7BAF163}\mpengine.dll
2011-08-05 05:12 . 2011-08-05 05:12 -------- d-----w- c:\program files\ERUNT
2011-08-04 22:50 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-04 22:50 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-04 22:50 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-04 22:50 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-04 22:49 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-04 22:49 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2011-08-04 22:49 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-04 22:49 . 2011-08-04 22:49 -------- d-----w- c:\programdata\Alwil Software
2011-08-04 21:23 . 2011-08-04 21:23 -------- d-----w- c:\users\Melissa\AppData\Roaming\ConsumerSoft
2011-08-04 21:23 . 2011-08-04 21:23 -------- d-----w- c:\program files\ConsumerSoft
2011-07-30 05:05 . 2011-07-30 05:05 -------- d-----w- c:\program files\Apple Software Update
2011-07-29 22:48 . 2011-08-05 01:00 -------- d-----w- c:\users\Melissa\AppData\Local\CrashDumps
2011-07-29 22:16 . 2011-07-29 22:16 -------- d-----w- c:\users\Melissa\AppData\Roaming\PCToolsFirewallPlus
2011-07-29 22:16 . 2011-07-29 22:16 -------- d-----w- c:\users\Melissa\AppData\Roaming\Spam Monitor
2011-07-29 22:07 . 2011-07-29 22:18 -------- d-----w- c:\users\Melissa\AppData\Local\NPE
2011-07-29 22:07 . 2011-07-29 22:07 -------- d-----w- c:\programdata\Norton
2011-07-29 19:54 . 2011-07-29 19:54 -------- d-----w- c:\users\Melissa\AppData\Local\ElevatedDiagnostics
2011-07-21 00:06 . 2011-07-21 00:06 -------- d-----w- c:\program files\att games
2011-07-21 00:03 . 2011-07-21 00:03 -------- d-----w- c:\users\Melissa\AppData\Local\Oberon Media
2011-07-16 06:25 . 2011-07-16 06:25 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-07-16 06:18 . 2011-08-04 17:53 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-16 06:18 . 2011-07-16 06:18 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-07-16 06:17 . 2011-07-16 06:25 -------- d-----w- c:\programdata\Hitman Pro
2011-07-16 06:03 . 2011-07-16 06:03 -------- d-----w- c:\program files\Trend Micro
2011-07-13 00:51 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 00:51 . 2011-04-21 13:55 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 00:51 . 2009-06-17 13:23 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 00:51 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 00:51 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 00:44 . 2011-07-21 07:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-05 05:20 . 2009-07-28 05:47 226280 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-08-04 22:22 . 2011-01-11 08:14 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-07-07 02:52 . 2011-07-04 19:25 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-27 08:44 . 2011-06-27 09:02 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-06-27 08:44 . 2011-06-27 09:02 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-06-22 23:44 . 2011-06-22 23:44 53248 ----a-r- c:\users\Melissa\AppData\Roaming\Microsoft\Installer\{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}\ARPPRODUCTICON.exe
2011-05-28 06:08 . 2011-06-16 16:40 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04 . 2011-06-16 16:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04 . 2011-06-16 16:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04 . 2011-06-16 16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04 . 2011-06-16 16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10 . 2011-06-16 16:40 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33 . 2011-06-16 16:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31 . 2011-06-16 16:40 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-25 02:14 . 2009-10-03 16:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-14 16:26 . 2011-06-15 03:57 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"My Faster PC"="c:\program files\ConsumerSoft\My Faster PC\mfpchelper.exe" [2011-06-07 1160584]
"DefragReminder"="c:\program files\ConsumerSoft\My Faster PC\My Defragmenter\DefragReminder.exe" [2011-01-20 919504]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-05 6265376]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
.
c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SetPoint.lnk]
backup=c:\windows\pss\SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Melissa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech BT Wizard]
LBTWiz.exe -silent [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 17:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCQCATS]
2006-10-16 05:31 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\dlcqtime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 16:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-03-16 10:20 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-03-21 00:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-03-21 00:34 213936 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-03-21 00:34 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 18:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 11:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2007-01-12 00:15 101136 ----a-w- c:\program files\Common Files\Logitech\khalshared\KHALMNPR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-08-05 00:16 6265376 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2006-11-27 14:14 180224 ------w- c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 136176]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys [x]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-05-26 252416]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 398720]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2009-02-18 78104]
S1 aswSP;aswSP; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-07-15 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 05:56]
.
2011-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 05:56]
.
2011-08-08 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 15:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
Trusted Zone: coursecompass.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: mathxl.com
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\9ofuy65h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fp-yie9
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-08 12:25
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-08-08 12:27:07
ComboFix-quarantined-files.txt 2011-08-08 19:27
ComboFix2.txt 2011-08-08 16:11
.
Pre-Run: 385,713,053,696 bytes free
Post-Run: 385,675,190,272 bytes free
.
- - End Of File - - 1FBFA9EBDEB498B39D308EE6D8E9720F
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Deleted
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
How is your system now? Do you still get redirected?
  • 0

#15
melissaand

melissaand

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
NO. All seems to be good. Did you see anything that maybe I should get rid of? Also, what can I delete that we put on to run the scans? Also, I am looking for a good anti-virus program. I have a few on my system. What do you recommend?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP