Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

results5.google redirect logs per boopme


  • This topic is locked This topic is locked
10 replies to this topic

#1 scottpjohnson

scottpjohnson

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 30 July 2010 - 10:34 PM

OTL logfile created on: 7/29/2010 5:11:56 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Scott\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 447.21 Gb Total Space | 368.73 Gb Free Space | 82.45% Space Free | Partition Type: NTFS
Drive D: | 18.55 Gb Total Space | 9.76 Gb Free Space | 52.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 298.09 Gb Total Space | 54.82 Gb Free Space | 18.39% Space Free | Partition Type: NTFS
Drive K: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 297.44 Gb Total Space | 164.06 Gb Free Space | 55.16% Space Free | Partition Type: NTFS

Computer Name: JOHNSONFAMCOM
Current User Name: Scott
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/29 17:11:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
PRC - [2010/07/16 07:41:54 | 010,358,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2010/06/16 22:54:57 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/06/10 21:18:20 | 000,019,760 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/03 13:45:42 | 000,012,592 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
PRC - [2010/05/14 11:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/04/16 19:55:32 | 000,223,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:39 | 000,733,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
PRC - [2009/07/13 21:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/13 21:14:13 | 000,776,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
PRC - [2009/05/21 21:21:18 | 000,890,368 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe
PRC - [2009/05/14 07:25:14 | 000,205,312 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqdstcp.exe
PRC - [2009/05/14 07:22:36 | 001,762,816 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
PRC - [2008/09/23 11:20:00 | 000,415,072 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/05/07 20:28:58 | 000,589,824 | ---- | M] (TightVNC Group) -- C:\Program Files\TightVNC\WinVNC.exe
PRC - [2007/03/09 22:05:20 | 003,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe
PRC - [2007/02/15 06:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/03/20 18:34:50 | 000,213,936 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe


========== Modules (SafeList) ==========

MOD - [2010/07/29 17:11:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/06 04:00:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/04/29 03:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2007/05/07 20:28:58 | 000,589,824 | ---- | M] (TightVNC Group) [Auto | Running] -- C:\Program Files\TightVNC\WinVNC.exe -- (winvnc)
SRV - [2007/03/09 22:05:20 | 003,068,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Scott\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/04/03 18:55:31 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/01/20 16:53:06 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/01/20 16:53:04 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/08/14 09:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 09:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/08/04 09:48:20 | 002,744,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/31 00:12:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 18:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/22 22:35:00 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/06/22 22:35:00 | 000,139,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvrd32.sys -- (nvrd32)
DRV - [2009/05/28 15:46:18 | 000,391,296 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2009/04/29 03:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/02/13 05:58:30 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2009/02/13 05:57:28 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2009/02/13 05:56:32 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7070

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.iwon.com/iwon-homepage/home.jhtml
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 1B 9A 60 D4 DA C9 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\earthlink totalaccess\ElnIE.dll (EarthLink, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7070

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/10 01:11:04 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/07/25 20:01:19 | 000,000,042 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} https://setup.bellsouth.net/wizlet/PWReset/...aller_6-1-2.cab (Reg Error: Value error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (GMNRev Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab (HPDDClientExec Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C56BF45D-4722-4EFD-AA14-9DB1E92661E3} http://coke.mycokerewards.com/cabs/CocaCola_1_0_0_9.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} http://coke.mycokerewards.com/cabs/Entriq_...0_15_Silent.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Windows\web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\web\Wallpaper\img11.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/12 17:56:58 | 000,000,030 | RH-- | M] () - K:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/29 17:11:12 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
[2010/07/27 18:20:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/27 18:20:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/27 18:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/27 18:15:44 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Scott\Desktop\mbam-setup.exe
[2010/07/26 21:16:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/07/26 21:14:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/26 20:49:44 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/07/26 20:49:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/07/26 20:49:13 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/25 19:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2010/07/25 19:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/07/25 19:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/07/24 14:17:51 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\temp
[2010/07/24 13:44:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/07/24 13:44:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/07/24 13:44:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/07/24 13:43:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/24 13:41:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/21 10:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/27 22:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/26 20:22:47 | 000,000,000 | ---D | C] -- C:\Users\Scott\Desktop\06-26-2010
[2010/06/01 16:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2010/06/01 16:56:49 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\ArcSoft
[2010/06/01 16:56:40 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\HP SimpleSave Application
[2010/05/19 14:13:12 | 000,000,000 | ---D | C] -- C:\Users\Scott\Desktop\corsair
[2010/05/16 20:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/16 20:36:33 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/29 17:15:00 | 004,980,736 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT
[2010/07/29 17:11:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
[2010/07/29 15:53:19 | 000,525,824 | ---- | M] () -- C:\Users\Scott\Desktop\dds.com
[2010/07/29 15:14:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/29 13:03:34 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/29 13:03:34 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/29 12:54:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/29 05:19:22 | 450,807,327 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/28 23:05:06 | 001,656,523 | -H-- | M] () -- C:\Users\Scott\AppData\Local\IconCache.db
[2010/07/27 18:20:14 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/27 18:17:08 | 000,000,134 | ---- | M] () -- C:\Users\Scott\Desktop\hostsperm.bat
[2010/07/27 18:15:49 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Scott\Desktop\mbam-setup.exe
[2010/07/27 18:14:01 | 000,363,520 | ---- | M] () -- C:\Users\Scott\Desktop\rkill.com
[2010/07/26 21:05:04 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/07/26 20:49:07 | 003,744,545 | R--- | M] () -- C:\Users\Scott\Desktop\ComboFix.exe
[2010/07/26 04:31:48 | 000,000,256 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2010/07/26 03:52:01 | 000,012,104 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/07/25 20:01:19 | 000,000,042 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/25 20:01:14 | 000,032,768 | -H-- | M] () -- C:\SZKGFS.dat
[2010/07/24 11:02:14 | 000,524,288 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{8c556caa-96d4-11df-a1fa-001bb9505695}.TMContainer00000000000000000002.regtrans-ms
[2010/07/24 11:02:14 | 000,065,536 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{8c556caa-96d4-11df-a1fa-001bb9505695}.TM.blf
[2010/07/24 11:02:13 | 000,524,288 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{8c556caa-96d4-11df-a1fa-001bb9505695}.TMContainer00000000000000000001.regtrans-ms
[2010/07/23 13:35:00 | 000,702,362 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/07/23 13:35:00 | 000,701,386 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2010/07/23 13:35:00 | 000,699,124 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2010/07/23 13:35:00 | 000,697,658 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2010/07/23 13:35:00 | 000,697,040 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2010/07/23 13:35:00 | 000,687,274 | ---- | M] () -- C:\Windows\System32\prfh0816.dat
[2010/07/23 13:35:00 | 000,683,890 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2010/07/23 13:35:00 | 000,671,736 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2010/07/23 13:35:00 | 000,651,768 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010/07/23 13:35:00 | 000,640,112 | ---- | M] () -- C:\Windows\System32\perfh00E.dat
[2010/07/23 13:35:00 | 000,631,076 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010/07/23 13:35:00 | 000,625,500 | ---- | M] () -- C:\Windows\System32\perfh01D.dat
[2010/07/23 13:35:00 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/23 13:35:00 | 000,618,134 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2010/07/23 13:35:00 | 000,559,702 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2010/07/23 13:35:00 | 000,470,104 | ---- | M] () -- C:\Windows\System32\perfh006.dat
[2010/07/23 13:35:00 | 000,456,518 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2010/07/23 13:35:00 | 000,442,418 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2010/07/23 13:35:00 | 000,441,320 | ---- | M] () -- C:\Windows\System32\perfh00B.dat
[2010/07/23 13:35:00 | 000,407,668 | ---- | M] () -- C:\Windows\System32\perfh012.dat
[2010/07/23 13:35:00 | 000,396,450 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2010/07/23 13:35:00 | 000,385,802 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2010/07/23 13:35:00 | 000,369,700 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2010/07/23 13:35:00 | 000,361,454 | ---- | M] () -- C:\Windows\System32\perfh00D.dat
[2010/07/23 13:35:00 | 000,148,238 | ---- | M] () -- C:\Windows\System32\perfc00E.dat
[2010/07/23 13:35:00 | 000,136,990 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2010/07/23 13:35:00 | 000,134,768 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2010/07/23 13:35:00 | 000,133,680 | ---- | M] () -- C:\Windows\System32\prfc0816.dat
[2010/07/23 13:35:00 | 000,132,868 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2010/07/23 13:35:00 | 000,132,444 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2010/07/23 13:35:00 | 000,130,068 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/07/23 13:35:00 | 000,129,468 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010/07/23 13:35:00 | 000,128,022 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2010/07/23 13:35:00 | 000,127,072 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2010/07/23 13:35:00 | 000,123,668 | ---- | M] () -- C:\Windows\System32\perfc01D.dat
[2010/07/23 13:35:00 | 000,121,716 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010/07/23 13:35:00 | 000,121,454 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2010/07/23 13:35:00 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2010/07/23 13:35:00 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/23 13:35:00 | 000,104,604 | ---- | M] () -- C:\Windows\System32\perfc012.dat
[2010/07/23 13:35:00 | 000,104,176 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2010/07/23 13:35:00 | 000,099,262 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2010/07/23 13:35:00 | 000,089,364 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2010/07/23 13:35:00 | 000,082,076 | ---- | M] () -- C:\Windows\System32\perfc00B.dat
[2010/07/23 13:35:00 | 000,079,732 | ---- | M] () -- C:\Windows\System32\perfc006.dat
[2010/07/23 13:35:00 | 000,077,024 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2010/07/23 13:35:00 | 000,069,022 | ---- | M] () -- C:\Windows\System32\perfc00D.dat
[2010/07/23 13:34:59 | 016,093,662 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/23 13:34:59 | 000,078,912 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2010/07/22 14:27:19 | 000,050,176 | ---- | M] () -- C:\Users\Scott\Desktop\quickness plan.pub
[2010/07/22 14:27:12 | 000,056,970 | ---- | M] () -- C:\Users\Scott\Desktop\Ladder Agility Drills.docx
[2010/07/21 13:40:03 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForScott.job
[2010/07/21 10:42:07 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/20 14:46:54 | 000,524,288 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{dde7b9c7-93ab-11df-a493-001bb9505695}.TMContainer00000000000000000002.regtrans-ms
[2010/07/20 14:46:54 | 000,524,288 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{dde7b9c7-93ab-11df-a493-001bb9505695}.TMContainer00000000000000000001.regtrans-ms
[2010/07/20 14:46:54 | 000,065,536 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{dde7b9c7-93ab-11df-a493-001bb9505695}.TM.blf
[2010/07/15 18:52:22 | 000,030,208 | ---- | M] () -- C:\Users\Scott\Desktop\mille_bornes_score_sheet.xls
[2010/07/12 15:54:28 | 000,524,288 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{67661b61-8de9-11df-a547-001bb9505695}.TMContainer00000000000000000002.regtrans-ms
[2010/07/12 15:54:28 | 000,524,288 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{67661b61-8de9-11df-a547-001bb9505695}.TMContainer00000000000000000001.regtrans-ms
[2010/07/12 15:54:28 | 000,065,536 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{67661b61-8de9-11df-a547-001bb9505695}.TM.blf
[2010/07/10 23:19:11 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPam.job
[2010/07/09 19:04:23 | 000,524,288 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{5c9db919-84d8-11df-a562-001bb9505695}.TMContainer00000000000000000002.regtrans-ms
[2010/07/09 19:04:23 | 000,524,288 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{5c9db919-84d8-11df-a562-001bb9505695}.TMContainer00000000000000000001.regtrans-ms
[2010/07/09 19:04:23 | 000,065,536 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{5c9db919-84d8-11df-a562-001bb9505695}.TM.blf
[2010/07/07 03:04:30 | 000,524,288 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{5c9db896-84d8-11df-a562-001bb9505695}.TMContainer00000000000000000002.regtrans-ms
[2010/07/07 03:04:30 | 000,524,288 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{5c9db896-84d8-11df-a562-001bb9505695}.TMContainer00000000000000000001.regtrans-ms
[2010/07/07 03:04:30 | 000,065,536 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{5c9db896-84d8-11df-a562-001bb9505695}.TM.blf
[2010/07/06 03:15:46 | 000,524,288 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{5c9db7d8-84d8-11df-a562-001bb9505695}.TMContainer00000000000000000002.regtrans-ms
[2010/07/06 03:15:46 | 000,524,288 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{5c9db7d8-84d8-11df-a562-001bb9505695}.TMContainer00000000000000000001.regtrans-ms
[2010/07/06 03:15:46 | 000,065,536 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{5c9db7d8-84d8-11df-a562-001bb9505695}.TM.blf
[2010/07/04 03:00:00 | 000,524,288 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{5c9db62b-84d8-11df-a562-001bb9505695}.TMContainer00000000000000000002.regtrans-ms
[2010/07/04 03:00:00 | 000,524,288 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{5c9db62b-84d8-11df-a562-001bb9505695}.TMContainer00000000000000000001.regtrans-ms
[2010/07/04 03:00:00 | 000,065,536 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{5c9db62b-84d8-11df-a562-001bb9505695}.TM.blf
[2010/07/03 03:14:05 | 000,524,288 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{5c9db54a-84d8-11df-a562-001bb9505695}.TMContainer00000000000000000002.regtrans-ms
[2010/07/03 03:14:05 | 000,524,288 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{5c9db54a-84d8-11df-a562-001bb9505695}.TMContainer00000000000000000001.regtrans-ms
[2010/07/03 03:14:05 | 000,065,536 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT{5c9db54a-84d8-11df-a562-001bb9505695}.TM.blf
[2010/07/01 23:56:03 | 000,016,118 | ---- | M] () -- C:\Users\Scott\Desktop\july_2010_article_cutler2.docx
[2010/06/29 18:18:41 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/06/18 13:27:38 | 000,001,140 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HPSSBackupMonitor - Shortcut.lnk
[2010/06/18 10:59:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/06/10 03:31:31 | 000,471,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/01 23:32:02 | 000,000,632 | RHS- | M] () -- C:\Users\Scott\ntuser.pol
[2010/05/16 21:42:29 | 000,133,648 | ---- | M] () -- C:\Users\Scott\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/07 18:09:04 | 000,142,336 | ---- | M] () -- C:\Users\Scott\Documents\Fractured Fairy Tales 9703.doc
[2010/05/06 12:17:37 | 000,119,975 | ---- | M] () -- C:\Users\Scott\Documents\Fractured Fairy Tales.docx
[2010/05/06 12:10:07 | 000,017,260 | ---- | M] () -- C:\Users\Scott\Documents\obfuscate2.jpg
[2010/05/06 12:08:52 | 000,013,294 | ---- | M] () -- C:\Users\Scott\Documents\obfuscate.jpg
[2010/05/06 11:56:53 | 000,079,244 | ---- | M] () -- C:\Users\Scott\Documents\crossed-arms.jpg
[2010/05/06 11:53:53 | 000,008,697 | ---- | M] () -- C:\Users\Scott\Documents\210_praying_hands_lg.gif
[2010/05/06 00:10:09 | 000,000,947 | ---- | M] () -- C:\Users\Scott\Desktop\MINIGOLF.lnk
[2010/05/06 00:10:08 | 000,000,895 | ---- | M] () -- C:\Users\Scott\Desktop\MGM100 - Shortcut.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/29 15:53:13 | 000,525,824 | ---- | C] () -- C:\Users\Scott\Desktop\dds.com
[2010/07/27 18:20:14 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/27 18:17:08 | 000,000,134 | ---- | C] () -- C:\Users\Scott\Desktop\hostsperm.bat
[2010/07/27 18:13:56 | 000,363,520 | ---- | C] () -- C:\Users\Scott\Desktop\rkill.com
[2010/07/26 20:38:49 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/26 08:26:09 | 450,807,327 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/07/26 04:31:48 | 000,000,256 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2010/07/25 20:12:34 | 000,012,104 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/07/25 20:01:14 | 000,032,768 | -H-- | C] () -- C:\SZKGFS.dat
[2010/07/24 13:44:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/24 13:44:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/24 13:44:05 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/24 13:44:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/24 13:43:24 | 003,744,545 | R--- | C] () -- C:\Users\Scott\Desktop\ComboFix.exe
[2010/07/24 09:56:18 | 000,524,288 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{8c556caa-96d4-11df-a1fa-001bb9505695}.TMContainer00000000000000000002.regtrans-ms
[2010/07/24 09:56:18 | 000,524,288 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{8c556caa-96d4-11df-a1fa-001bb9505695}.TMContainer00000000000000000001.regtrans-ms
[2010/07/24 09:56:18 | 000,065,536 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{8c556caa-96d4-11df-a1fa-001bb9505695}.TM.blf
[2010/07/22 14:27:12 | 000,056,970 | ---- | C] () -- C:\Users\Scott\Desktop\Ladder Agility Drills.docx
[2010/07/22 14:17:21 | 000,050,176 | ---- | C] () -- C:\Users\Scott\Desktop\quickness plan.pub
[2010/07/21 10:42:07 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/20 14:46:25 | 000,524,288 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{dde7b9c7-93ab-11df-a493-001bb9505695}.TMContainer00000000000000000002.regtrans-ms
[2010/07/20 14:46:25 | 000,524,288 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{dde7b9c7-93ab-11df-a493-001bb9505695}.TMContainer00000000000000000001.regtrans-ms
[2010/07/20 14:46:25 | 000,065,536 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{dde7b9c7-93ab-11df-a493-001bb9505695}.TM.blf
[2010/07/15 16:35:47 | 000,030,208 | ---- | C] () -- C:\Users\Scott\Desktop\mille_bornes_score_sheet.xls
[2010/07/12 15:12:59 | 000,524,288 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{67661b61-8de9-11df-a547-001bb9505695}.TMContainer00000000000000000002.regtrans-ms
[2010/07/12 15:12:59 | 000,524,288 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{67661b61-8de9-11df-a547-001bb9505695}.TMContainer00000000000000000001.regtrans-ms
[2010/07/12 15:12:59 | 000,065,536 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{67661b61-8de9-11df-a547-001bb9505695}.TM.blf
[2010/07/07 18:19:02 | 000,524,288 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{5c9db919-84d8-11df-a562-001bb9505695}.TMContainer00000000000000000002.regtrans-ms
[2010/07/07 18:19:02 | 000,524,288 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{5c9db919-84d8-11df-a562-001bb9505695}.TMContainer00000000000000000001.regtrans-ms
[2010/07/07 18:19:02 | 000,065,536 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{5c9db919-84d8-11df-a562-001bb9505695}.TM.blf
[2010/07/07 02:48:35 | 000,524,288 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{5c9db896-84d8-11df-a562-001bb9505695}.TMContainer00000000000000000002.regtrans-ms
[2010/07/07 02:48:35 | 000,524,288 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{5c9db896-84d8-11df-a562-001bb9505695}.TMContainer00000000000000000001.regtrans-ms
[2010/07/07 02:48:35 | 000,065,536 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{5c9db896-84d8-11df-a562-001bb9505695}.TM.blf
[2010/07/06 02:58:31 | 000,524,288 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{5c9db7d8-84d8-11df-a562-001bb9505695}.TMContainer00000000000000000002.regtrans-ms
[2010/07/06 02:58:31 | 000,524,288 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{5c9db7d8-84d8-11df-a562-001bb9505695}.TMContainer00000000000000000001.regtrans-ms
[2010/07/06 02:58:31 | 000,065,536 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{5c9db7d8-84d8-11df-a562-001bb9505695}.TM.blf
[2010/07/04 03:00:00 | 000,524,288 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{5c9db62b-84d8-11df-a562-001bb9505695}.TMContainer00000000000000000002.regtrans-ms
[2010/07/04 03:00:00 | 000,524,288 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{5c9db62b-84d8-11df-a562-001bb9505695}.TMContainer00000000000000000001.regtrans-ms
[2010/07/04 03:00:00 | 000,065,536 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{5c9db62b-84d8-11df-a562-001bb9505695}.TM.blf
[2010/07/03 02:58:15 | 000,524,288 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{5c9db54a-84d8-11df-a562-001bb9505695}.TMContainer00000000000000000002.regtrans-ms
[2010/07/03 02:58:15 | 000,524,288 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{5c9db54a-84d8-11df-a562-001bb9505695}.TMContainer00000000000000000001.regtrans-ms
[2010/07/03 02:58:15 | 000,065,536 | -HS- | C] () -- C:\Users\Scott\NTUSER.DAT{5c9db54a-84d8-11df-a562-001bb9505695}.TM.blf
[2010/07/01 23:56:03 | 000,016,118 | ---- | C] () -- C:\Users\Scott\Desktop\july_2010_article_cutler2.docx
[2010/06/18 13:28:10 | 000,001,140 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HPSSBackupMonitor - Shortcut.lnk
[2010/06/18 10:59:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/06/01 23:32:02 | 000,000,632 | RHS- | C] () -- C:\Users\Scott\ntuser.pol
[2010/05/26 03:39:50 | 000,419,880 | ---- | C] () -- C:\Windows\System32\locale.nls
[2010/05/07 18:09:03 | 000,142,336 | ---- | C] () -- C:\Users\Scott\Documents\Fractured Fairy Tales 9703.doc
[2010/05/06 12:10:07 | 000,017,260 | ---- | C] () -- C:\Users\Scott\Documents\obfuscate2.jpg
[2010/05/06 12:08:59 | 000,013,294 | ---- | C] () -- C:\Users\Scott\Documents\obfuscate.jpg
[2010/05/06 11:56:59 | 000,079,244 | ---- | C] () -- C:\Users\Scott\Documents\crossed-arms.jpg
[2010/05/06 11:54:22 | 000,008,697 | ---- | C] () -- C:\Users\Scott\Documents\210_praying_hands_lg.gif
[2010/05/06 11:52:06 | 000,119,975 | ---- | C] () -- C:\Users\Scott\Documents\Fractured Fairy Tales.docx
[2010/03/31 19:12:52 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010/03/31 19:12:52 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010/03/31 19:12:52 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010/03/28 23:48:27 | 000,000,083 | ---- | C] () -- C:\Windows\wininit.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/26 12:34:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/06/11 17:32:00 | 000,000,122 | ---- | C] () -- C:\Windows\tlcapps.ini
[2008/06/11 17:19:43 | 000,000,000 | ---- | C] () -- C:\Windows\SETUP32.INI
[2008/01/04 17:58:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/01/04 17:57:22 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/01/04 17:57:22 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/01/04 17:56:24 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/09/03 16:56:38 | 000,000,034 | ---- | C] () -- C:\Windows\AuthMgr.INI
[2007/05/15 16:10:28 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/05/15 16:10:28 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 04:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 10:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 10:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/07/21 20:50:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\Windows\System32\zlib.dll
[2001/08/29 19:57:40 | 000,155,648 | ---- | C] () -- C:\Windows\System32\addurl41.DLL
[2001/07/10 14:43:16 | 000,018,432 | ---- | C] () -- C:\Windows\System32\winwatch.DLL

========== LOP Check ==========

[2010/02/02 14:49:49 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\BallStat
[2010/02/02 14:49:49 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Earthlink
[2010/03/31 11:21:28 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\iLike
[2010/02/02 14:49:49 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Image Zone Express
[2010/02/02 14:50:21 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\PlayFirst
[2010/02/02 14:50:22 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Printer Info Cache
[2010/02/02 14:50:22 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Snapfish
[2010/02/02 14:50:22 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\uTorrent
[2010/02/02 14:50:22 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\WildTangent
[2010/02/02 14:50:22 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\WinBatch
[2009/07/14 00:53:46 | 000,031,352 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2006/08/30 12:28:50 | 000,212,992 | ---- | M] (EarthLink, Inc.) MD5=FF0F315A39937A7B459B0B7715D9C62D -- C:\Program Files\earthlink totalaccess\EventLog.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >


OTL Extras logfile created on: 7/29/2010 5:11:56 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Scott\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 447.21 Gb Total Space | 368.73 Gb Free Space | 82.45% Space Free | Partition Type: NTFS
Drive D: | 18.55 Gb Total Space | 9.76 Gb Free Space | 52.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 298.09 Gb Total Space | 54.82 Gb Free Space | 18.39% Space Free | Partition Type: NTFS
Drive K: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 297.44 Gb Total Space | 164.06 Gb Free Space | 55.16% Space Free | Partition Type: NTFS

Computer Name: JOHNSONFAMCOM
Current User Name: Scott
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00140409-78E1-11D2-B60F-006097C998E7}" = Microsoft Publisher 2000
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09D4F215-8960-4E0E-A2CC-C5A062113503}" = Crazy Machines
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104A059B-CD20-4632-A8F6-D8C80E14782D}" = Magellan POI File Editor
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}" = Wal-Mart Music Downloads Store
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min
"{3516C69A-024D-42A8-B948-FFAA7B9CC49A}" = Windows SideShow Managed Runtime 1.0
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{374256A0-EAA2-012B-AD60-000000000000}" = TurboTax 2009 wgaiper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40939C6D-8F27-40B8-9CBC-72701624185D}" = Redistributed Files
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4360BB46-507E-4361-8DCB-4FF9BDC9907B}" = SnagIt 7
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EF6FDB0-3B11-4820-9860-8E08E9965195}" = Snapfish Media Detector
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7797C70B-11EB-446A-9B1E-3D9039DB581F}" = TotalAccess Core Applications
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help
"{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2
"{CDEFD989-469E-421D-A8B1-EC7AB25C8CB2}" = TurboTax 2008 wgaiper
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{d05a1414-a955-4c5c-9716-b7777ef86e85}" = F4100
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FF087B26-DD20-4DD0-B97F-0B08B76A04D1}" = Deal Info
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AP Tuner 3.08" = AP Tuner 3.08
"ATT-PRT22" = ATT-PRT22
"Audacity_is1" = Audacity 1.2.6
"AudibleDownloadManager" = Audible Download Manager
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Cool FLAC To MP3 Converter_is1" = Cool FLAC To MP3 Converter 1.0
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Digital Guitar Tuner 2.3_is1" = Digital Guitar Tuner 2.3
"EarthLink TotalAccess 2004" = EarthLink Software
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.0.1 Home Edition
"Hawaiian Explorer Lost Island_is1" = Hawaiian Explorer Lost Island 1.0.0.9
"Hawaiian Explorer Pearl Harbor_is1" = Hawaiian Explorer Pearl Harbor 1.0.0.30
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Reader Rabbit Personalized 2nd Grade" = Reader Rabbit Personalized 2nd Grade
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"Shop for HP Supplies" = Shop for HP Supplies
"ST6UNST #1" = ScreenPrint32 v3.5
"SystemRequirementsLab" = System Requirements Lab
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"VersaTimer_is1" = VersaTimer 1.02
"WildTangent hpdesktop Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Extras" = Yahoo! Browser Services

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


GMER log is too large to insert or attach.

Edited by scottpjohnson, 30 July 2010 - 10:55 PM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:34 AM

Posted 08 August 2010 - 10:23 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  1. Double click on RSIT.exe to run RSIT.
  2. Click Continue at the disclaimer screen.
  3. Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  1. Reply to this thread; do not start another!
  2. Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  3. Do not run any other tool until instructed to do so!
  4. Let me know if any of the links do not work or if any of the tools do not work.
  5. Tell me about problems or symptoms that occur during the fix.
  6. Do not run any other programs or open any other windows while doing a fix.
  7. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 scottpjohnson

scottpjohnson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 08 August 2010 - 01:56 PM

Logfile of random's system information tool 1.08 (written by random/random)
Run by Scott at 2010-08-08 14:57:24
Microsoft Windows 7 Ultimate
System drive C: has 378 GB (82%) free of 458 GB
Total RAM: 2942 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:57:44 PM, on 8/8/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Scott\Desktop\RSIT.exe
C:\Program Files\trend micro\Scott.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.iwon.com/iwon-homepage/home.jhtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HPSSBackupMonitor - Shortcut.lnk = L:\HP SimpleSave Application\HPSSBackupMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/...aller_6-1-2.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {C56BF45D-4722-4EFD-AA14-9DB1E92661E3} - http://coke.mycokerewards.com/cabs/CocaCola_1_0_0_9.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://coke.mycokerewards.com/cabs/Entriq_...0_15_Silent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 9726 bytes

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForPam.job
C:\Windows\tasks\HPCeeScheduleForScott.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
HelperObject Class - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll [2005-10-14 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-19 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll [2005-10-14 131072]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-04-13 47392]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-16 141608]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2009-07-13 144384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
C:\Program Files\earthlink totalaccess\TaskPanl.exe [2006-08-30 952088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-13 1173504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
C:\Program Files\TightVNC\WinVNC.exe [2007-05-07 589824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SnagIt 8.lnk]
C:\PROGRA~1\TECHSM~1\SNAGIT~1\SnagIt32.exe [2005-10-14 3719168]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HPSSBackupMonitor - Shortcut.lnk - L:\HP SimpleSave Application\HPSSBackupMonitor.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-13 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"legalnoticetext"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-08-08 14:57:25 ----D---- C:\Program Files\trend micro
2010-08-08 14:57:24 ----D---- C:\rsit
2010-08-03 03:58:31 ----A---- C:\Windows\system32\shell32.dll
2010-07-30 22:17:28 ----A---- C:\kwdcrpow.sys
2010-07-27 18:20:11 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-07-27 18:20:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-27 18:20:10 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-07-26 21:16:16 ----D---- C:\Windows\temp
2010-07-26 21:16:15 ----A---- C:\ComboFix.txt
2010-07-26 21:14:31 ----SHD---- C:\$RECYCLE.BIN
2010-07-26 20:49:44 ----D---- C:\ComboFix
2010-07-26 20:49:15 ----A---- C:\Windows\SWXCACLS.exe
2010-07-26 20:49:13 ----D---- C:\32788R22FWJFW
2010-07-26 20:38:49 ----A---- C:\Windows\PEV.exe
2010-07-25 19:59:17 ----D---- C:\ProgramData\SITEguard
2010-07-25 19:58:00 ----D---- C:\Program Files\Common Files\iS3
2010-07-25 19:57:59 ----D---- C:\ProgramData\STOPzilla!
2010-07-24 13:44:05 ----A---- C:\Windows\zip.exe
2010-07-24 13:44:05 ----A---- C:\Windows\SWSC.exe
2010-07-24 13:44:05 ----A---- C:\Windows\SWREG.exe
2010-07-24 13:44:05 ----A---- C:\Windows\sed.exe
2010-07-24 13:44:05 ----A---- C:\Windows\NIRCMD.exe
2010-07-24 13:44:05 ----A---- C:\Windows\MBR.exe
2010-07-24 13:44:05 ----A---- C:\Windows\grep.exe
2010-07-24 13:43:59 ----D---- C:\Windows\ERDNT
2010-07-24 13:41:31 ----AD---- C:\Qoobox
2010-07-21 10:41:35 ----D---- C:\Program Files\iPod

======List of files/folders modified in the last 1 months======

2010-08-08 14:57:41 ----D---- C:\Windows\Prefetch
2010-08-08 14:57:25 ----RD---- C:\Program Files
2010-08-08 03:34:11 ----D---- C:\Windows\system32\config
2010-08-08 03:01:16 ----SHD---- C:\System Volume Information
2010-08-05 15:47:44 ----D---- C:\Windows\System32
2010-08-05 15:47:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-05 15:47:43 ----D---- C:\Windows\inf
2010-08-04 15:22:52 ----D---- C:\Users\Scott\AppData\Roaming\Apple Computer
2010-08-03 05:46:44 ----D---- C:\Windows\winsxs
2010-08-03 03:47:54 ----D---- C:\Windows\system32\catroot
2010-08-03 02:05:02 ----D---- C:\Windows\system32\catroot2
2010-07-30 22:10:45 ----D---- C:\Windows\Minidump
2010-07-30 22:10:43 ----D---- C:\Windows
2010-07-29 21:54:47 ----SHD---- C:\Windows\Installer
2010-07-29 21:54:47 ----D---- C:\Config.Msi
2010-07-29 21:50:29 ----D---- C:\Program Files\HP
2010-07-29 21:49:18 ----D---- C:\Windows\twain_32
2010-07-27 18:20:11 ----D---- C:\Windows\system32\drivers
2010-07-26 21:05:04 ----A---- C:\Windows\system.ini
2010-07-26 21:00:39 ----D---- C:\Windows\AppPatch
2010-07-26 21:00:38 ----D---- C:\Program Files\Common Files
2010-07-25 19:59:17 ----D---- C:\ProgramData
2010-07-24 14:16:05 ----D---- C:\Windows\system32\Tasks
2010-07-24 14:16:04 ----D---- C:\Windows\Tasks
2010-07-24 14:06:40 ----D---- C:\Windows\system32\drivers\etc
2010-07-24 13:31:21 ----D---- C:\Windows\lv-LV
2010-07-24 13:16:32 ----D---- C:\Windows\pss
2010-07-24 13:00:20 ----D---- C:\Program Files\Yahoo!
2010-07-24 13:00:05 ----D---- C:\Windows\system32\appmgmt
2010-07-21 11:17:06 ----D---- C:\Windows\system32\wdi
2010-07-21 10:42:05 ----D---- C:\Program Files\iTunes
2010-07-21 10:41:33 ----D---- C:\Program Files\Common Files\Apple
2010-07-19 23:10:12 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2009-06-22 212000]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-13 12368]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-05-07 43528]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-13 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-13 387584]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-17 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio32.sys [2009-04-29 8704]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-13 131072]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-13 16384]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-13 36864]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 hcw18bda;Hauppauge WinTV 418 Driver; C:\Windows\system32\drivers\hcw18bda.sys [2009-05-28 391296]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2009-02-13 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2009-02-13 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-04 2744800]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 NVNET;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6232.sys [2009-07-31 287392]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 35840]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2009-02-13 661504]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-13 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 catchme;catchme; \??\C:\Users\Scott\AppData\Local\Temp\catchme.sys []
S3 epmntdrv;epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [2010-01-20 14216]
S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [2010-01-20 8456]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\Program Files\Common Files\Motive\MREMP50.sys [2009-08-14 21248]
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\Program Files\Common Files\Motive\MRESP50.sys [2009-08-14 20096]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
S3 nvrd32;nvrd32; C:\Windows\system32\DRIVERS\nvrd32.sys [2009-06-22 139296]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-13 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-13 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-13 28224]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-13 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-13 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920]
S3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-13 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2007-03-09 3068352]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-08-14 319488]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 winvnc;VNC Server; C:\Program Files\TightVNC\WinVNC.exe [2007-05-07 589824]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-16 540968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2009-07-09 250616]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-03-26 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-03-08 74656]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-03-06 1343400]

-----------------EOF-----------------

Edited by scottpjohnson, 08 August 2010 - 02:02 PM.


#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:34 AM

Posted 09 August 2010 - 06:25 AM

Step 1

Often redirection is caused by a DNS and Hosts file hijack. Flush and restore both.

Clean Hosts File
    * Access folder C:\WINDOWS\SYSTEM32\DRIVERS\ETC in Explorer.
  1. Open file HOSTS in Notepad . Before making changes, do a Save As and save a backup of this file as HOSTS.BAK .
  2. Reopen the HOSTS file.
  3. Delete all entries in this file except for the following and any other entries you are sure have legitimate uses:

    127.0.0.1 localhost
  4. Save the file.
Note: If you use customized Hosts Files such as the mvps hosts file, you will need to download and install it again. Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE.

Flush DNS:
    * Open up a command prompt Start > Run > "cmd.exe" > OK.
  1. Type in the command ipconfig /flushdns.
Step 2

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 scottpjohnson

scottpjohnson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 09 August 2010 - 03:25 PM

2010/08/09 16:22:25.0339 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/09 16:22:25.0339 ================================================================================
2010/08/09 16:22:25.0339 SystemInfo:
2010/08/09 16:22:25.0339
2010/08/09 16:22:25.0339 OS Version: 6.1.7600 ServicePack: 0.0
2010/08/09 16:22:25.0340 Product type: Workstation
2010/08/09 16:22:25.0340 ComputerName: JOHNSONFAMCOM
2010/08/09 16:22:25.0341 UserName: Scott
2010/08/09 16:22:25.0341 Windows directory: C:\Windows
2010/08/09 16:22:25.0341 System windows directory: C:\Windows
2010/08/09 16:22:25.0341 Processor architecture: Intel x86
2010/08/09 16:22:25.0341 Number of processors: 2
2010/08/09 16:22:25.0341 Page size: 0x1000
2010/08/09 16:22:25.0341 Boot type: Normal boot
2010/08/09 16:22:25.0341 ================================================================================
2010/08/09 16:23:54.0720 Initialize success
2010/08/09 16:23:59.0057 ================================================================================
2010/08/09 16:23:59.0057 Scan started
2010/08/09 16:23:59.0057 Mode: Manual;
2010/08/09 16:23:59.0057 ================================================================================
2010/08/09 16:24:00.0055 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/08/09 16:24:00.0149 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/08/09 16:24:00.0195 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/08/09 16:24:00.0242 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/08/09 16:24:00.0289 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/08/09 16:24:00.0336 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/08/09 16:24:00.0383 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/08/09 16:24:00.0414 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/08/09 16:24:00.0445 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/08/09 16:24:00.0523 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/08/09 16:24:00.0570 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/08/09 16:24:00.0585 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/08/09 16:24:00.0632 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/08/09 16:24:00.0663 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/08/09 16:24:00.0695 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/08/09 16:24:00.0726 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/08/09 16:24:00.0757 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/08/09 16:24:00.0788 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/08/09 16:24:00.0851 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/08/09 16:24:00.0882 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/08/09 16:24:00.0897 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/09 16:24:00.0929 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/08/09 16:24:00.0975 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/08/09 16:24:01.0022 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/08/09 16:24:01.0069 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/08/09 16:24:01.0116 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/08/09 16:24:01.0163 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/09 16:24:01.0194 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/08/09 16:24:01.0209 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/08/09 16:24:01.0241 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/08/09 16:24:01.0303 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/08/09 16:24:01.0319 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/08/09 16:24:01.0350 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/08/09 16:24:01.0381 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/08/09 16:24:01.0537 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/09 16:24:01.0584 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/09 16:24:01.0615 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/08/09 16:24:01.0677 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/08/09 16:24:01.0740 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/09 16:24:01.0755 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/08/09 16:24:01.0787 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/08/09 16:24:01.0818 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/09 16:24:01.0818 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/08/09 16:24:01.0849 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/08/09 16:24:01.0896 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/08/09 16:24:01.0974 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/08/09 16:24:02.0005 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/08/09 16:24:02.0021 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/08/09 16:24:02.0083 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
2010/08/09 16:24:02.0161 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/08/09 16:24:02.0208 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/08/09 16:24:02.0270 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/08/09 16:24:02.0317 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/09 16:24:02.0442 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/08/09 16:24:02.0582 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/08/09 16:24:02.0629 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
2010/08/09 16:24:02.0660 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/08/09 16:24:02.0691 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
2010/08/09 16:24:02.0738 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/08/09 16:24:02.0785 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/08/09 16:24:02.0816 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/09 16:24:02.0863 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/08/09 16:24:02.0879 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/08/09 16:24:02.0894 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/09 16:24:02.0925 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/08/09 16:24:02.0957 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/08/09 16:24:03.0003 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/08/09 16:24:03.0035 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/09 16:24:03.0081 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/08/09 16:24:03.0128 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/08/09 16:24:03.0175 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/08/09 16:24:03.0237 hcw18bda (2edbcbf69f9a3512ddab978067be4d20) C:\Windows\system32\drivers\hcw18bda.sys
2010/08/09 16:24:03.0284 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/08/09 16:24:03.0331 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/09 16:24:03.0347 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/08/09 16:24:03.0362 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/08/09 16:24:03.0409 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/08/09 16:24:03.0440 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/09 16:24:03.0534 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/08/09 16:24:03.0612 HSF_DP (0f5ed510a6c361420bc319e0cf96c1dc) C:\Windows\system32\DRIVERS\HSX_DP.sys
2010/08/09 16:24:03.0737 HSXHWBS2 (186c11d0ca0e53b1ee266633b9d8b393) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2010/08/09 16:24:03.0799 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/08/09 16:24:03.0815 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/08/09 16:24:03.0846 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/09 16:24:03.0877 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/08/09 16:24:03.0924 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/08/09 16:24:04.0033 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys
2010/08/09 16:24:04.0111 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/08/09 16:24:04.0142 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/09 16:24:04.0173 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/09 16:24:04.0205 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/08/09 16:24:04.0345 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/08/09 16:24:04.0407 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/08/09 16:24:04.0454 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/08/09 16:24:04.0485 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/09 16:24:04.0517 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/09 16:24:04.0548 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/09 16:24:04.0579 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/09 16:24:04.0626 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/08/09 16:24:04.0688 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/09 16:24:04.0735 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/08/09 16:24:04.0751 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/08/09 16:24:04.0782 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/08/09 16:24:04.0797 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/08/09 16:24:04.0829 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/08/09 16:24:04.0875 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/08/09 16:24:04.0907 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/08/09 16:24:04.0938 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/08/09 16:24:04.0969 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/08/09 16:24:05.0000 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/09 16:24:05.0031 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/09 16:24:05.0047 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/09 16:24:05.0109 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/08/09 16:24:05.0156 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/08/09 16:24:05.0187 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/08/09 16:24:05.0219 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/08/09 16:24:05.0250 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/09 16:24:05.0359 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\Program Files\Common Files\Motive\MREMP50.sys
2010/08/09 16:24:05.0375 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\Program Files\Common Files\Motive\MRESP50.sys
2010/08/09 16:24:05.0406 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/08/09 16:24:05.0468 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/09 16:24:05.0499 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/09 16:24:05.0531 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/09 16:24:05.0562 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/08/09 16:24:05.0577 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/08/09 16:24:05.0624 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/08/09 16:24:05.0640 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/08/09 16:24:05.0655 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/08/09 16:24:05.0702 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/09 16:24:05.0733 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/09 16:24:05.0749 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/08/09 16:24:05.0780 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/08/09 16:24:05.0811 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/09 16:24:05.0843 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/08/09 16:24:05.0874 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/08/09 16:24:05.0905 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/08/09 16:24:05.0952 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/09 16:24:06.0030 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/08/09 16:24:06.0061 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/08/09 16:24:06.0092 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/09 16:24:06.0123 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/09 16:24:06.0155 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/09 16:24:06.0186 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/08/09 16:24:06.0201 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/09 16:24:06.0217 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/09 16:24:06.0279 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/08/09 16:24:06.0311 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/08/09 16:24:06.0326 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/09 16:24:06.0373 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/08/09 16:24:06.0420 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/08/09 16:24:06.0467 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2010/08/09 16:24:06.0779 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/08/09 16:24:07.0044 NVNET (5bf9c11586f4764446407f509f1beca8) C:\Windows\system32\DRIVERS\nvmf6232.sys
2010/08/09 16:24:07.0075 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/08/09 16:24:07.0106 nvrd32 (9389035c9407b3221bb788336a1adce5) C:\Windows\system32\DRIVERS\nvrd32.sys
2010/08/09 16:24:07.0137 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/08/09 16:24:07.0184 nvstor32 (f73533d47857d819e082e42ea1300e50) C:\Windows\system32\DRIVERS\nvstor32.sys
2010/08/09 16:24:07.0215 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/08/09 16:24:07.0247 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/09 16:24:07.0293 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/08/09 16:24:07.0325 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/08/09 16:24:07.0340 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/08/09 16:24:07.0371 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/08/09 16:24:07.0387 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/08/09 16:24:07.0403 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/08/09 16:24:07.0418 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/08/09 16:24:07.0449 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/08/09 16:24:07.0574 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/09 16:24:07.0605 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/08/09 16:24:07.0699 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
2010/08/09 16:24:07.0730 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/09 16:24:07.0777 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2010/08/09 16:24:07.0824 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/08/09 16:24:07.0871 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/08/09 16:24:07.0902 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/09 16:24:07.0933 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/09 16:24:07.0980 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/08/09 16:24:08.0011 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/09 16:24:08.0042 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/09 16:24:08.0058 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/09 16:24:08.0089 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/09 16:24:08.0105 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/08/09 16:24:08.0136 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/09 16:24:08.0167 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/08/09 16:24:08.0214 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/09 16:24:08.0229 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/08/09 16:24:08.0261 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/08/09 16:24:08.0307 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/08/09 16:24:08.0370 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/09 16:24:08.0417 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/08/09 16:24:08.0463 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/08/09 16:24:08.0495 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/08/09 16:24:08.0541 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/09 16:24:08.0588 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/08/09 16:24:08.0619 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/08/09 16:24:08.0682 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/08/09 16:24:08.0744 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/08/09 16:24:08.0791 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/08/09 16:24:08.0838 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/08/09 16:24:08.0885 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/08/09 16:24:08.0963 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/08/09 16:24:08.0978 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/08/09 16:24:09.0009 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/08/09 16:24:09.0025 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/08/09 16:24:09.0150 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/08/09 16:24:09.0212 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
2010/08/09 16:24:09.0243 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/09 16:24:09.0275 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/09 16:24:09.0306 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/08/09 16:24:09.0368 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/08/09 16:24:09.0384 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/08/09 16:24:09.0399 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/09 16:24:09.0477 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2010/08/09 16:24:09.0524 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/09 16:24:09.0555 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/09 16:24:09.0587 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/08/09 16:24:09.0618 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/08/09 16:24:09.0633 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/09 16:24:09.0665 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/09 16:24:09.0711 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/09 16:24:09.0758 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/09 16:24:09.0789 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/08/09 16:24:09.0821 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/09 16:24:09.0867 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/08/09 16:24:09.0914 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/09 16:24:09.0945 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/08/09 16:24:10.0070 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/08/09 16:24:10.0117 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/09 16:24:10.0148 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/08/09 16:24:10.0195 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/09 16:24:10.0226 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/09 16:24:10.0273 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/08/09 16:24:10.0304 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/09 16:24:10.0351 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2010/08/09 16:24:10.0382 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/09 16:24:10.0413 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/09 16:24:10.0445 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/08/09 16:24:10.0476 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/09 16:24:10.0507 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/08/09 16:24:10.0538 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/08/09 16:24:10.0554 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/08/09 16:24:10.0569 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/08/09 16:24:10.0616 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/08/09 16:24:10.0647 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/08/09 16:24:10.0663 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/08/09 16:24:10.0694 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/08/09 16:24:10.0725 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/08/09 16:24:10.0741 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/08/09 16:24:10.0772 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/08/09 16:24:10.0835 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
2010/08/09 16:24:10.0928 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/08/09 16:24:11.0022 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/08/09 16:24:11.0069 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/08/09 16:24:11.0100 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/09 16:24:11.0115 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/09 16:24:11.0162 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/08/09 16:24:11.0193 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/09 16:24:11.0256 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/08/09 16:24:11.0271 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/08/09 16:24:11.0334 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/08/09 16:24:11.0521 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/08/09 16:24:11.0583 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/09 16:24:11.0646 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/09 16:24:11.0693 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/08/09 16:24:11.0739 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/09 16:24:11.0802 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
2010/08/09 16:24:11.0817 ================================================================================
2010/08/09 16:24:11.0817 Scan finished
2010/08/09 16:24:11.0817 ================================================================================


#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:34 AM

Posted 10 August 2010 - 05:24 AM

How is your computer behaving? Please post a new HijackThis log. Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 scottpjohnson

scottpjohnson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 10 August 2010 - 03:33 PM

PC seems slightly better with no redirects noticed today, however speed is down and internet connection comes and goes (Bellsouth DSL).

here is the RSIT log (since it contains a HiJackThis log, and I do not have a copy of HiJackThis).

Thank you for your help so far.

========

Logfile of random's system information tool 1.08 (written by random/random)
Run by Scott at 2010-08-10 16:29:55
Microsoft Windows 7 Ultimate
System drive C: has 378 GB (83%) free of 458 GB
Total RAM: 2942 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:30:13 PM, on 8/10/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Users\Scott\Desktop\RSIT.exe
C:\Program Files\trend micro\Scott.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.iwon.com/iwon-homepage/home.jhtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HPSSBackupMonitor - Shortcut.lnk = L:\HP SimpleSave Application\HPSSBackupMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/...aller_6-1-2.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {C56BF45D-4722-4EFD-AA14-9DB1E92661E3} - http://coke.mycokerewards.com/cabs/CocaCola_1_0_0_9.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://coke.mycokerewards.com/cabs/Entriq_...0_15_Silent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 10192 bytes

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForPam.job
C:\Windows\tasks\HPCeeScheduleForScott.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
HelperObject Class - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll [2005-10-14 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-19 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll [2005-10-14 131072]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-04-13 47392]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-16 141608]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2009-07-13 144384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
C:\Program Files\earthlink totalaccess\TaskPanl.exe [2006-08-30 952088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-13 1173504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
C:\Program Files\TightVNC\WinVNC.exe [2007-05-07 589824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SnagIt 8.lnk]
C:\PROGRA~1\TECHSM~1\SNAGIT~1\SnagIt32.exe [2005-10-14 3719168]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HPSSBackupMonitor - Shortcut.lnk - L:\HP SimpleSave Application\HPSSBackupMonitor.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-13 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"legalnoticetext"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-08-09 16:22:25 ----A---- C:\TDSSKiller.2.4.1.0_09.08.2010_16.22.25_log.txt
2010-08-08 14:57:25 ----D---- C:\Program Files\trend micro
2010-08-08 14:57:24 ----D---- C:\rsit
2010-08-03 03:58:31 ----A---- C:\Windows\system32\shell32.dll
2010-07-30 22:17:28 ----A---- C:\kwdcrpow.sys
2010-07-27 18:20:11 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-07-27 18:20:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-27 18:20:10 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-07-26 21:16:16 ----D---- C:\Windows\temp
2010-07-26 21:16:15 ----A---- C:\ComboFix.txt
2010-07-26 21:14:31 ----SHD---- C:\$RECYCLE.BIN
2010-07-26 20:49:44 ----D---- C:\ComboFix
2010-07-26 20:49:15 ----A---- C:\Windows\SWXCACLS.exe
2010-07-26 20:49:13 ----D---- C:\32788R22FWJFW
2010-07-26 20:38:49 ----A---- C:\Windows\PEV.exe
2010-07-25 19:59:17 ----D---- C:\ProgramData\SITEguard
2010-07-25 19:58:00 ----D---- C:\Program Files\Common Files\iS3
2010-07-25 19:57:59 ----D---- C:\ProgramData\STOPzilla!
2010-07-24 13:44:05 ----A---- C:\Windows\zip.exe
2010-07-24 13:44:05 ----A---- C:\Windows\SWSC.exe
2010-07-24 13:44:05 ----A---- C:\Windows\SWREG.exe
2010-07-24 13:44:05 ----A---- C:\Windows\sed.exe
2010-07-24 13:44:05 ----A---- C:\Windows\NIRCMD.exe
2010-07-24 13:44:05 ----A---- C:\Windows\MBR.exe
2010-07-24 13:44:05 ----A---- C:\Windows\grep.exe
2010-07-24 13:43:59 ----D---- C:\Windows\ERDNT
2010-07-24 13:41:31 ----AD---- C:\Qoobox
2010-07-21 10:41:35 ----D---- C:\Program Files\iPod

======List of files/folders modified in the last 1 months======

2010-08-10 16:14:09 ----D---- C:\Windows\Prefetch
2010-08-10 10:59:25 ----SHD---- C:\System Volume Information
2010-08-10 09:22:06 ----D---- C:\Windows\system32\config
2010-08-09 16:23:54 ----D---- C:\Windows\system32\drivers
2010-08-08 14:57:25 ----RD---- C:\Program Files
2010-08-05 15:47:44 ----D---- C:\Windows\System32
2010-08-05 15:47:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-05 15:47:43 ----D---- C:\Windows\inf
2010-08-04 15:22:52 ----D---- C:\Users\Scott\AppData\Roaming\Apple Computer
2010-08-03 05:46:44 ----D---- C:\Windows\winsxs
2010-08-03 03:47:54 ----D---- C:\Windows\system32\catroot
2010-08-03 02:05:02 ----D---- C:\Windows\system32\catroot2
2010-07-30 22:10:45 ----D---- C:\Windows\Minidump
2010-07-30 22:10:43 ----D---- C:\Windows
2010-07-29 21:54:47 ----SHD---- C:\Windows\Installer
2010-07-29 21:54:47 ----D---- C:\Config.Msi
2010-07-29 21:50:29 ----D---- C:\Program Files\HP
2010-07-29 21:49:18 ----D---- C:\Windows\twain_32
2010-07-26 21:05:04 ----A---- C:\Windows\system.ini
2010-07-26 21:00:39 ----D---- C:\Windows\AppPatch
2010-07-26 21:00:38 ----D---- C:\Program Files\Common Files
2010-07-25 19:59:17 ----D---- C:\ProgramData
2010-07-24 14:16:05 ----D---- C:\Windows\system32\Tasks
2010-07-24 14:16:04 ----D---- C:\Windows\Tasks
2010-07-24 14:06:40 ----D---- C:\Windows\system32\drivers\etc
2010-07-24 13:31:21 ----D---- C:\Windows\lv-LV
2010-07-24 13:16:32 ----D---- C:\Windows\pss
2010-07-24 13:00:20 ----D---- C:\Program Files\Yahoo!
2010-07-24 13:00:05 ----D---- C:\Windows\system32\appmgmt
2010-07-21 11:17:06 ----D---- C:\Windows\system32\wdi
2010-07-21 10:42:05 ----D---- C:\Program Files\iTunes
2010-07-21 10:41:33 ----D---- C:\Program Files\Common Files\Apple
2010-07-19 23:10:12 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2009-06-22 212000]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-13 12368]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-05-07 43528]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-13 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-13 387584]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-17 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio32.sys [2009-04-29 8704]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-13 131072]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-13 16384]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-13 36864]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 hcw18bda;Hauppauge WinTV 418 Driver; C:\Windows\system32\drivers\hcw18bda.sys [2009-05-28 391296]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2009-02-13 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2009-02-13 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-04 2744800]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 NVNET;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6232.sys [2009-07-31 287392]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 35840]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2009-02-13 661504]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-13 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 catchme;catchme; \??\C:\Users\Scott\AppData\Local\Temp\catchme.sys []
S3 epmntdrv;epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [2010-01-20 14216]
S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [2010-01-20 8456]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\Program Files\Common Files\Motive\MREMP50.sys [2009-08-14 21248]
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\Program Files\Common Files\Motive\MRESP50.sys [2009-08-14 20096]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
S3 nvrd32;nvrd32; C:\Windows\system32\DRIVERS\nvrd32.sys [2009-06-22 139296]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-13 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-13 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-13 28224]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-13 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-13 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920]
S3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-13 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2007-03-09 3068352]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-08-14 319488]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 winvnc;VNC Server; C:\Program Files\TightVNC\WinVNC.exe [2007-05-07 589824]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-16 540968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2009-07-09 250616]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-03-26 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-03-08 74656]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-03-06 1343400]

-----------------EOF-----------------


#8 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:34 AM

Posted 11 August 2010 - 05:36 AM

NOTE: If for some reason you are unable to complete a step(s), skip that step and continue with the rest of the steps. Please describe your problem with the step in your next reply.

Step 1

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step 2

Ensure that you have the latest version of Adobe® Reader®. Adobe Reader and Acrobat 8 and earlier versions of Adobe Reader and Acrobat are plagued by Remote Code Execution Vulnerabilities. If you do not have the latest version, you may want to download the latest version, Adobe® Reader® 9.

Step 3

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
  1. Please download TFC by OldTimer to your desktop.
  2. Open the file and close any other windows.
  3. It will close all programs itself when run; make sure to let it run uninterrupted.
  4. Click the Start button to begin the process. The program should not take long to finish its job.
  5. After it is finished, it should reboot your machine, if not, do this yourself to ensure a complete clean.
Step 4

In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Micro Housecall
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.
  1. Detects and removes malware ( viruses, worms, trojans, etc. )
  2. Detects and removes grayware and spyware
  3. Restores damage caused by malware to your system.
  4. Notifies about vulnerabilities in installed programs and connected network services.
  5. Multi-platform support for: Windows, Linux, Solaris.
  6. Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox.
When you have completed the scans, if you get a report of files that can’t be cleaned / deleted, make a note of the file location of anything that cannot be deleted so you can delete it yourself. Please post that list in your next reply.

Step 5

Please download Spybot-S&D©® and install Spybot-S&D©® .
  1. Be sure to UNCHECK TeaTimer when presented with the option to install. You can enable it after you are clean.
  2. Run Spybot-S&D©® , go to the Menu Bar at the top choose Mode and make certain that "Default mode" has a check mark beside it.
  3. Click the button "Search for Updates".
  4. If any updates are found, install them by placing a check mark next to each one and clicking "Download Updates".
  5. If you encounter any error messages while downloading the updates, manually download them from here.
  6. Click on "Immunize". When it detects what has or has not been blocked, block all remaining items by clicking the green plus sign next to immunize at the top.
  7. Click the button "Check for Problems".
  8. When Spybot-S&D©® is complete, it will be showing RED entries, bold BLACK entries and GREEN entries in the window.
  9. Make certain there is a check mark beside all of the RED entries ONLY.
  10. Choose "Fix Selected Problems" and allow Spybot-S&D©® to fix the RED entries.
  11. REBOOT to complete the scan and clear memory.
Note: After Windows loads, Spybot-S&D©® may run again to clean some files that it could not clean during the prior session. Follow the same procedure.

Step 6

Malwarebytes' Anti-Malware is FREEWARE, however you may upgrade to the PRO version which contains realtime protection, scheduled scanning and updating.
  1. Please download Malwarebytes Anti-Malware (MBAM). Alternate download link
  2. Double-click on Download_mbam-setup.exe to install the application.
  3. When the installation begins, follow the prompts and do not make any changes to default settings.
  4. When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  5. Click Finish.
  6. MBAM will automatically start and you will be asked to update the program before performing scan. If an update is found, the program will automatically update itself.
  7. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from the Malware Bytes Web site. Scroll down the page until you see Latest Database; click Download from GT500.org
  8. Double-click on mbam-rules.exe to install.
  9. On the Scanner tab, make sure the Perform Quick Scan option is selected.
  10. Click on the Scan button.
  11. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  12. The scan will begin and Scan in progress will show at the top. It may take some time to complete; please be patient.
  13. When the scan is finished, a message box will say "The scan completed successfully.
  14. At the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  15. Make sure that everything is checked, and click Remove Selected.
  16. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  17. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  18. Copy and paste the contents of that report in your next reply and exit MBAM.
  19. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Step 7
  1. Please download SUPERAntiSpyware (SAS) - SUPERAntiSpyware Free Version For Home Users
  2. Install it and double-click the icon on your desktop to run it.
  3. It will ask if you want to update the program definitions, click Yes.
  4. Under Configuration and Preferences, click the Preferences button.
  5. Click the Scanning Control tab.
  6. Under Scanner Options, make sure the following are checked:
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
  7. Click the Close button to leave the control center screen.
  8. On the main screen, under Scan for Harmful Software, click Scan your computer.
  9. On the left, check C:\Fixed Drive.
  10. On the right, under Complete Scan, choose Perform Complete Scan.
  11. Click Next to start the scan. Please be patient while it scans your computer.
  12. After the scan is complete, a summary box will appear. Click OK.
  13. Make sure everything in the white box has a check next to it, then click Next.
  14. It will quarantine what it found and if it asks if you want to reboot, click Yes.
  15. To retrieve the removal information, please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything in the notepad, then right-click and choose Copy.
    • Click Close and Close again to exit the program.
  16. Please post that information with a new HijackThis log.

SUPERAntiSpyware Advice:

CAUTION: SuperAntiSpyware comes with a program called Bootsafe, do not for any reason use this program, if used on an infected computer, it could render it UNBOOTABLE.

Step 8

We need to disconnect your computer from the Internet. By doing this, it prevents any further Internet activity until the removal of malware is complete. You need to make it impossible for viruses, trojan horses, worms and spyware to call for backup once you start to dismantle them. They will continue to infect your computer with new variants while you are connected to the Internet. We also need to prevent hackers from controlling your system and they will try to prevent you from removing the pests they installed on your computer.

Close ALL browser windows (including this one). Exit all processes and items in your System tray.

According to how your computer connects to the Internet, please disconnect your computer from the Internet. Possible means of disconnecting your computer from the Internet include:
  • Physically remove the cable for your broadband Internet service “Always On” Connection from your computer.
  • Turn your modem off.
  • Disconnect your modem cable from your computer.
  • Turn the device off for Hand-held wireless connections.
  • Some laptops have a switch that will disconnect the laptop from the Internet.
Step 9

During the process of removing malware from your computer, there are times you may need to use specialized fix tools. Certain embedded files that are part of these specialized fix tools may be detected by your antivirus or anti-malware scanner as a RiskTool, Hacking tool, Potentially unwanted tool, a virus or a Trojan when that is not the case.
These tools have been carefully created and tested by security experts so if your antivirus or anti-malware program flags them as malware, then it is a False Positive. Antivirus scanners cannot distinguish between good and malicious use of such programs; therefore, they may alert you or even automatically remove them. In these cases, the removal of these files can have unpredictable results and unintentional results.
To avoid any problems while using a specialized fix tool, it is very important that you temporarily disable your antivirus and/or anti-malware programs before using the specialized fix tool.
When your system has been cleaned, it is important that you enable your security programs to avoid reinfection.
Please disable the following program(s):

SUPERAntiSpyware

We need to disable SUPERAntiSpyware as it may interfere with the fixes that we need to make.
  1. Right click on the icon in your System Tray.
  2. Click Exit
  3. Make sure that the program, SUPERAntiSpyware itself, is also closed/not running.
Step 10

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

The O6's above should only be present for one or more of the following reasons:
  1. You set the restrictions on purpose.
  2. You used an anti-spyware program like Spybot -S&D's Home Page and Option Lock down features in the Immunize section of Spybot-S&D. Note: the "06" entries may have been set by SpyBot if you selected that option.
    To verify:
    • Open SpyBot > Tools > IE tweaks section.
    • Lock IE start page
    • Lock IE control panel
  3. Your workplace administrator or network administrator set the restrictions.
If none of the above reasons apply, check them to be fixed with HijackThis.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Step 11

Now we will address the HijackThis fixes.
  1. If you have not already done so, please download Trend Micro - HijackThis.
  2. Double click HJTInstall.exe to begin installation.
  3. Accept the installation location, which by default is C:\Program Files\Trend Micro\HijackThis or click the Browse... button if you want to save it in another location.
  4. Click Install.
  5. A shortcut will be created on your Desktop and HijackThis will run automatically.
  6. Click the button labeled Do a system scan only.
  7. Click the Scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
  8. Click in the boxes to the left of the following entries to place check marks (make sure not to miss any):

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

  9. Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.
Step 12

Optional Fixes is the name that we use for fixes for unnecessary programs that load during startup and run in the background. These programs are not required to start automatically as you can start them manually if you need them. You would be removing the program from your startup but you would not be removing the program itself.

Your computer may be sluggish due to the many programs loading during startup and running in the background that are not necessary. Windows has a facility for starting programs at startup time. Some of these programs are required for your computer and the applications installed on it to run correctly. A good example of such a program is a virus-checking application that must always run, constantly checking for and isolating or removing files with viruses. Other such programs are not strictly required, or are optional. In some cases, you can gain significant performance enhancements by disabling the automatic startup of these programs. In many cases, the functionality offered by the programs is still available by starting the programs manually by, for example, starting the program from the Windows Start->Programs menu. Media players and instant messaging programs often fall into this category. In fact, it is common for many modern software applications, when installed, to add programs at startup that add items to the system tray or shortcut (context) menus in Windows Explorer to provide quick access to the features and functions of these applications. While they may be useful, they do increase boot time and consume system resources. It is advised that you disable these programs so that they do not take up necessary resources or slow the boot time.

Other than ScanRegistry, SystemTray, StateMgr, antivirus program entries, and firewall program entries, very few others need to load and run.

Read the articles below to see if it applies to your computer problem with being slow to respond.
Slow Computer/browser? Check Here First; It May Not Be Malware
What to do if your Computer is running slowly
Help! My computer is slow!
50 Tips for a Super Fast PC
4 Ways to Speed Up Your Computer's Performance
It's not always malware: How to fix the top 10 Internet Explorer issues

If you decide that you want to stop the Optional Fixes in your startup, let me know and I will give you a list with instructions. You would be removing the program from your startup but you would not be removing the program itself.

Step 13

Please download and scan with Dr.Web CureIt. Follow the instructions here for performing a scan in "Safe Mode" .
-- Post the log in your next reply.

Perform an anti-rootkit (ARK) scan with one of the following:
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  1. Disconnect from the Internet or physically unplug your Internet cable connection.
  2. Clean out your temporary files.
  3. Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  4. Temporarily disable your anti-virus and real-time anti-spyware protection.
  5. After starting the scan, do not use the computer until the scan has completed.
  6. When finished, enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

Note: Not all hidden components detected by ARKs are malicious. It is normal for a Firewall, some Anti-virus and Anti-malware software (ProcessGuard, Prevx1, AVG AS), sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to hook into the OS kernal/SSDT in order to protect your system. You should not be alarmed if you see any hidden entries created by these software programs after performing a scan.

Step 14

Check to see if you have insecure applications with
Secunia Software Inspector. Secunia Software Inspector:
  1. Detects insecure versions of common/popular programs installed on your computer.
  2. Verifies that all Microsoft patches are applied.
  3. Assists you in updating, patching, and protecting your computer.
  4. Activates additional security features in Sun Java.
  5. Runs through your browser. No installation or download is required.
Step 15

Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan.

Please post:
  1. the list of file names and locations for any files that cannot be cleaned / deleted that were reported after you completed the online scans.
  2. the log from MalwareBytes
  3. the log from SUPERAntiSpyware
  4. a new HijackThis log
Please advise me of any problems you still have.


You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#9 scottpjohnson

scottpjohnson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 18 August 2010 - 03:51 PM

I am currently on Step 6. I encountered numerous problems running the virus scans in the previous step.

I did some poking around and discovered that my DNS setting on my wireless router had been changed, so I changed them back to what they should be and my PC has stopped redirecting me. I plan to continue through the remaining steps to remove any other issues that may still be lurking.

Thank you for your help through this process.

Edited by scottpjohnson, 18 August 2010 - 03:51 PM.


#10 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:34 AM

Posted 18 August 2010 - 04:26 PM

Please let me know if you run into any problems. Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#11 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:34 AM

Posted 31 August 2010 - 01:28 PM




You may be interested in Freeware Replacements For Common Commercial Apps.

Tips To Protect Your Computer
  • Avoid clicking on links in instant messages.
  • Avoid opening email attachments.
  • Avoid visiting every poker site on the net.
  • Avoid downloading all that free cute junk.
  • Avoid using the peer-to-peer file sharing.
  • Avoid getting those handy toolbar doodads for your browsers.
  • Malware is out there just waiting to pounce on your system if you only pass by where they are lurking which may be at some seemingly innocent web site. Be careful because some of the malware are so vicious that no one can possibly save you once you let them in.
  • Remember that new malware emerges every week of the year. Take responsibility for protecting your system because you are its first and best defense.

Tools Downloaded To Clean Your Computer

I may have asked you to install some tools. Whether or not you need to keep these programs must be decided by you. If you choose to uninstall them, follow these directions:
  1. Click Start > Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight the program, click Remove.
  4. Close the Add or Remove Programs and the Control Panel windows.
Optional Tools:
  1. ATF-Cleaner cleans all user temp folders, Java cache, (which seems to be harboring more and more malware), the cache, cookies, history, download history, visited links and saved passwords. Scan weekly if you have high Internet use.
  2. Trend Micro's HijackThis or random's System Information Tool (RSIT) may be uninstalled; however, if you should ever encounter another problem and seek help in this forum or others like it, you will need to download this application.
  3. SUPERAntiSpyware scans, detects, and removes spyware on your computer.
  4. Malwarebytes ' Anti-Malware scans, detects, and removes malware on your computer.
  5. a-squared Free scans, detects, and removes trojans, worms, spyware on your computer.
  6. Spybot S&D scans, detects, and removes malware on your computer.
If you have changed the default settings for files/folders, please restore the default settings for files/folders.
  1. Go to My Computer.
  2. Select the Tools menu and click Folder Options.
  3. Click the View tab.
  4. Under Advanced Settings, click the Restore Defaults button in the lower right corner.
  5. Click Apply and then the OK and close My Computer.
Please take the time to read the "Steps To Keep Your Computer Clean And Secure" below.

STEPS TO KEEP YOUR COMPUTER CLEAN AND SECURE:

Please follow these simple steps in order to keep your computer clean and secure:
  1. Disable and Enable System Restore. After cleaning, you will need to disable the System Restore function For Windows XP.
    Files placed in the System volume information folder are source files for the System Restore function that is available in Windows XP operating system. Files that were healed were moved in their original INFECTED state into this folder and it is necessary to DELETE them by following these steps:
    1. Close all open programs. Then right-click My Computer on the Windows' desktop
    2. Click on Properties.
    3. Click on the System Restore tab.
    4. Check Turn off System Restore on all drives.
    5. Restart the system.
    6. Enable System Restore by going through the first four steps again and uncheck the item mentioned in Step d.
    7. You can find instructions on how to disable and enable system restore in the Windows XP System Restore Guide.
  2. Make your Internet Explorer more secure: This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub frames across different domains to Prompt
    5. When all these settings have been made, click on the OK button.
    6. If it asks you if you want to save the settings, press the Yes button.
    7. Click Apply > OK button and then the OK to exit the Internet Properties page.
  3. Use a Firewall: - I cannot stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls. For more information about firewalls, and why a two-way firewall is better than the Windows XP one-way firewall, please read Understanding and Using Firewalls.
  4. Use An Antivirus Software and Keep It Updated: - It is very important that your computer has an antivirus software running on your machine.  This alone can save you a lot of trouble with malware in the future.  It is imperative that you update your antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out. For an article on antivirus programs and a listing of some available ones see the link below:
    Computer Safety On line - Anti-Virus
  5. Visit Microsoft's Windows Update Site Frequently: It is important that you visit Microsoft Windows Update regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  6. You should scan your computer with Spybot S&D on a regular basis just as you would an anti- virus software. A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware from Your Computer
  7. Update SpywareBlaster (at least weekly): SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firec settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line Anti Malware
  8. Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. Click the start button on the task bar at the bottom of your screen
    2. Click run
    3. In the dialog box, type services.msc
    4. hit enter, then locate dns client
    5. Highlight it, then doubleclick it.
    6. On the dropdown box, change the setting from automatic to manual.
    7. Click OK.
  9. Use an alternative instant messenger program:.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  10. Please read Tony Klein's excellent article: How I got Infected in the First Place
  11. Please read Understanding Spyware, Browser Hijackers, and Dialers
  12. Please read Simple and easy ways to keep your computer safe and secure on the Internet.
  13. If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built in popup blocker (as an added benefit!) that I have ever seen.
    Another good browser is Opera . Opera 9 comes loaded with the tools to keep you productive and safe. Try it today, it's absolutely free. Some of the Opera features are: Customization, BitTorrent, Content blocker, Add your favorite search engines, Thumbnail preview of tabs, Widgets, Transfer manager, Tabbed browsing, Password manager, Sessions (You can save a collection of open tabs as a session, for later retrieval, or start with the pages you had open when Opera was last closed.), Keyboard Shortcuts, Cookie control, a multitude of languages, Validate code, Toggle graphics and style sheets, and Special features such as Full-screen mode, Kiosk mode.
  14. Update all these programs regularly: Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  15. If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.
Follow these steps and your potential for being infected again will reduce dramatically.
Good luck!

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users