Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search Engine Redirect Virus: Advice on forum did not work


  • This topic is locked This topic is locked

#1
llustig

llustig

    Member

  • Member
  • PipPip
  • 11 posts
I need help to get rid of this virus that redirects my google searches. I have now spoken with a chat advisor who sent me to teh forum. I tried the steps on the guide for removing this kind of malware and it did not work.

Any advice?
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello llustig and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 4

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#3
llustig

llustig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL Report

OTL logfile created on: 8/22/2011 1:38:58 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Lindsay\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 47.54% Memory free
7.49 Gb Paging File | 5.15 Gb Available in Paging File | 68.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.57 Gb Total Space | 193.43 Gb Free Space | 67.97% Space Free | Partition Type: NTFS
Drive D: | 13.22 Gb Total Space | 2.20 Gb Free Space | 16.65% Space Free | Partition Type: NTFS

Computer Name: LINDSAY-PC | User Name: Lindsay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/22 13:38:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Lindsay\Desktop\OTL.scr
PRC - [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\Windows\SysWOW64\UIAutomationCore32.exe
PRC - [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\ProgramData\iedkcs3232.exe
PRC - [2011/07/21 16:20:08 | 000,161,336 | ---- | M] (Google) -- C:\Users\Lindsay\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/16 16:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/10/27 23:31:14 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/07/24 00:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 15:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/09/10 07:11:12 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/13 11:27:04 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\7cc7d753f499e27b4bd8a45c3e81c73e\System.Management.ni.dll
MOD - [2011/08/13 11:14:20 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60aa01ac9637903f30ac346c55ce58bb\PresentationFramework.Aero.ni.dll
MOD - [2011/08/13 11:14:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll
MOD - [2011/08/13 11:13:59 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\86f429e0a23238cf277d464bd0433d86\System.Data.ni.dll
MOD - [2011/08/13 11:13:48 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\462ca53f84ff85f159d5555d91a5e28d\PresentationFramework.ni.dll
MOD - [2011/08/13 11:13:33 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
MOD - [2011/08/13 11:13:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
MOD - [2011/08/13 11:13:24 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\efadc7a54e78f3755da53c95bdc293fd\UIAutomationTypes.ni.dll
MOD - [2011/08/13 11:13:23 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\c23f8386031ea70eb7bdb59367fe2f0f\UIAutomationProvider.ni.dll
MOD - [2011/08/13 11:13:23 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5c6e1a094b1e65c69b528151cc19b1ee\Accessibility.ni.dll
MOD - [2011/08/13 11:13:22 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\808e41877f992187276492aa2e55e909\PresentationCore.ni.dll
MOD - [2011/08/13 11:13:11 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll
MOD - [2011/08/13 11:13:05 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
MOD - [2011/08/13 11:13:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
MOD - [2011/08/13 11:13:00 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
MOD - [2011/08/13 11:12:54 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2011/06/28 11:48:27 | 000,123,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/09/16 16:04:50 | 000,095,528 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/09/16 16:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/03/19 10:45:36 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/03/19 10:45:36 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/03/19 10:45:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/07/23 15:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/15 20:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/07/15 20:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/15 20:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/07/15 20:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/07/15 20:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/07/15 20:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/07/15 20:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/07/15 20:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/06/10 17:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/02/27 15:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2008/09/10 07:11:12 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
MOD - [2008/09/10 06:29:46 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Printable Web\resource.dll
MOD - [2008/09/10 06:29:29 | 000,180,224 | ---- | M] () -- C:\Program Files\Lexmark Printable Web\bho.dll
MOD - [2008/09/10 06:28:56 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll
MOD - [2008/09/10 06:28:45 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll
MOD - [2008/09/10 06:28:44 | 001,036,288 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudrs.dll
MOD - [2008/09/10 06:08:35 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll
MOD - [2008/05/23 08:02:14 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
MOD - [2008/05/23 08:02:05 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducats.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/03 20:36:16 | 006,315,664 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV:64bit: - [2010/10/07 07:42:36 | 000,833,944 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2009/09/03 05:07:48 | 000,593,864 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV:64bit: - [2009/09/03 04:44:36 | 000,900,360 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 17:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/07/02 14:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/29 16:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_dc6a6e8ef654da29\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/03 04:39:56 | 000,565,512 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_dc6a6e8ef654da29\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/05/23 08:58:53 | 001,040,552 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device)
SRV:64bit: - [2008/05/23 08:58:45 | 000,033,960 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\UIAutomationCore32.exe -- (Spooler32)
SRV - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/05/23 08:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxducoms.exe -- (lxdu_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/07/30 13:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2010/07/30 13:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2010/07/30 13:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)
DRV:64bit: - [2010/06/08 12:43:38 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/28 17:28:06 | 000,140,128 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 17:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 17:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/07/02 14:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 16:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 06:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/20 18:09:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/12 22:39:00 | 000,239,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/03 10:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/03/03 19:12:46 | 000,096,784 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/03/03 19:12:42 | 000,305,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2009/03/03 19:12:42 | 000,199,696 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.washingtonpost.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5A CF D7 01 1F 29 35 41 AE 29 DD AF F7 10 9E F7 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {326be4bf-60ed-475a-b8f4-b958b1b1ff32}:1.0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Lindsay\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Lindsay\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Lindsay\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lindsay\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lindsay\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/24 18:14:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/05 00:08:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/05 00:08:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Lindsay\AppData\Roaming\Move Networks [2010/01/24 01:14:48 | 000,000,000 | ---D | M]

[2010/01/29 16:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lindsay\AppData\Roaming\Mozilla\Extensions
[2011/08/21 22:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\bdib9m23.default\extensions
[2010/06/13 17:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/08/24 18:14:27 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/01/24 01:14:48 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\LINDSAY\APPDATA\ROAMING\MOVE NETWORKS
File not found (No name found) -- C:\USERS\LINDSAY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BDIB9M23.DEFAULT\EXTENSIONS\{326BE4BF-60ED-475A-B8F4-B958B1B1FF32}

O1 HOSTS File: ([2011/08/21 22:19:57 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {01D7CF5A-291F-4135-AE29-DDAFF7109EF7} - C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-032.dll (People Can Fly)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\13.0.782.112\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [lxduamon] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe ()
O4:64bit: - HKLM..\Run: [lxdumon.exe] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] File not found
O4 - Startup: C:\Users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18:64bit: - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\13.0.782.112\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\ProgramData\api-ms-win-core-localization-l1-1-032.dll) - C:\ProgramData\api-ms-win-core-localization-l1-1-032.dll (People Can Fly)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/22 13:38:19 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Lindsay\Desktop\OTL.scr
[2011/08/21 22:36:55 | 000,000,000 | ---D | C] -- C:\Users\Lindsay\Desktop\GooredFix Backups
[2011/08/21 22:36:39 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Lindsay\Desktop\GooredFix.exe
[2011/08/21 22:19:55 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/08/21 22:12:14 | 000,110,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\20986349.sys
[2011/08/21 21:19:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/21 21:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/21 21:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/08/14 22:33:41 | 000,155,648 | ---- | C] (People Can Fly) -- C:\ProgramData\api-ms-win-core-localization-l1-1-032.dll
[2011/08/14 22:33:38 | 000,327,680 | ---- | C] (People Can Fly) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-032.dll
[2010/06/13 17:36:15 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll
[2010/06/13 17:36:15 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll
[2010/06/13 17:36:14 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll
[2010/06/13 17:36:12 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll
[2010/06/13 17:36:11 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll
[2010/06/13 17:36:10 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll
[2010/06/13 17:36:09 | 000,679,936 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll
[2010/06/13 17:36:09 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduih.exe
[2010/06/13 17:36:08 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducoms.exe
[2010/06/13 17:36:07 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll
[2010/06/13 17:36:07 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll
[2010/06/13 17:36:06 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducfg.exe
[5 C:\Users\Lindsay\Documents\*.tmp files -> C:\Users\Lindsay\Documents\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/22 13:45:36 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2011/08/22 13:45:36 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2011/08/22 13:38:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Lindsay\Desktop\OTL.scr
[2011/08/22 13:03:14 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1473292723-2040577135-3555990526-1000UA.job
[2011/08/22 13:03:14 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/22 12:12:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/22 11:38:29 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/22 11:38:27 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1473292723-2040577135-3555990526-1000Core.job
[2011/08/21 23:15:06 | 000,000,019 | ---- | M] () -- C:\ProgramData\5006cd4c
[2011/08/21 22:40:08 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/21 22:40:08 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/21 22:36:48 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Lindsay\Desktop\GooredFix.exe
[2011/08/21 22:32:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLindsay.job
[2011/08/21 22:31:07 | 3016,904,704 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/21 22:19:57 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/08/21 22:12:14 | 000,110,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\20986349.sys
[2011/08/21 21:18:44 | 000,001,108 | ---- | M] () -- C:\Users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/21 21:18:36 | 000,000,909 | ---- | M] () -- C:\Users\Lindsay\Desktop\ERUNT.lnk
[2011/08/17 00:38:59 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/17 00:38:59 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/17 00:38:59 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/14 22:33:42 | 000,000,118 | ---- | M] () -- C:\Windows\SysWow64\2049498428
[2011/08/14 22:33:41 | 000,155,648 | ---- | M] (People Can Fly) -- C:\ProgramData\api-ms-win-core-localization-l1-1-032.dll
[2011/08/14 22:33:38 | 000,327,680 | ---- | M] (People Can Fly) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-032.dll
[2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\Windows\SysWow64\UIAutomationCore32.exe
[2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\ProgramData\iedkcs3232.exe
[2011/08/13 16:35:36 | 000,602,672 | ---- | M] () -- C:\Users\Lindsay\Documents\BMGT357_MarketingAudit.pdf
[2011/07/29 12:34:30 | 000,093,460 | ---- | M] () -- C:\Users\Lindsay\Documents\BMGT357_OrganizationalStructure.pdf
[5 C:\Users\Lindsay\Documents\*.tmp files -> C:\Users\Lindsay\Documents\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/21 21:18:44 | 000,001,108 | ---- | C] () -- C:\Users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/21 21:18:36 | 000,000,909 | ---- | C] () -- C:\Users\Lindsay\Desktop\ERUNT.lnk
[2011/08/18 22:09:01 | 000,000,019 | ---- | C] () -- C:\ProgramData\5006cd4c
[2011/08/14 22:33:42 | 000,705,024 | ---- | C] () -- C:\ProgramData\iedkcs3232.exe
[2011/08/14 22:33:41 | 000,705,024 | ---- | C] () -- C:\Windows\SysWow64\UIAutomationCore32.exe
[2011/08/14 22:33:41 | 000,000,118 | ---- | C] () -- C:\Windows\SysWow64\2049498428
[2011/08/13 16:35:33 | 000,602,672 | ---- | C] () -- C:\Users\Lindsay\Documents\BMGT357_MarketingAudit.pdf
[2011/07/29 12:34:30 | 000,093,460 | ---- | C] () -- C:\Users\Lindsay\Documents\BMGT357_OrganizationalStructure.pdf
[2011/07/24 15:24:51 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForLindsay.job
[2011/04/21 14:30:40 | 000,231,313 | ---- | C] () -- C:\Users\Lindsay\AppData\Local\tmpIMG00011-20110419-1213[1].2
[2011/04/21 14:30:40 | 000,229,954 | ---- | C] () -- C:\Users\Lindsay\AppData\Local\tmpIMG00011-20110419-1213[1].1
[2011/02/26 18:32:00 | 000,001,854 | ---- | C] () -- C:\Users\Lindsay\AppData\Roaming\GhostObjGAFix.xml
[2010/06/17 22:20:52 | 000,000,058 | ---- | C] () -- C:\Windows\OSA.INI
[2010/06/13 17:36:17 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll
[2010/06/13 17:36:16 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll
[2010/06/13 17:24:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll
[2010/06/13 17:24:18 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll
[2010/06/13 17:24:17 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll
[2010/01/30 10:22:41 | 002,654,593 | ---- | C] () -- C:\Users\Lindsay\AppData\Local\tmpROMA-THE BEGINNINGS 016.JPG
[2010/01/24 12:43:21 | 000,005,120 | ---- | C] () -- C:\Users\Lindsay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/10 21:54:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/26 10:12:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/15 20:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/09/22 22:19:07 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\acccore
[2010/09/28 10:22:58 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/28 13:10:49 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\com.Shutterfly.ExpressUploader
[2010/05/18 23:00:37 | 000,000,000 | -HSD | M] -- C:\Users\Lindsay\AppData\Roaming\My Security Engine
[2010/08/18 18:51:05 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\WildTangent
[2011/02/07 17:10:33 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/11/26 10:42:06 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/11/26 10:42:06 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/11/26 10:42:06 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/11/26 10:42:06 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/12/26 14:09:36 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/12/26 14:09:36 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/12/26 14:09:36 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2010/12/26 14:09:36 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2010/12/26 14:09:36 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2010/12/26 14:09:36 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/06/21 01:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/06/21 01:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2010/12/26 14:09:36 | 000,553,696 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2010/12/26 14:09:36 | 000,553,696 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2010/12/26 14:09:36 | 000,553,696 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2010/12/26 14:09:36 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2010/12/26 14:09:36 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2010/12/26 14:09:36 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/06/21 01:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/06/21 01:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation)

< >

< End of report >

GMER did not give me a report. When the scan completed, a text box popped up and said that it had not found any system modifications. I ran the scan twice and it said this both times.

MBR Report:

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-22 15:05:31
-----------------------------
15:05:31.101 OS Version: Windows x64 6.1.7600
15:05:31.101 Number of processors: 2 586 0x602
15:05:31.101 ComputerName: LINDSAY-PC UserName: Lindsay
15:05:34.658 Initialize success
15:05:45.249 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:05:45.265 Disk 0 Vendor: ST9320423AS 0006HPM1 Size: 305245MB BusType: 11
15:05:47.324 Disk 0 MBR read successfully
15:05:47.324 Disk 0 MBR scan
15:05:47.324 Disk 0 unknown MBR code
15:05:47.339 Service scanning
15:05:51.707 Modules scanning
15:05:51.707 Disk 0 trace - called modules:
15:05:51.723 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
15:05:51.739 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004354060]
15:05:51.739 3 CLASSPNP.SYS[fffff8800110e43f] -> nt!IofCallDriver -> [0xfffffa8004353040]
15:05:51.754 5 hpdskflt.sys[fffff88001c02289] -> nt!IofCallDriver -> [0xfffffa80042c3310]
15:05:51.754 7 ACPI.sys[fffff88000e15781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80042cc680]
15:05:51.770 Scan finished successfully
15:06:18.181 Disk 0 MBR has been saved successfully to "C:\Users\Lindsay\Desktop\MBR.dat"
15:06:18.196 The log file has been saved successfully to "C:\Users\Lindsay\Desktop\aswMBR.txt"
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi llustig,

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5A CF D7 01 1F 29 35 41 AE 29 DD AF F7 10 9E F7 [binary data]
    O20 - AppInit_DLLs: (C:\ProgramData\api-ms-win-core-localization-l1-1-032.dll) - C:\ProgramData\api-ms-win-core-localization-l1-1-032.dll (People Can Fly)
    [2011/08/14 22:33:41 | 000,155,648 | ---- | C] (People Can Fly) -- C:\ProgramData\api-ms-win-core-localization-l1-1-032.dll
    [2011/08/14 22:33:38 | 000,327,680 | ---- | C] (People Can Fly) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-032.dll
    [2011/08/21 23:15:06 | 000,000,019 | ---- | M] () -- C:\ProgramData\5006cd4c
    [2011/08/22 13:45:36 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
    [2011/08/22 13:45:36 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
    [2011/08/14 22:33:42 | 000,000,118 | ---- | M] () -- C:\Windows\SysWow64\2049498428
    [2011/08/14 22:33:42 | 000,705,024 | ---- | C] () -- C:\ProgramData\iedkcs3232.exe

    :Reg
    [HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Please download MBRCheck.exe to your desktop.

  • Double click to run it
  • It will prompt you with some text
  • A text file will be generated on your desktop
  • Now paste that text here for me.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • TDSSKiller log
  • MBRCheck log
It would be helpful if you could post each log in separate post
  • 0

#5
llustig

llustig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL Log:

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\ProgramData\api-ms-win-core-localization-l1-1-032.dll deleted successfully.
C:\ProgramData\api-ms-win-core-localization-l1-1-032.dll moved successfully.
File C:\ProgramData\api-ms-win-core-localization-l1-1-032.dll not found.
C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-032.dll moved successfully.
C:\ProgramData\5006cd4c moved successfully.
C:\Windows\SysNative\drivers\etc\tmvsthfud.bin moved successfully.
C:\Windows\SysNative\drivers\etc\tmvsthfss.bin moved successfully.
C:\Windows\SysWOW64\2049498428 moved successfully.
C:\ProgramData\iedkcs3232.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lindsay\Desktop\cmd.bat deleted successfully.
C:\Users\Lindsay\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lindsay
->Temp folder emptied: 2081533 bytes
->Temporary Internet Files folder emptied: 54831294 bytes
->Java cache emptied: 488 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1254 bytes

User: Public

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10236 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66072 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 54.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Lindsay
->Flash cache emptied: 0 bytes

User: Public

User: TEMP

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.5 log created on 08232011_130646

Files\Folders moved on Reboot...
C:\Users\Lindsay\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Lindsay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P0TBZW5U\login_status[1].htm moved successfully.
C:\Users\Lindsay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O2MCRT4B\fastbutton[1].htm moved successfully.
C:\Users\Lindsay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3IIWVQF7\like[1].htm moved successfully.
C:\Users\Lindsay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3HFW39TK\page__p__2052012__fromsearch__1[1].htm moved successfully.
C:\Users\Lindsay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Lindsay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...
  • 0

#6
llustig

llustig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
TDSSKiller Report:

2011/08/23 13:23:45.0306 7072 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/23 13:23:45.0634 7072 ================================================================================
2011/08/23 13:23:45.0634 7072 SystemInfo:
2011/08/23 13:23:45.0634 7072
2011/08/23 13:23:45.0634 7072 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/23 13:23:45.0634 7072 Product type: Workstation
2011/08/23 13:23:45.0634 7072 ComputerName: LINDSAY-PC
2011/08/23 13:23:45.0634 7072 UserName: Lindsay
2011/08/23 13:23:45.0634 7072 Windows directory: C:\Windows
2011/08/23 13:23:45.0634 7072 System windows directory: C:\Windows
2011/08/23 13:23:45.0634 7072 Running under WOW64
2011/08/23 13:23:45.0634 7072 Processor architecture: Intel x64
2011/08/23 13:23:45.0634 7072 Number of processors: 2
2011/08/23 13:23:45.0634 7072 Page size: 0x1000
2011/08/23 13:23:45.0634 7072 Boot type: Normal boot
2011/08/23 13:23:45.0634 7072 ================================================================================
2011/08/23 13:23:50.0283 7072 Initialize success
2011/08/23 13:24:01.0780 6324 ================================================================================
2011/08/23 13:24:01.0780 6324 Scan started
2011/08/23 13:24:01.0780 6324 Mode: Manual;
2011/08/23 13:24:01.0780 6324 ================================================================================
2011/08/23 13:24:05.0275 6324 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/23 13:24:05.0368 6324 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/08/23 13:24:05.0446 6324 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/23 13:24:05.0493 6324 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/23 13:24:05.0633 6324 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/23 13:24:05.0789 6324 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/23 13:24:05.0867 6324 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/23 13:24:05.0961 6324 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/08/23 13:24:06.0101 6324 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/08/23 13:24:06.0273 6324 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/23 13:24:06.0351 6324 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/23 13:24:06.0398 6324 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/23 13:24:06.0491 6324 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/23 13:24:06.0523 6324 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/23 13:24:06.0616 6324 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/08/23 13:24:06.0694 6324 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/23 13:24:06.0757 6324 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/08/23 13:24:06.0835 6324 ApfiltrService (05f1a0a81a98cf27e3f028213fb6c36a) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/08/23 13:24:06.0928 6324 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/08/23 13:24:07.0037 6324 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/23 13:24:07.0131 6324 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/23 13:24:07.0209 6324 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/23 13:24:07.0271 6324 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/23 13:24:07.0365 6324 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
2011/08/23 13:24:07.0630 6324 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
2011/08/23 13:24:08.0145 6324 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/23 13:24:08.0582 6324 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/08/23 13:24:08.0753 6324 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/23 13:24:08.0909 6324 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/23 13:24:09.0003 6324 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/23 13:24:09.0128 6324 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/23 13:24:09.0284 6324 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/23 13:24:09.0455 6324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/23 13:24:09.0549 6324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/23 13:24:09.0689 6324 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/23 13:24:09.0783 6324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/23 13:24:09.0845 6324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/23 13:24:09.0908 6324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/23 13:24:09.0986 6324 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/23 13:24:10.0111 6324 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/23 13:24:10.0189 6324 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/23 13:24:10.0251 6324 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/23 13:24:10.0376 6324 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/23 13:24:10.0532 6324 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/23 13:24:10.0610 6324 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/23 13:24:10.0906 6324 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/08/23 13:24:11.0125 6324 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/23 13:24:11.0187 6324 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/23 13:24:11.0343 6324 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/23 13:24:11.0452 6324 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/08/23 13:24:11.0515 6324 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/23 13:24:11.0593 6324 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/23 13:24:11.0671 6324 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/23 13:24:11.0733 6324 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/23 13:24:12.0497 6324 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/23 13:24:12.0856 6324 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/23 13:24:13.0028 6324 enecir (a9ec08727c64d985678f5b64c03823f0) C:\Windows\system32\DRIVERS\enecir.sys
2011/08/23 13:24:13.0215 6324 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/23 13:24:13.0324 6324 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/23 13:24:13.0402 6324 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/23 13:24:13.0496 6324 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/23 13:24:13.0589 6324 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/23 13:24:13.0636 6324 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/23 13:24:13.0683 6324 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/23 13:24:13.0745 6324 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/08/23 13:24:13.0839 6324 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/23 13:24:13.0917 6324 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/23 13:24:13.0995 6324 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/23 13:24:14.0104 6324 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/23 13:24:14.0167 6324 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/23 13:24:14.0291 6324 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/23 13:24:14.0354 6324 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/08/23 13:24:14.0416 6324 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/23 13:24:14.0463 6324 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/23 13:24:14.0510 6324 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/23 13:24:14.0588 6324 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/23 13:24:14.0681 6324 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/23 13:24:14.0822 6324 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/08/23 13:24:14.0869 6324 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/08/23 13:24:14.0962 6324 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/23 13:24:15.0040 6324 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/08/23 13:24:15.0149 6324 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/23 13:24:15.0212 6324 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/23 13:24:15.0290 6324 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/08/23 13:24:15.0586 6324 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/08/23 13:24:15.0836 6324 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/23 13:24:15.0945 6324 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/23 13:24:15.0992 6324 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/23 13:24:16.0023 6324 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/23 13:24:16.0070 6324 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/23 13:24:16.0101 6324 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/23 13:24:16.0195 6324 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/23 13:24:16.0241 6324 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/23 13:24:16.0288 6324 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/23 13:24:16.0382 6324 JMCR (02bd12c2ee52f0849a5d6f9a2fa67b4e) C:\Windows\system32\DRIVERS\jmcr.sys
2011/08/23 13:24:16.0429 6324 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/23 13:24:16.0475 6324 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/23 13:24:16.0522 6324 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/23 13:24:16.0569 6324 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/23 13:24:16.0647 6324 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/23 13:24:16.0756 6324 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/23 13:24:16.0850 6324 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/23 13:24:16.0912 6324 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/23 13:24:16.0959 6324 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/23 13:24:17.0037 6324 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/23 13:24:17.0115 6324 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/23 13:24:17.0209 6324 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/23 13:24:17.0302 6324 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/23 13:24:17.0365 6324 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/23 13:24:17.0443 6324 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/23 13:24:17.0489 6324 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/23 13:24:17.0552 6324 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/23 13:24:17.0599 6324 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/08/23 13:24:17.0645 6324 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/23 13:24:17.0708 6324 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/23 13:24:17.0770 6324 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/23 13:24:17.0833 6324 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/23 13:24:17.0926 6324 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/23 13:24:18.0020 6324 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/23 13:24:18.0113 6324 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/23 13:24:18.0160 6324 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/23 13:24:18.0269 6324 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/23 13:24:18.0316 6324 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/23 13:24:18.0347 6324 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/23 13:24:18.0410 6324 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/23 13:24:18.0457 6324 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/23 13:24:18.0488 6324 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/23 13:24:18.0519 6324 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/08/23 13:24:18.0613 6324 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/23 13:24:18.0644 6324 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/23 13:24:18.0691 6324 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/23 13:24:18.0737 6324 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/23 13:24:18.0800 6324 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/23 13:24:18.0878 6324 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/08/23 13:24:18.0940 6324 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/23 13:24:19.0003 6324 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/23 13:24:19.0034 6324 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/23 13:24:19.0096 6324 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/23 13:24:19.0159 6324 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/08/23 13:24:19.0221 6324 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/23 13:24:19.0315 6324 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/23 13:24:19.0502 6324 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/08/23 13:24:19.0907 6324 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/23 13:24:19.0970 6324 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/23 13:24:20.0001 6324 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/23 13:24:20.0095 6324 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/08/23 13:24:20.0266 6324 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/23 13:24:20.0360 6324 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/08/23 13:24:20.0453 6324 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/08/23 13:24:20.0547 6324 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/23 13:24:20.0641 6324 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/23 13:24:20.0719 6324 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/23 13:24:20.0765 6324 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/08/23 13:24:20.0828 6324 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/08/23 13:24:20.0859 6324 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/23 13:24:20.0937 6324 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/23 13:24:21.0015 6324 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/23 13:24:21.0077 6324 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/23 13:24:21.0311 6324 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/23 13:24:21.0389 6324 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/23 13:24:21.0499 6324 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/23 13:24:21.0686 6324 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/23 13:24:21.0967 6324 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/23 13:24:22.0154 6324 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/23 13:24:22.0310 6324 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/23 13:24:22.0403 6324 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/23 13:24:22.0513 6324 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/23 13:24:22.0622 6324 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/23 13:24:22.0700 6324 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/23 13:24:22.0778 6324 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/23 13:24:22.0856 6324 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/23 13:24:22.0918 6324 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/23 13:24:22.0965 6324 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/23 13:24:23.0074 6324 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/23 13:24:23.0121 6324 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/08/23 13:24:23.0183 6324 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/08/23 13:24:23.0261 6324 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/23 13:24:23.0339 6324 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/08/23 13:24:23.0433 6324 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/23 13:24:23.0480 6324 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/23 13:24:23.0542 6324 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/23 13:24:23.0620 6324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/23 13:24:23.0683 6324 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/23 13:24:23.0745 6324 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/23 13:24:23.0807 6324 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/23 13:24:23.0901 6324 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/23 13:24:23.0917 6324 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/23 13:24:23.0948 6324 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/23 13:24:23.0979 6324 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/23 13:24:24.0041 6324 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/23 13:24:24.0104 6324 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/23 13:24:24.0151 6324 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/23 13:24:24.0197 6324 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/23 13:24:24.0322 6324 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/08/23 13:24:24.0369 6324 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/23 13:24:24.0463 6324 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/08/23 13:24:24.0525 6324 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/08/23 13:24:24.0712 6324 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/08/23 13:24:24.0806 6324 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/23 13:24:24.0884 6324 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/23 13:24:24.0946 6324 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/08/23 13:24:25.0040 6324 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/23 13:24:25.0321 6324 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
2011/08/23 13:24:25.0601 6324 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/23 13:24:25.0664 6324 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/23 13:24:25.0711 6324 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/23 13:24:25.0773 6324 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/23 13:24:25.0835 6324 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/23 13:24:25.0913 6324 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/23 13:24:26.0069 6324 tmlwf (de4646f17ed18c418a9a92e2e0b422cb) C:\Windows\system32\DRIVERS\tmlwf.sys
2011/08/23 13:24:26.0147 6324 tmpreflt (803ee35df92815ea5d41cee7410c8cc1) C:\Windows\system32\DRIVERS\tmpreflt.sys
2011/08/23 13:24:26.0194 6324 tmtdi (c12d4e5e96a8ce0fd6f74f9c43191cfe) C:\Windows\system32\DRIVERS\tmtdi.sys
2011/08/23 13:24:26.0241 6324 tmwfp (d21c06bac748fac933c817e8e312e316) C:\Windows\system32\DRIVERS\tmwfp.sys
2011/08/23 13:24:26.0303 6324 tmxpflt (9bd32132a3470cefb3cbea5fa492bd6f) C:\Windows\system32\DRIVERS\tmxpflt.sys
2011/08/23 13:24:26.0428 6324 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/23 13:24:26.0491 6324 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/23 13:24:26.0537 6324 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/23 13:24:26.0647 6324 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/23 13:24:26.0756 6324 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/23 13:24:26.0834 6324 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/23 13:24:26.0896 6324 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/23 13:24:26.0959 6324 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/23 13:24:27.0021 6324 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/23 13:24:27.0115 6324 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/23 13:24:27.0161 6324 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/08/23 13:24:27.0271 6324 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/23 13:24:27.0364 6324 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/23 13:24:27.0411 6324 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/23 13:24:27.0489 6324 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/23 13:24:27.0551 6324 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/23 13:24:27.0645 6324 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
2011/08/23 13:24:27.0707 6324 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/23 13:24:27.0801 6324 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/23 13:24:27.0863 6324 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/23 13:24:27.0941 6324 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/23 13:24:28.0004 6324 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/23 13:24:28.0066 6324 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/23 13:24:28.0113 6324 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/23 13:24:28.0175 6324 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/08/23 13:24:28.0253 6324 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/23 13:24:28.0347 6324 vsapint (b01ce1f5a44126892240d179a6dbd43f) C:\Windows\system32\DRIVERS\vsapint.sys
2011/08/23 13:24:28.0409 6324 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/23 13:24:28.0487 6324 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/23 13:24:28.0519 6324 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/23 13:24:28.0581 6324 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/23 13:24:28.0643 6324 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/23 13:24:28.0675 6324 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/23 13:24:28.0753 6324 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/23 13:24:28.0909 6324 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/23 13:24:29.0018 6324 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/23 13:24:29.0065 6324 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/23 13:24:29.0158 6324 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/23 13:24:29.0221 6324 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/23 13:24:29.0314 6324 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/23 13:24:29.0392 6324 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/08/23 13:24:29.0439 6324 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/23 13:24:29.0517 6324 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/08/23 13:24:29.0595 6324 MBR (0x1B8) (dec1d91a56af1af766d8737c5be2c288) \Device\Harddisk0\DR0
2011/08/23 13:24:29.0611 6324 Boot (0x1200) (76731047092e04e7919d991b6e955972) \Device\Harddisk0\DR0\Partition0
2011/08/23 13:24:29.0626 6324 Boot (0x1200) (22fb15c8cbc53768d594fe38053866a2) \Device\Harddisk0\DR0\Partition1
2011/08/23 13:24:29.0969 6324 Boot (0x1200) (0ff23c219025109388df8fdb89780c16) \Device\Harddisk0\DR0\Partition2
2011/08/23 13:24:30.0047 6324 Boot (0x1200) (fd3afe1cdaf0137909c969fa7e28d003) \Device\Harddisk0\DR0\Partition3
2011/08/23 13:24:30.0063 6324 ================================================================================
2011/08/23 13:24:30.0063 6324 Scan finished
2011/08/23 13:24:30.0063 6324 ================================================================================
2011/08/23 13:24:30.0079 5984 Detected object count: 0
2011/08/23 13:24:30.0079 5984 Actual detected object count: 0
  • 0

#7
llustig

llustig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Compal
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv4 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 242):
0x02E0E000 \SystemRoot\system32\ntoskrnl.exe
0x033EA000 \SystemRoot\system32\hal.dll
0x00B98000 \SystemRoot\system32\kdcom.dll
0x00CDF000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CEC000 \SystemRoot\system32\PSHED.dll
0x00D00000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EC4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F68000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F77000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FCE000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FD7000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00E49000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00E73000 \SystemRoot\System32\drivers\partmgr.sys
0x00E88000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E91000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E9D000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D5E000 \SystemRoot\System32\drivers\volmgrx.sys
0x00EB2000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00FE1000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FF1000 \SystemRoot\system32\DRIVERS\aliide.sys
0x00FF8000 \SystemRoot\system32\DRIVERS\amdide.sys
0x00EBA000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x00DBA000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DD4000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x010E9000 \SystemRoot\system32\drivers\nvraid.sys
0x01111000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01141000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01148000 \SystemRoot\system32\DRIVERS\viaide.sys
0x012DB000 \SystemRoot\system32\drivers\iaStorV.sys
0x01200000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01209000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01233000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x01250000 \SystemRoot\system32\DRIVERS\storport.sys
0x012B2000 \SystemRoot\system32\DRIVERS\msahci.sys
0x012BD000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x01150000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x01000000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x01056000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x01085000 \SystemRoot\system32\drivers\amdsata.sys
0x0140D000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x01454000 \SystemRoot\system32\drivers\amdxata.sys
0x0145F000 \SystemRoot\system32\DRIVERS\arc.sys
0x01478000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x01493000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x0151A000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x0152B000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x0154A000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x0155D000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x0157C000 \SystemRoot\system32\DRIVERS\megasas.sys
0x016EF000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x01793000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x017A3000 \SystemRoot\system32\drivers\nvstor.sys
0x0183B000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x01600000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x019DF000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x01800000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x01818000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x0165F000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01689000 \SystemRoot\system32\drivers\fltmgr.sys
0x01822000 \SystemRoot\system32\drivers\fileinfo.sys
0x01A04000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01588000 \SystemRoot\System32\Drivers\msrpc.sys
0x01BA6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01C75000 \SystemRoot\System32\Drivers\cng.sys
0x01CE8000 \SystemRoot\System32\drivers\pcw.sys
0x01CF9000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01D03000 \SystemRoot\system32\drivers\ndis.sys
0x01C00000 \SystemRoot\system32\drivers\NETIO.SYS
0x01BC0000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01E01000 \SystemRoot\System32\drivers\tcpip.sys
0x020EA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x02134000 \SystemRoot\system32\DRIVERS\wd.sys
0x0213C000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x02188000 \SystemRoot\System32\Drivers\spldr.sys
0x02190000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x021AD000 \SystemRoot\System32\drivers\rdyboost.sys
0x021E7000 \SystemRoot\System32\Drivers\mup.sys
0x02000000 \SystemRoot\System32\drivers\hwpolicy.sys
0x02009000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x02013000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0204D000 \SystemRoot\system32\DRIVERS\disk.sys
0x02063000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x020A3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x020CD000 \SystemRoot\System32\Drivers\Null.SYS
0x020D6000 \SystemRoot\System32\Drivers\Beep.SYS
0x01C60000 \SystemRoot\System32\drivers\vga.sys
0x017CE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01BEB000 \SystemRoot\System32\drivers\watchdog.sys
0x020DD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01DF5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x019ED000 \SystemRoot\system32\drivers\rdprefmp.sys
0x017F3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x016D5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x010A3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x015E6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03488000 \SystemRoot\system32\drivers\afd.sys
0x03511000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03556000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0355F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03585000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0359B000 \SystemRoot\system32\DRIVERS\tmlwf.sys
0x035D0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03400000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0341B000 \SystemRoot\system32\DRIVERS\tmtdi.sys
0x03435000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0429C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x042ED000 \SystemRoot\system32\drivers\nsiproxy.sys
0x042F9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04304000 \SystemRoot\System32\drivers\discache.sys
0x04313000 \SystemRoot\System32\Drivers\dfsc.sys
0x04331000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04342000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04368000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x04485000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04A9C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04B90000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04BD6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04C26000 \SystemRoot\system32\DRIVERS\athrx.sys
0x04DAF000 \SystemRoot\System32\Drivers\fastfat.SYS
0x04DE5000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04400000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04DF2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04C00000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0437D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04C0B000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x04439000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0444A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04C17000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x04468000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04200000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x0423F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04477000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0424E000 \SystemRoot\system32\DRIVERS\enecir.sys
0x0426B000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x0447C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04277000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x043D3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03449000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x043E9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x011CB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0346D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x035DF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x010C1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04C23000 \SystemRoot\system32\DRIVERS\swenum.sys
0x052C3000 \SystemRoot\system32\DRIVERS\ks.sys
0x05306000 \SystemRoot\system32\DRIVERS\circlass.sys
0x05318000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0532A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05384000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05399000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x053B9000 \SystemRoot\system32\drivers\portcls.sys
0x05200000 \SystemRoot\system32\drivers\drmk.sys
0x05222000 \SystemRoot\system32\drivers\ksthunk.sys
0x05228000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x0606D000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x0619E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x061A0000 \SystemRoot\system32\drivers\modem.sys
0x061AF000 \SystemRoot\system32\DRIVERS\hidir.sys
0x061C0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x061D9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x061E2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x061F0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x06000000 \SystemRoot\System32\drivers\Dxapi.sys
0x0600C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06029000 \SystemRoot\System32\Drivers\usbvideo.sys
0x06057000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004A0000 \SystemRoot\System32\TSDDD.dll
0x00760000 \SystemRoot\System32\cdd.dll
0x008A0000 \SystemRoot\System32\ATMFD.DLL
0x02C01000 \SystemRoot\system32\DRIVERS\udfs.sys
0x02C55000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02C63000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x02C6F000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x02C7A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x02C8D000 \SystemRoot\system32\drivers\luafv.sys
0x02CB0000 \SystemRoot\system32\DRIVERS\tmpreflt.sys
0x03000000 \SystemRoot\system32\DRIVERS\vsapint.sys
0x02CBF000 \SystemRoot\system32\DRIVERS\tmxpflt.sys
0x02D1E000 \SystemRoot\system32\drivers\WudfPf.sys
0x031E8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02D3F000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02D92000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02DA5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05C1B000 \SystemRoot\system32\drivers\HTTP.sys
0x05CE3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05D01000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05D19000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05D46000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05D94000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x068CD000 \SystemRoot\system32\drivers\peauth.sys
0x06973000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0697E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x069AB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07A2A000 \SystemRoot\system32\DRIVERS\tmwfp.sys
0x06800000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07E4B000 \SystemRoot\System32\DRIVERS\srv.sys
0x07F53000 \SystemRoot\system32\drivers\44984217.sys
0x76CE0000 \Windows\System32\ntdll.dll
0x47C90000 \Windows\System32\smss.exe
0xFF000000 \Windows\System32\apisetschema.dll
0xFF430000 \Windows\System32\autochk.exe
0xFEF50000 \Windows\System32\clbcatq.dll
0xFEE40000 \Windows\System32\msctf.dll
0xFEC60000 \Windows\System32\setupapi.dll
0xFEB80000 \Windows\System32\oleaut32.dll
0xFEB50000 \Windows\System32\imm32.dll
0xFEB00000 \Windows\System32\ws2_32.dll
0xFEA20000 \Windows\System32\advapi32.dll
0xFE9B0000 \Windows\System32\gdi32.dll
0xFE910000 \Windows\System32\msvcrt.dll
0xFE8F0000 \Windows\System32\sechost.dll
0xFE8E0000 \Windows\System32\nsi.dll
0xFE680000 \Windows\System32\iertutil.dll
0xFE550000 \Windows\System32\rpcrt4.dll
0x76EB0000 \Windows\System32\psapi.dll
0xFE4D0000 \Windows\System32\difxapi.dll
0x76BC0000 \Windows\System32\kernel32.dll
0xFE480000 \Windows\System32\Wldap32.dll
0xFE400000 \Windows\System32\shlwapi.dll
0xFE330000 \Windows\System32\usp10.dll
0xFE320000 \Windows\System32\lpk.dll
0x76EA0000 \Windows\System32\normaliz.dll
0x76AC0000 \Windows\System32\user32.dll
0xFE300000 \Windows\System32\imagehlp.dll
0xFE260000 \Windows\System32\comdlg32.dll
0xFE050000 \Windows\System32\ole32.dll
0xFD2C0000 \Windows\System32\shell32.dll
0xFD140000 \Windows\System32\urlmon.dll
0xFD010000 \Windows\System32\wininet.dll
0xFCF70000 \Windows\System32\comctl32.dll
0xFCF30000 \Windows\System32\cfgmgr32.dll
0xFCF10000 \Windows\System32\devobj.dll
0xFCED0000 \Windows\System32\wintrust.dll
0xFCE60000 \Windows\System32\KernelBase.dll
0xFCCF0000 \Windows\System32\crypt32.dll
0xFCCE0000 \Windows\System32\msasn1.dll
0x75890000 \Windows\SysWOW64\normaliz.dll

Processes (total 104):
0 System Idle Process
4 System
288 C:\Windows\System32\smss.exe
396 csrss.exe
464 C:\Windows\System32\wininit.exe
500 csrss.exe
528 C:\Windows\System32\services.exe
552 C:\Windows\System32\lsass.exe
560 C:\Windows\System32\lsm.exe
644 C:\Windows\System32\winlogon.exe
704 C:\Windows\System32\svchost.exe
812 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\atiesrxx.exe
932 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
408 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_dc6a6e8ef654da29\stacsv64.exe
1028 C:\Windows\System32\audiodg.exe
1076 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\hpservice.exe
1152 C:\Windows\System32\atieclxx.exe
1296 C:\Windows\System32\svchost.exe
1464 C:\Windows\System32\wlanext.exe
1472 C:\Windows\System32\conhost.exe
1552 C:\Windows\System32\spoolsv.exe
1584 C:\Windows\System32\svchost.exe
1704 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_dc6a6e8ef654da29\AESTSr64.exe
1788 C:\Program Files\LSI SoftModem\agr64svc.exe
1808 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1936 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1960 C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
2008 C:\ProgramData\api-ms-win-core-localization-l1-1-032.exe
1184 C:\ProgramData\ieaksie32.exe
1188 C:\ProgramData\iepeers32.exe
1656 C:\ProgramData\neth32.exe
1880 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
2064 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2096 C:\Windows\System32\spool\drivers\x64\3\lxduserv.exe
2120 C:\Windows\System32\lxducoms.exe
2172 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2196 C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
2268 C:\Windows\SysWOW64\UIAutomationCore32.exe
2300 C:\Windows\System32\svchost.exe
2336 C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
2548 C:\ProgramData\spwizimg32.exe
2572 C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
3004 C:\Windows\System32\taskhost.exe
2136 C:\Windows\System32\dwm.exe
3176 C:\Windows\explorer.exe
3292 C:\ProgramData\webio32.exe
3368 C:\Windows\System32\svchost.exe
3852 C:\Windows\System32\svchost.exe
4200 C:\Windows\System32\rundll32.exe
4468 C:\Program Files\Apoint2K\Apoint.exe
4480 C:\Program Files\IDT\WDM\sttray64.exe
4488 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
4676 C:\Program Files\Java\jre6\bin\jusched.exe
4696 C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
4912 C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
4948 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
5012 C:\Program Files\Apoint2K\ApMsgFwd.exe
5040 C:\Program Files\Apoint2K\ApntEx.exe
5064 C:\Windows\System32\conhost.exe
4140 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
4220 C:\Program Files\Windows Sidebar\sidebar.exe
3188 C:\Windows\System32\taskeng.exe
3948 C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
4792 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
5036 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
2344 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4108 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2352 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
472 C:\Windows\System32\SearchIndexer.exe
4628 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
4396 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
1696 C:\Program Files (x86)\iTunes\iTunesHelper.exe
1160 C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
3208 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
5264 WmiPrvSE.exe
5416 C:\Program Files\Windows Media Player\wmpnetwk.exe
5660 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
5796 C:\Program Files\iPod\bin\iPodService.exe
6000 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5584 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
5348 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
3612 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
3796 C:\Windows\System32\svchost.exe
3824 <unknown>
824 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2244 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5392 C:\Program Files (x86)\Internet Explorer\iexplore.exe
6172 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
7000 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe
6040 C:\Windows\System32\wuauclt.exe
4796 C:\Windows\System32\VSSVC.exe
2232 C:\Windows\System32\svchost.exe
6020 C:\Windows\System32\svchost.exe
6628 C:\Program Files\Java\jre6\bin\jucheck.exe
5148 C:\Users\Lindsay\Desktop\tdsskiller\TDSSKiller.exe
5448 C:\Windows\System32\SearchProtocolHost.exe
1148 C:\Windows\System32\SearchFilterHost.exe
5172 C:\Windows\System32\dllhost.exe
5644 C:\Users\Lindsay\Desktop\MBRCheck.exe
6792 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`31300000 (NTFS)

PhysicalDrive0 Model Number: ST9320423AS, Rev: 0006HPM1

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: CBCD51E4B6EE11DD843B0D66AA170585FC7A9A16


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
How is your system now? Do you still get redirected?

Please do OTL Quick Scan and make sure All Users option is selected. Post log after the scan.
  • 0

#9
llustig

llustig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I still get redirected but it isn't happening as much.

Here is the OTL report:

OTL logfile created on: 8/23/2011 10:41:17 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Lindsay\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 60.63% Memory free
7.49 Gb Paging File | 5.66 Gb Available in Paging File | 75.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.57 Gb Total Space | 193.40 Gb Free Space | 67.96% Space Free | Partition Type: NTFS
Drive D: | 13.22 Gb Total Space | 2.20 Gb Free Space | 16.65% Space Free | Partition Type: NTFS

Computer Name: LINDSAY-PC | User Name: Lindsay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/22 13:38:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Lindsay\Desktop\OTL.scr
PRC - [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\ProgramData\webio32.exe
PRC - [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\Windows\SysWOW64\UIAutomationCore32.exe
PRC - [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\ProgramData\spwizimg32.exe
PRC - [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\ProgramData\neth32.exe
PRC - [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\ProgramData\iepeers32.exe
PRC - [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\ProgramData\ieaksie32.exe
PRC - [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\ProgramData\api-ms-win-core-localization-l1-1-032.exe
PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/16 16:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/10/27 23:31:14 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/07/24 00:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 15:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/09/10 07:11:12 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/13 11:27:04 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\7cc7d753f499e27b4bd8a45c3e81c73e\System.Management.ni.dll
MOD - [2011/08/13 11:14:20 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60aa01ac9637903f30ac346c55ce58bb\PresentationFramework.Aero.ni.dll
MOD - [2011/08/13 11:14:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll
MOD - [2011/08/13 11:13:59 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\86f429e0a23238cf277d464bd0433d86\System.Data.ni.dll
MOD - [2011/08/13 11:13:48 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\462ca53f84ff85f159d5555d91a5e28d\PresentationFramework.ni.dll
MOD - [2011/08/13 11:13:33 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
MOD - [2011/08/13 11:13:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
MOD - [2011/08/13 11:13:24 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\efadc7a54e78f3755da53c95bdc293fd\UIAutomationTypes.ni.dll
MOD - [2011/08/13 11:13:23 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\c23f8386031ea70eb7bdb59367fe2f0f\UIAutomationProvider.ni.dll
MOD - [2011/08/13 11:13:23 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5c6e1a094b1e65c69b528151cc19b1ee\Accessibility.ni.dll
MOD - [2011/08/13 11:13:22 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\808e41877f992187276492aa2e55e909\PresentationCore.ni.dll
MOD - [2011/08/13 11:13:11 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll
MOD - [2011/08/13 11:13:05 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
MOD - [2011/08/13 11:13:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
MOD - [2011/08/13 11:13:00 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
MOD - [2011/08/13 11:12:54 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2011/06/28 11:48:27 | 000,123,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/09/16 16:04:50 | 000,095,528 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/09/16 16:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/03/19 10:45:36 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/03/19 10:45:36 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/03/19 10:45:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/07/23 15:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/15 20:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/07/15 20:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/15 20:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/07/15 20:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/07/15 20:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/07/15 20:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/07/15 20:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/07/15 20:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/06/10 17:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/09/10 07:11:12 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
MOD - [2008/09/10 06:29:46 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Printable Web\resource.dll
MOD - [2008/09/10 06:29:29 | 000,180,224 | ---- | M] () -- C:\Program Files\Lexmark Printable Web\bho.dll
MOD - [2008/09/10 06:28:56 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll
MOD - [2008/09/10 06:28:45 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll
MOD - [2008/09/10 06:28:44 | 001,036,288 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudrs.dll
MOD - [2008/09/10 06:08:35 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll
MOD - [2008/05/23 08:02:14 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
MOD - [2008/05/23 08:02:05 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducats.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/03 20:36:16 | 006,315,664 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV:64bit: - [2010/10/07 07:42:36 | 000,833,944 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2009/09/03 05:07:48 | 000,593,864 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV:64bit: - [2009/09/03 04:44:36 | 000,900,360 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 17:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/07/02 14:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/29 16:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_dc6a6e8ef654da29\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/03 04:39:56 | 000,565,512 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_dc6a6e8ef654da29\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/05/23 08:58:53 | 001,040,552 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device)
SRV:64bit: - [2008/05/23 08:58:45 | 000,033,960 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () [Auto | Running] -- C:\ProgramData\spwizimg32.exe -- (vds32)
SRV - [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () [Auto | Running] -- C:\ProgramData\webio32.exe -- (UxSms32)
SRV - [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\UIAutomationCore32.exe -- (Spooler32)
SRV - [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () [Auto | Running] -- C:\ProgramData\neth32.exe -- (eventlog3232)
SRV - [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () [Auto | Running] -- C:\ProgramData\ieaksie32.exe -- (eventlog32)
SRV - [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () [Auto | Running] -- C:\ProgramData\api-ms-win-core-localization-l1-1-032.exe -- (DcomLaunch32)
SRV - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/05/23 08:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxducoms.exe -- (lxdu_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/07/30 13:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2010/07/30 13:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2010/07/30 13:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)
DRV:64bit: - [2010/06/08 12:43:38 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/28 17:28:06 | 000,140,128 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 17:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 17:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/07/02 14:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 16:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 06:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/20 18:09:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/12 22:39:00 | 000,239,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/03 10:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/03/03 19:12:46 | 000,096,784 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/03/03 19:12:42 | 000,305,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2009/03/03 19:12:42 | 000,199,696 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5A CF D7 01 1F 29 35 41 AE 29 DD AF F7 10 9E F7 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5A CF D7 01 1F 29 35 41 AE 29 DD AF F7 10 9E F7 [binary data]

IE - HKU\S-1-5-21-1473292723-2040577135-3555990526-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cnnb
IE - HKU\S-1-5-21-1473292723-2040577135-3555990526-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.washingtonpost.com/
IE - HKU\S-1-5-21-1473292723-2040577135-3555990526-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1473292723-2040577135-3555990526-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {326be4bf-60ed-475a-b8f4-b958b1b1ff32}:1.0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Lindsay\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Lindsay\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Lindsay\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lindsay\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lindsay\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/24 18:14:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/05 00:08:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/05 00:08:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Lindsay\AppData\Roaming\Move Networks [2010/01/24 01:14:48 | 000,000,000 | ---D | M]

[2010/01/29 16:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lindsay\AppData\Roaming\Mozilla\Extensions
[2011/08/21 22:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\bdib9m23.default\extensions
[2010/06/13 17:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/08/24 18:14:27 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/01/24 01:14:48 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\LINDSAY\APPDATA\ROAMING\MOVE NETWORKS
File not found (No name found) -- C:\USERS\LINDSAY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BDIB9M23.DEFAULT\EXTENSIONS\{326BE4BF-60ED-475A-B8F4-B958B1B1FF32}

O1 HOSTS File: ([2011/08/23 12:01:06 | 000,000,635 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {01D7CF5A-291F-4135-AE29-DDAFF7109EF7} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\13.0.782.215\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKU\S-1-5-21-1473292723-2040577135-3555990526-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [lxduamon] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe ()
O4:64bit: - HKLM..\Run: [lxdumon.exe] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\.DEFAULT..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-18..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-19..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1473292723-2040577135-3555990526-1000..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-1473292723-2040577135-3555990526-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1473292723-2040577135-3555990526-1000\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18:64bit: - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\13.0.782.215\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\ProgramData\api-ms-win-core-localization-l1-1-032.dll) - C:\ProgramData\api-ms-win-core-localization-l1-1-032.dll (People Can Fly)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/23 13:23:39 | 000,000,000 | ---D | C] -- C:\Users\Lindsay\Desktop\tdsskiller
[2011/08/23 13:11:06 | 000,155,648 | ---- | C] (People Can Fly) -- C:\ProgramData\api-ms-win-core-localization-l1-1-032.dll
[2011/08/23 13:06:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/22 13:38:19 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Lindsay\Desktop\OTL.scr
[2011/08/21 22:36:55 | 000,000,000 | ---D | C] -- C:\Users\Lindsay\Desktop\GooredFix Backups
[2011/08/21 22:36:39 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Lindsay\Desktop\GooredFix.exe
[2011/08/21 22:19:55 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/08/21 22:12:14 | 000,110,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\20986349.sys
[2011/08/21 21:19:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/21 21:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/21 21:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/06/13 17:36:15 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll
[2010/06/13 17:36:15 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll
[2010/06/13 17:36:14 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll
[2010/06/13 17:36:12 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll
[2010/06/13 17:36:11 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll
[2010/06/13 17:36:10 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll
[2010/06/13 17:36:09 | 000,679,936 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll
[2010/06/13 17:36:09 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduih.exe
[2010/06/13 17:36:08 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducoms.exe
[2010/06/13 17:36:07 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll
[2010/06/13 17:36:07 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll
[2010/06/13 17:36:06 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducfg.exe
[5 C:\Users\Lindsay\Documents\*.tmp files -> C:\Users\Lindsay\Documents\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/23 23:08:18 | 000,000,635 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2011/08/23 23:05:43 | 000,000,635 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2011/08/23 23:03:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1473292723-2040577135-3555990526-1000UA.job
[2011/08/23 23:03:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/23 22:39:34 | 000,000,039 | ---- | M] () -- C:\ProgramData\5006cd4c
[2011/08/23 22:05:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/23 13:25:52 | 000,080,384 | ---- | M] () -- C:\Users\Lindsay\Desktop\MBRCheck.exe
[2011/08/23 13:24:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/23 13:24:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/23 13:23:32 | 001,390,139 | ---- | M] () -- C:\Users\Lindsay\Desktop\tdsskiller.zip
[2011/08/23 13:17:28 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/23 13:17:08 | 000,000,140 | ---- | M] () -- C:\Windows\SysWow64\2049498428
[2011/08/23 13:16:52 | 3016,904,704 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/23 13:11:06 | 000,155,648 | ---- | M] (People Can Fly) -- C:\ProgramData\api-ms-win-core-localization-l1-1-032.dll
[2011/08/23 12:01:06 | 000,000,635 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/08/23 12:00:48 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1473292723-2040577135-3555990526-1000Core.job
[2011/08/22 15:06:18 | 000,000,512 | ---- | M] () -- C:\Users\Lindsay\Desktop\MBR.dat
[2011/08/22 13:53:57 | 000,302,592 | ---- | M] () -- C:\Users\Lindsay\qy46ps5f.exe
[2011/08/22 13:38:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Lindsay\Desktop\OTL.scr
[2011/08/21 22:36:48 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Lindsay\Desktop\GooredFix.exe
[2011/08/21 22:32:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLindsay.job
[2011/08/21 22:19:57 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2011/08/21 22:12:14 | 000,110,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\20986349.sys
[2011/08/21 21:18:44 | 000,001,108 | ---- | M] () -- C:\Users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/21 21:18:36 | 000,000,909 | ---- | M] () -- C:\Users\Lindsay\Desktop\ERUNT.lnk
[2011/08/17 00:38:59 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/17 00:38:59 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/17 00:38:59 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\ProgramData\webio32.exe
[2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\Windows\SysWow64\UIAutomationCore32.exe
[2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\ProgramData\spwizimg32.exe
[2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\ProgramData\neth32.exe
[2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\ProgramData\iepeers32.exe
[2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\ProgramData\ieaksie32.exe
[2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\ProgramData\api-ms-win-core-localization-l1-1-032.exe
[2011/08/13 16:35:36 | 000,602,672 | ---- | M] () -- C:\Users\Lindsay\Documents\BMGT357_MarketingAudit.pdf
[2011/07/29 12:34:30 | 000,093,460 | ---- | M] () -- C:\Users\Lindsay\Documents\BMGT357_OrganizationalStructure.pdf
[5 C:\Users\Lindsay\Documents\*.tmp files -> C:\Users\Lindsay\Documents\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/23 14:03:56 | 000,000,039 | ---- | C] () -- C:\ProgramData\5006cd4c
[2011/08/23 13:25:46 | 000,080,384 | ---- | C] () -- C:\Users\Lindsay\Desktop\MBRCheck.exe
[2011/08/23 13:23:20 | 001,390,139 | ---- | C] () -- C:\Users\Lindsay\Desktop\tdsskiller.zip
[2011/08/23 13:17:08 | 000,705,024 | ---- | C] () -- C:\ProgramData\webio32.exe
[2011/08/23 13:11:46 | 000,705,024 | ---- | C] () -- C:\ProgramData\neth32.exe
[2011/08/23 13:11:45 | 000,705,024 | ---- | C] () -- C:\ProgramData\ieaksie32.exe
[2011/08/23 13:11:44 | 000,705,024 | ---- | C] () -- C:\ProgramData\spwizimg32.exe
[2011/08/23 13:11:07 | 000,705,024 | ---- | C] () -- C:\ProgramData\iepeers32.exe
[2011/08/23 13:11:07 | 000,705,024 | ---- | C] () -- C:\ProgramData\api-ms-win-core-localization-l1-1-032.exe
[2011/08/23 13:11:06 | 000,000,140 | ---- | C] () -- C:\Windows\SysWow64\2049498428
[2011/08/22 15:06:18 | 000,000,512 | ---- | C] () -- C:\Users\Lindsay\Desktop\MBR.dat
[2011/08/22 13:53:55 | 000,302,592 | ---- | C] () -- C:\Users\Lindsay\qy46ps5f.exe
[2011/08/21 21:18:44 | 000,001,108 | ---- | C] () -- C:\Users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/21 21:18:36 | 000,000,909 | ---- | C] () -- C:\Users\Lindsay\Desktop\ERUNT.lnk
[2011/08/14 22:33:41 | 000,705,024 | ---- | C] () -- C:\Windows\SysWow64\UIAutomationCore32.exe
[2011/08/13 16:35:33 | 000,602,672 | ---- | C] () -- C:\Users\Lindsay\Documents\BMGT357_MarketingAudit.pdf
[2011/07/29 12:34:30 | 000,093,460 | ---- | C] () -- C:\Users\Lindsay\Documents\BMGT357_OrganizationalStructure.pdf
[2011/04/21 14:30:40 | 000,231,313 | ---- | C] () -- C:\Users\Lindsay\AppData\Local\tmpIMG00011-20110419-1213[1].2
[2011/04/21 14:30:40 | 000,229,954 | ---- | C] () -- C:\Users\Lindsay\AppData\Local\tmpIMG00011-20110419-1213[1].1
[2011/02/26 18:32:00 | 000,001,854 | ---- | C] () -- C:\Users\Lindsay\AppData\Roaming\GhostObjGAFix.xml
[2010/06/17 22:20:52 | 000,000,058 | ---- | C] () -- C:\Windows\OSA.INI
[2010/06/13 17:36:17 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll
[2010/06/13 17:36:16 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll
[2010/06/13 17:24:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll
[2010/06/13 17:24:18 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll
[2010/06/13 17:24:17 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll
[2010/01/30 10:22:41 | 002,654,593 | ---- | C] () -- C:\Users\Lindsay\AppData\Local\tmpROMA-THE BEGINNINGS 016.JPG
[2010/01/24 12:43:21 | 000,005,120 | ---- | C] () -- C:\Users\Lindsay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/10 21:54:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/26 10:12:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/15 20:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/09/22 22:19:07 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\acccore
[2010/09/28 10:22:58 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/28 13:10:49 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\com.Shutterfly.ExpressUploader
[2010/05/18 23:00:37 | 000,000,000 | -HSD | M] -- C:\Users\Lindsay\AppData\Roaming\My Security Engine
[2010/08/18 18:51:05 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\WildTangent
[2011/02/07 17:10:33 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi llustig,

There are still some leftovers we need to remove.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :processes
    killallprocesses

    :OTL
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5A CF D7 01 1F 29 35 41 AE 29 DD AF F7 10 9E F7 [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5A CF D7 01 1F 29 35 41 AE 29 DD AF F7 10 9E F7 [binary data]
    O2 - BHO: (no name) - {01D7CF5A-291F-4135-AE29-DDAFF7109EF7} - File not found
    O3 - HKU\S-1-5-21-1473292723-2040577135-3555990526-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O20 - AppInit_DLLs: (C:\ProgramData\api-ms-win-core-localization-l1-1-032.dll) - C:\ProgramData\api-ms-win-core-localization-l1-1-032.dll (People Can Fly)
    [2011/08/23 13:11:06 | 000,155,648 | ---- | C] (People Can Fly) -- C:\ProgramData\api-ms-win-core-localization-l1-1-032.dll
    [2011/08/23 23:08:18 | 000,000,635 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
    [2011/08/23 23:05:43 | 000,000,635 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
    [2011/08/23 22:39:34 | 000,000,039 | ---- | M] () -- C:\ProgramData\5006cd4c
    [2011/08/23 13:17:08 | 000,000,140 | ---- | M] () -- C:\Windows\SysWow64\2049498428
    [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\ProgramData\webio32.exe
    [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\Windows\SysWow64\UIAutomationCore32.exe
    [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\ProgramData\spwizimg32.exe
    [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\ProgramData\neth32.exe
    [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\ProgramData\iepeers32.exe
    [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\ProgramData\ieaksie32.exe
    [2011/08/14 22:33:31 | 000,705,024 | ---- | M] () -- C:\ProgramData\api-ms-win-core-localization-l1-1-032.exe

    :Reg
    [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please do OTL Quick Scan and make sure All Users option is selected. Post log after the scan.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
  • New OTL scan log
It would be helpful if you could post each log in separate post
  • 0

Advertisements


#11
llustig

llustig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL Repot

========== PROCESSES ==========
All processes killed
========== OTL ==========
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01D7CF5A-291F-4135-AE29-DDAFF7109EF7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01D7CF5A-291F-4135-AE29-DDAFF7109EF7}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1473292723-2040577135-3555990526-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\ProgramData\api-ms-win-core-localization-l1-1-032.dll deleted successfully.
C:\ProgramData\api-ms-win-core-localization-l1-1-032.dll moved successfully.
File C:\ProgramData\api-ms-win-core-localization-l1-1-032.dll not found.
C:\Windows\SysNative\drivers\etc\tmvsthfud.bin moved successfully.
C:\Windows\SysNative\drivers\etc\tmvsthfss.bin moved successfully.
C:\ProgramData\5006cd4c moved successfully.
C:\Windows\SysWOW64\2049498428 moved successfully.
C:\ProgramData\webio32.exe moved successfully.
C:\Windows\SysWOW64\UIAutomationCore32.exe moved successfully.
C:\ProgramData\spwizimg32.exe moved successfully.
C:\ProgramData\neth32.exe moved successfully.
C:\ProgramData\iepeers32.exe moved successfully.
C:\ProgramData\ieaksie32.exe moved successfully.
C:\ProgramData\api-ms-win-core-localization-l1-1-032.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.5 log created on 08242011_115825

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#12
llustig

llustig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ComboFix Report

ComboFix 11-08-24.02 - Lindsay 08/24/2011 12:09:29.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2395 [GMT -4:00]
Running from: c:\users\Lindsay\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FunWebProducts
c:\programdata\SPLD6DB.tmp
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\My Security Engine.lnk
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Security Engine.lnk
c:\users\Lindsay\AppData\Roaming\My Security Engine
c:\users\Lindsay\AppData\Roaming\My Security Engine\cookies.sqlite
c:\users\Lindsay\AppData\Roaming\My Security Engine\Instructions.ini
c:\users\Lindsay\Documents\~WRL0001.tmp
c:\users\Lindsay\Documents\~WRL2742.tmp
c:\users\Lindsay\Documents\~WRL2750.tmp
c:\users\Lindsay\Documents\~WRL3349.tmp
c:\users\Lindsay\Documents\~WRL3454.tmp
c:\users\Lindsay\qy46ps5f.exe
c:\users\Public\videos\HP MediaSmart Demo.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-24 to 2011-08-24 )))))))))))))))))))))))))))))))
.
.
2011-08-24 16:24 . 2011-08-24 16:24 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-08-24 16:24 . 2011-08-24 16:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-23 17:06 . 2011-08-23 17:06 -------- d-----w- C:\_OTL
2011-08-22 02:19 . 2011-08-24 16:34 27 ----a-w- c:\windows\system32\drivers\etc\tmvsthfud.bin
2011-08-22 02:19 . 2011-08-24 16:32 27 ----a-w- c:\windows\system32\drivers\etc\tmvsthfss.bin
2011-08-22 02:19 . 2011-08-22 02:19 -------- d-----w- C:\_OTM
2011-08-22 02:12 . 2011-08-22 02:12 110896 ----a-w- c:\windows\system32\drivers\20986349.sys
2011-08-22 01:18 . 2011-08-22 01:18 -------- d-----w- c:\program files (x86)\ERUNT
2011-08-10 20:30 . 2011-06-21 06:27 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 04:32 . 2011-08-10 20:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-11 02:56 . 2011-07-14 02:18 3134464 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-08-24 148888]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
.
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DcomLaunch32;DCOM Server Process Launcher ;c:\programdata\api-ms-win-core-localization-l1-1-032.exe [x]
R2 eventlog32;Windows Event Log ;c:\programdata\ieaksie32.exe [x]
R2 eventlog3232;Windows Event Log ;c:\programdata\neth32.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 135664]
R2 Spooler32;Print Spooler ;c:\windows\system32\UIAutomationCore32.exe [x]
R2 UxSms32;Desktop Window Manager Session Manager ;c:\programdata\webio32.exe [x]
R2 vds32;Virtual Disk ;c:\programdata\spwizimg32.exe [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_dc6a6e8ef654da29\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2008-05-23 1040552]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [2008-05-23 33960]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-09-03 593864]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-09-03 900360]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 15:15 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 01:31]
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 01:31]
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1473292723-2040577135-3555990526-1000Core.job
- c:\users\Lindsay\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-01 22:31]
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1473292723-2040577135-3555990526-1000UA.job
- c:\users\Lindsay\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-01 22:31]
.
2011-08-22 c:\windows\Tasks\HPCeeScheduleForLindsay.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 318464]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-24 171520]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-10-20 991504]
"lxdumon.exe"="c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520]
"lxduamon"="c:\program files (x86)\Lexmark 5600-6600 Series\lxduamon.exe" [2008-09-10 16040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.washingtonpost.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.73.246 68.87.71.230
FF - ProfilePath - c:\users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\bdib9m23.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: HP Smart Web Printing: [email protected] - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Move Media Player: [email protected] - c:\users\Lindsay\AppData\Roaming\Move Networks
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
**************************************************************************
.
Completion time: 2011-08-24 12:56:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-24 16:56
.
Pre-Run: 207,320,014,848 bytes free
Post-Run: 206,615,625,728 bytes free
.
- - End Of File - - 3318E231E06CB8B4644E886036BF0C0F
  • 0

#13
llustig

llustig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I think the virus might be gone! I don't seem to be getting redirected anymore.

New OTL Report

OTL logfile created on: 8/24/2011 1:27:36 PM - Run 3
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Lindsay\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 55.24% Memory free
7.49 Gb Paging File | 5.74 Gb Available in Paging File | 76.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.57 Gb Total Space | 193.17 Gb Free Space | 67.88% Space Free | Partition Type: NTFS
Drive D: | 13.22 Gb Total Space | 2.20 Gb Free Space | 16.65% Space Free | Partition Type: NTFS

Computer Name: LINDSAY-PC | User Name: Lindsay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/22 13:38:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Lindsay\Desktop\OTL.scr
PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/16 16:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/07/24 00:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 15:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/09/10 07:11:12 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/13 11:27:04 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\7cc7d753f499e27b4bd8a45c3e81c73e\System.Management.ni.dll
MOD - [2011/08/13 11:14:20 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60aa01ac9637903f30ac346c55ce58bb\PresentationFramework.Aero.ni.dll
MOD - [2011/08/13 11:14:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll
MOD - [2011/08/13 11:13:59 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\86f429e0a23238cf277d464bd0433d86\System.Data.ni.dll
MOD - [2011/08/13 11:13:48 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\462ca53f84ff85f159d5555d91a5e28d\PresentationFramework.ni.dll
MOD - [2011/08/13 11:13:33 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
MOD - [2011/08/13 11:13:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
MOD - [2011/08/13 11:13:24 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\efadc7a54e78f3755da53c95bdc293fd\UIAutomationTypes.ni.dll
MOD - [2011/08/13 11:13:23 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\c23f8386031ea70eb7bdb59367fe2f0f\UIAutomationProvider.ni.dll
MOD - [2011/08/13 11:13:23 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5c6e1a094b1e65c69b528151cc19b1ee\Accessibility.ni.dll
MOD - [2011/08/13 11:13:22 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\808e41877f992187276492aa2e55e909\PresentationCore.ni.dll
MOD - [2011/08/13 11:13:11 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll
MOD - [2011/08/13 11:13:05 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
MOD - [2011/08/13 11:13:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
MOD - [2011/08/13 11:13:00 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
MOD - [2011/08/13 11:12:54 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2011/06/28 11:48:27 | 000,123,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/09/16 16:04:50 | 000,095,528 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/09/16 16:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/03/19 10:45:36 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/03/19 10:45:36 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/03/19 10:45:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/07/23 15:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/15 20:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/07/15 20:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/15 20:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/07/15 20:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/07/15 20:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/07/15 20:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/07/15 20:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/07/15 20:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/06/10 17:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/09/10 07:11:12 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
MOD - [2008/09/10 06:29:46 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Printable Web\resource.dll
MOD - [2008/09/10 06:29:29 | 000,180,224 | ---- | M] () -- C:\Program Files\Lexmark Printable Web\bho.dll
MOD - [2008/09/10 06:28:56 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll
MOD - [2008/09/10 06:28:45 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll
MOD - [2008/09/10 06:28:44 | 001,036,288 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudrs.dll
MOD - [2008/09/10 06:08:35 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll
MOD - [2008/05/23 08:02:14 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
MOD - [2008/05/23 08:02:05 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducats.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/03 20:36:16 | 006,315,664 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV:64bit: - [2010/10/07 07:42:36 | 000,833,944 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2009/09/03 05:07:48 | 000,593,864 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV:64bit: - [2009/09/03 04:44:36 | 000,900,360 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 17:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/07/02 14:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/29 16:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_dc6a6e8ef654da29\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/03 04:39:56 | 000,565,512 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_dc6a6e8ef654da29\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/05/23 08:58:53 | 001,040,552 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device)
SRV:64bit: - [2008/05/23 08:58:45 | 000,033,960 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/05/23 08:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxducoms.exe -- (lxdu_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/07/30 13:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2010/07/30 13:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2010/07/30 13:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)
DRV:64bit: - [2010/06/08 12:43:38 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/28 17:28:06 | 000,140,128 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 17:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 17:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/07/02 14:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 16:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 06:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/20 18:09:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/12 22:39:00 | 000,239,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/03 10:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/03/03 19:12:46 | 000,096,784 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/03/03 19:12:42 | 000,305,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2009/03/03 19:12:42 | 000,199,696 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1473292723-2040577135-3555990526-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.washingtonpost.com/
IE - HKU\S-1-5-21-1473292723-2040577135-3555990526-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1473292723-2040577135-3555990526-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {326be4bf-60ed-475a-b8f4-b958b1b1ff32}:1.0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Lindsay\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Lindsay\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Lindsay\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lindsay\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lindsay\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/24 18:14:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/05 00:08:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/05 00:08:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Lindsay\AppData\Roaming\Move Networks [2010/01/24 01:14:48 | 000,000,000 | ---D | M]

[2010/01/29 16:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lindsay\AppData\Roaming\Mozilla\Extensions
[2011/08/21 22:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\bdib9m23.default\extensions
[2010/06/13 17:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/08/24 18:14:27 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/01/24 01:14:48 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\LINDSAY\APPDATA\ROAMING\MOVE NETWORKS
File not found (No name found) -- C:\USERS\LINDSAY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BDIB9M23.DEFAULT\EXTENSIONS\{326BE4BF-60ED-475A-B8F4-B958B1B1FF32}

O1 HOSTS File: ([2011/08/24 12:28:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\13.0.782.215\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [lxduamon] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe ()
O4:64bit: - HKLM..\Run: [lxdumon.exe] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1473292723-2040577135-3555990526-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1473292723-2040577135-3555990526-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15:64bit: - ..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1473292723-2040577135-3555990526-1000\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18:64bit: - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\13.0.782.215\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/24 12:56:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/24 12:07:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/24 12:07:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/24 12:07:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/24 12:07:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/24 12:06:15 | 004,182,464 | R--- | C] (Swearware) -- C:\Users\Lindsay\Desktop\ComboFix.exe
[2011/08/23 13:23:39 | 000,000,000 | ---D | C] -- C:\Users\Lindsay\Desktop\tdsskiller
[2011/08/23 13:06:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/22 13:38:19 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Lindsay\Desktop\OTL.scr
[2011/08/21 22:36:55 | 000,000,000 | ---D | C] -- C:\Users\Lindsay\Desktop\GooredFix Backups
[2011/08/21 22:36:39 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Lindsay\Desktop\GooredFix.exe
[2011/08/21 22:19:55 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/08/21 22:12:14 | 000,110,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\20986349.sys
[2011/08/21 21:19:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/21 21:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/21 21:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/06/13 17:36:15 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll
[2010/06/13 17:36:15 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll
[2010/06/13 17:36:14 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll
[2010/06/13 17:36:12 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll
[2010/06/13 17:36:11 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll
[2010/06/13 17:36:10 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll
[2010/06/13 17:36:09 | 000,679,936 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll
[2010/06/13 17:36:09 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduih.exe
[2010/06/13 17:36:08 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducoms.exe
[2010/06/13 17:36:07 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll
[2010/06/13 17:36:07 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll
[2010/06/13 17:36:06 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducfg.exe

========== Files - Modified Within 30 Days ==========

[2011/08/24 13:31:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2011/08/24 13:30:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2011/08/24 13:03:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1473292723-2040577135-3555990526-1000UA.job
[2011/08/24 13:03:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/24 12:35:32 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/24 12:35:32 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/24 12:28:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/08/24 12:28:35 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/24 12:26:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/24 12:26:08 | 3016,904,704 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/24 12:06:48 | 004,182,464 | R--- | M] (Swearware) -- C:\Users\Lindsay\Desktop\ComboFix.exe
[2011/08/24 11:02:35 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1473292723-2040577135-3555990526-1000Core.job
[2011/08/23 13:25:52 | 000,080,384 | ---- | M] () -- C:\Users\Lindsay\Desktop\MBRCheck.exe
[2011/08/23 13:23:32 | 001,390,139 | ---- | M] () -- C:\Users\Lindsay\Desktop\tdsskiller.zip
[2011/08/22 15:06:18 | 000,000,512 | ---- | M] () -- C:\Users\Lindsay\Desktop\MBR.dat
[2011/08/22 13:38:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Lindsay\Desktop\OTL.scr
[2011/08/21 22:36:48 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Lindsay\Desktop\GooredFix.exe
[2011/08/21 22:32:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLindsay.job
[2011/08/21 22:19:57 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2011/08/21 22:12:14 | 000,110,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\20986349.sys
[2011/08/21 21:18:44 | 000,001,108 | ---- | M] () -- C:\Users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/21 21:18:36 | 000,000,909 | ---- | M] () -- C:\Users\Lindsay\Desktop\ERUNT.lnk
[2011/08/17 00:38:59 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/17 00:38:59 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/17 00:38:59 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/13 16:35:36 | 000,602,672 | ---- | M] () -- C:\Users\Lindsay\Documents\BMGT357_MarketingAudit.pdf
[2011/07/29 12:34:30 | 000,093,460 | ---- | M] () -- C:\Users\Lindsay\Documents\BMGT357_OrganizationalStructure.pdf

========== Files Created - No Company Name ==========

[2011/08/24 12:07:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/24 12:07:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/24 12:07:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/24 12:07:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/24 12:07:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/23 13:25:46 | 000,080,384 | ---- | C] () -- C:\Users\Lindsay\Desktop\MBRCheck.exe
[2011/08/23 13:23:20 | 001,390,139 | ---- | C] () -- C:\Users\Lindsay\Desktop\tdsskiller.zip
[2011/08/22 15:06:18 | 000,000,512 | ---- | C] () -- C:\Users\Lindsay\Desktop\MBR.dat
[2011/08/21 21:18:44 | 000,001,108 | ---- | C] () -- C:\Users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/21 21:18:36 | 000,000,909 | ---- | C] () -- C:\Users\Lindsay\Desktop\ERUNT.lnk
[2011/08/13 16:35:33 | 000,602,672 | ---- | C] () -- C:\Users\Lindsay\Documents\BMGT357_MarketingAudit.pdf
[2011/07/29 12:34:30 | 000,093,460 | ---- | C] () -- C:\Users\Lindsay\Documents\BMGT357_OrganizationalStructure.pdf
[2011/04/21 14:30:40 | 000,231,313 | ---- | C] () -- C:\Users\Lindsay\AppData\Local\tmpIMG00011-20110419-1213[1].2
[2011/04/21 14:30:40 | 000,229,954 | ---- | C] () -- C:\Users\Lindsay\AppData\Local\tmpIMG00011-20110419-1213[1].1
[2011/02/26 18:32:00 | 000,001,854 | ---- | C] () -- C:\Users\Lindsay\AppData\Roaming\GhostObjGAFix.xml
[2010/06/17 22:20:52 | 000,000,058 | ---- | C] () -- C:\Windows\OSA.INI
[2010/06/13 17:36:17 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll
[2010/06/13 17:36:16 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll
[2010/06/13 17:24:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll
[2010/06/13 17:24:18 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll
[2010/06/13 17:24:17 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll
[2010/01/30 10:22:41 | 002,654,593 | ---- | C] () -- C:\Users\Lindsay\AppData\Local\tmpROMA-THE BEGINNINGS 016.JPG
[2010/01/24 12:43:21 | 000,005,120 | ---- | C] () -- C:\Users\Lindsay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/10 21:54:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/26 10:12:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/15 20:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/09/22 22:19:07 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\acccore
[2010/09/28 10:22:58 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/28 13:10:49 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\com.Shutterfly.ExpressUploader
[2010/08/18 18:51:05 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\WildTangent
[2011/02/07 17:10:33 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Glad to hear that. Let's remove leftovers

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#15
llustig

llustig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7569

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/25/2011 3:18:34 PM
mbam-log-2011-08-25 (15-18-34).txt

Scan type: Quick scan
Objects scanned: 191568
Time elapsed: 7 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/...q={searchTerms}) Good: (http://www.google.co...age={startPage}) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Lindsay\AppData\Roaming\microsoft\internet explorer\quick launch\my security engine.lnk (Rogue.MySecurityEngine) -> Quarantined and deleted successfully.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP