Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect, Infomash -- some of the time


  • This topic is locked This topic is locked
13 replies to this topic

#1 thefeintinggoat

thefeintinggoat

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 05 September 2010 - 04:04 PM

Hello all, and thanks in advance for taking the time to help me out.
Been having google redirect issues for about a week, trying to get to the bottom of it.

The problem: First result of any google search will redirect to a random page--infomash is the only one I remember reoccuring. However, it will ONLY be the first result, and this only happens some of the time (somewhere between 40-60%). The rest of the time I get where I'm supposed to. If I click on a cached version of a first result that has redirected me (by going back to the original search page), the cache of the page I was looking for comes up.

What I've done. Ran Malwarebytes--picked up nothing the first run through, neither did an Avast quick scan. Installed SuperAntiSpyware, made sure that the previous two, and Spybot S&D were all updated, booted in safe mode, starting with a boot-time Avast scan. BT Scan found nothing. MBAM picked up a few things, got rid of them, Spybot picked up one of what it called a trojan, SAS same deal. Booted in normal mode, repeated all scans--all found nothing. Same redirect problem still happening, but at slightly less frequency (possibly, hard to say for sure).
Regrettably did not save any logs from these scans; rather foolish on my part.
Windows (Vista) firewall was on before this started and remains on. Any recommendations on others that might be more effective would be appreciated. I've used Comodo in the past and liked it, but would love to get other opinions.

Anyway, did my best to follow these instructions http://www.bleepingcomputer.com/forums/topic34773.html for posting, and I hope I succeeded. Although the problem seems small, could be a sign of something bigger and I don't want to wait to see what that might be.
DDS log below. Other two (attach from Run DDS and GMER scan log) attached.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Laura Warden at 16:07:25.03 on Sun 09/05/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3032.1290 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\IgrsSvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Compal\TmlCMode\TmlCMode.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Laura Warden\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
C:\Program Files\DDNI\DIBS\DDNIService.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Laura Warden\Desktop\Bleeping Computer\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.blackle.com/
mDefault_Page_URL = hxxp://www.lenovo.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\laura warden\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [F.lux] "c:\users\laura warden\local settings\apps\f.lux\flux.exe" /noshow
uRun: [ReadyComm] c:\program files\lenovo\readycomm\ReadyComm.exe -TrayMode
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Unattend0000000001{70EB91E7-FAAB-44A4-BA19-C0A45B228BC0}] c:\windows\test.bat
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SmartAudio] c:\program files\conexant\smartaudio\SMAUDIO.EXE /c
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [TmlCMode] c:\program files\compal\tmlcmode\TmlCMode.exe
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /pausefor=600
mRun: [VeriFaceManager] c:\program files\lenovo\verifaceiii\PManage.exe
mRun: [IdeaNotesUser] c:\program files\ddni\lenovo idea notes\DDNIMSGUser.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\lauraw~1\appdata\roaming\mozilla\firefox\profiles\k5cdox4z.default\
FF - prefs.js: browser.startup.homepage - www.blackle.com
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - plugin: c:\users\laura warden\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\laura warden\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\laura warden\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\laura warden\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\laura warden\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-1-14 17192]
R0 Wdkbdmou;Lenovo RMCT KbdMou Service;c:\windows\system32\drivers\Wdkbdmou.sys [2008-5-21 8832]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-1 114768]
R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-1-14 49472]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-1 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-9-1 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-1 138680]
R2 DDNIMSGService;DDNIMSGService;c:\program files\ddni\lenovo idea notes\DDNIMSGService.exe [2008-10-6 172720]
R2 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2009-1-15 160432]
R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2008-2-14 32768]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe [2009-1-15 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-1-15 47680]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-1-14 18448]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-1 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-1 352920]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-24 183808]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-5-15 54784]
R3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\drivers\enecirhid.sys [2008-5-15 11264]
R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\drivers\enecirhidma.sys [2008-5-15 5632]
R3 fgliiaob;fgliiaob;C:\fgliiaob.sys [2010-9-5 93056]
R3 IncSvc;ReadyComm Network Monitor and Configuration;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-10-24 112128]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-5-15 3658752]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-5-13 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-11 43608]
R3 vm331avs;Lenovo EasyCamera;c:\windows\system32\drivers\vm331avs.sys [2008-11-4 973568]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2008-5-21 8832]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-1-15 81192]

=============== Created Last 30 ================

2010-09-05 20:06:20 0 ----a-w- c:\users\laura warden\defogger_reenable
2010-09-05 19:12:58 93056 ----a-w- C:\fgliiaob.sys
2010-09-04 23:29:05 0 d-----w- c:\users\lauraw~1\appdata\roaming\SUPERAntiSpyware.com
2010-09-04 23:29:05 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-04 23:28:59 0 d-----w- c:\program files\SUPERAntiSpyware
2010-09-04 23:24:00 306272490 ----a-w- c:\windows\MEMORY.DMP
2010-09-04 23:19:02 0 d-----w- c:\program files\Trend Micro
2010-09-04 23:17:37 0 d-----w- c:\programdata\Comodo Downloader
2010-08-21 22:56:16 0 d-----w- c:\windows\pss
2010-08-19 02:04:14 0 d-----w- c:\program files\common files\DivX Shared
2010-08-19 02:02:38 0 d-----w- c:\program files\DivX
2010-08-19 02:02:11 0 d-----w- c:\programdata\DivX
2010-08-18 14:31:25 0 d-----w- c:\program files\iPod
2010-08-18 14:31:21 0 d-----w- c:\program files\iTunes
2010-08-18 14:25:45 0 d-----w- c:\program files\Bonjour
2010-08-12 14:35:10 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-12 14:35:02 834048 ----a-w- c:\windows\system32\wininet.dll
2010-08-12 14:35:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-08-12 14:34:57 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-12 14:34:51 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 14:34:47 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 14:34:37 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 14:34:36 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 14:34:34 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 14:34:32 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 14:34:32 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 14:34:29 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-10 09:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 09:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-08-18 14:27:55 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-18 14:27:55 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-18 14:27:55 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-27 16:32:05 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-27 16:23:53 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-03-25 23:38:19 27533 ----a-w- c:\program files\Uninstal.log
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-01-15 02:28:21 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:07:42.83 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:21 PM

Posted 13 September 2010 - 04:28 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:21 PM

Posted 20 September 2010 - 05:48 AM

Due to lack of feedback, this topic will now be closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:21 PM

Posted 23 September 2010 - 11:27 AM

Topic reopened as requested. Please follow the steps in my first post.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 thefeintinggoat

thefeintinggoat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 23 September 2010 - 11:03 PM

Will do--thank you so much for reopening it. Update on the problem as well: Some other sites have been re-occuring, but not many. Has happened with other google results besides the first as well.

****

OTL.txt

OTL logfile created on: 9/23/2010 12:21:59 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Laura Warden\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 252.95 Gb Total Space | 162.88 Gb Free Space | 64.39% Space Free | Partition Type: NTFS
Drive D: | 30.39 Gb Total Space | 28.03 Gb Free Space | 92.24% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAURAWARDEN-PC
Current User Name: Laura Warden
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/23 12:20:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Laura Warden\Desktop\OTL.exe
PRC - [2010/09/16 18:05:50 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/16 18:05:49 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/31 11:39:14 | 000,083,440 | ---- | M] (Google) -- C:\Users\Laura Warden\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/16 13:44:20 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Laura Warden\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/11/24 19:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/09/11 19:17:08 | 000,160,432 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\DIBS\DDNIService.exe
PRC - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Laura Warden\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/08/24 12:15:58 | 000,172,720 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
PRC - [2009/08/24 12:15:32 | 000,221,872 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
PRC - [2009/04/11 02:27:58 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/12 15:31:54 | 002,303,216 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2009/01/15 12:23:14 | 002,916,352 | ---- | M] () -- C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
PRC - [2009/01/14 23:36:51 | 000,348,160 | ---- | M] (Compal Electronic Inc.) -- C:\Program Files\Compal\TmlCMode\TmlCMode.exe
PRC - [2008/10/15 02:49:04 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008/08/26 18:52:20 | 005,289,888 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2008/07/31 14:55:06 | 008,851,456 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008/07/21 00:19:52 | 002,701,880 | ---- | M] (Conexant) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
PRC - [2008/06/18 22:47:14 | 000,284,096 | ---- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\CarbonitePreinstaller.exe
PRC - [2008/04/23 20:59:40 | 000,430,080 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
PRC - [2008/02/14 17:33:14 | 000,032,768 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
PRC - [2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe
PRC - [2008/01/20 22:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/05/11 20:26:32 | 000,421,888 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe
PRC - [2007/02/12 04:43:46 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe


========== Modules (SafeList) ==========

MOD - [2010/09/23 12:20:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Laura Warden\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/09/11 19:17:08 | 000,160,432 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2009/08/24 12:15:58 | 000,172,720 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
SRV - [2008/04/23 20:59:40 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
SRV - [2008/02/14 17:33:14 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IgrsSvcs.exe -- (PS_MDP)
SRV - [2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IgrsSvcs.exe -- (IncSvc)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/02/12 04:43:46 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/04/14 14:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2006/04/14 14:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006/04/14 14:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005/10/14 07:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/24 19:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 19:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 19:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/11/24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/01/14 23:50:46 | 000,049,472 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2008/10/06 22:04:24 | 002,473,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/09/11 00:32:50 | 000,973,568 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2008/07/14 21:20:26 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/06/11 22:28:58 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008/05/21 19:05:34 | 000,008,832 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2008/05/21 19:04:04 | 000,008,832 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Wdkbdmou.sys -- (Wdkbdmou)
DRV - [2008/05/21 12:35:26 | 000,220,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/13 01:48:06 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/04/29 05:56:32 | 000,011,264 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhid.sys -- (enecirhid)
DRV - [2008/04/29 05:55:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/04/27 19:29:28 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/04/25 13:16:38 | 000,005,632 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhidma.sys -- (enecirhidma)
DRV - [2008/04/10 10:11:14 | 000,199,728 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/25 04:41:32 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/03/25 04:39:22 | 000,207,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/03/25 04:38:34 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/01/24 22:32:24 | 000,183,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/10 14:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
DRV - [2008/01/02 13:50:26 | 000,018,448 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2007/11/23 21:00:02 | 000,047,680 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2007/10/25 20:06:04 | 000,017,192 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\EMSC.SYS -- (EMSC)
DRV - [2007/10/18 04:36:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/05/23 04:33:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-188890621-3632296348-2597848923-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.com/
IE - HKU\S-1-5-21-188890621-3632296348-2597848923-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-188890621-3632296348-2597848923-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-188890621-3632296348-2597848923-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.blackle.com"
FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:1.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {48607020-D327-4808-A174-B13B8F94604F}:1.9.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/16 18:05:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 18:05:51 | 000,000,000 | ---D | M]

[2009/05/30 13:05:45 | 000,000,000 | ---D | M] -- C:\Users\Laura Warden\AppData\Roaming\Mozilla\Extensions
[2010/09/23 12:15:35 | 000,000,000 | ---D | M] -- C:\Users\Laura Warden\AppData\Roaming\Mozilla\Firefox\Profiles\k5cdox4z.default\extensions
[2010/05/22 11:44:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Laura Warden\AppData\Roaming\Mozilla\Firefox\Profiles\k5cdox4z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/22 11:44:34 | 000,000,000 | ---D | M] -- C:\Users\Laura Warden\AppData\Roaming\Mozilla\Firefox\Profiles\k5cdox4z.default\extensions\bettergmail2@ginatrapani.org
[2010/01/25 18:29:59 | 000,001,606 | ---- | M] () -- C:\Users\Laura Warden\AppData\Roaming\Mozilla\Firefox\Profiles\k5cdox4z.default\searchplugins\amazondotcom.xml
[2010/01/25 19:53:36 | 000,000,939 | ---- | M] () -- C:\Users\Laura Warden\AppData\Roaming\Mozilla\Firefox\Profiles\k5cdox4z.default\searchplugins\dictionary.xml
[2009/06/23 20:58:27 | 000,001,595 | ---- | M] () -- C:\Users\Laura Warden\AppData\Roaming\Mozilla\Firefox\Profiles\k5cdox4z.default\searchplugins\ebay.xml
[2009/09/30 21:31:36 | 000,001,713 | ---- | M] () -- C:\Users\Laura Warden\AppData\Roaming\Mozilla\Firefox\Profiles\k5cdox4z.default\searchplugins\youtube-video-search.xml
[2009/11/11 05:50:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-188890621-3632296348-2597848923-1004\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKU\S-1-5-21-188890621-3632296348-2597848923-1004\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant)
O4 - HKLM..\Run: [TmlCMode] C:\Program Files\Compal\TmlCMode\TmlCMode.exe (Compal Electronic Inc.)
O4 - HKLM..\Run: [Unattend0000000001{70EB91E7-FAAB-44A4-BA19-C0A45B228BC0}] C:\Windows\test.bat File not found
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-188890621-3632296348-2597848923-1004..\Run: [F.lux] C:\Users\Laura Warden\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-188890621-3632296348-2597848923-1004..\Run: [ReadyComm] C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-188890621-3632296348-2597848923-1004..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-188890621-3632296348-2597848923-1004..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O4 - Startup: C:\Users\Laura Warden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Laura Warden\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Laura Warden\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{379372a8-d7af-11de-9c5f-00235a6b691c}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{99eebae8-6b07-11de-9c94-00235a6b691c}\Shell\explore\Command - "" = Backup.exe
O33 - MountPoints2\{99eebae8-6b07-11de-9c94-00235a6b691c}\Shell\open\Command - "" = Backup.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/23 12:20:42 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Laura Warden\Desktop\OTL.exe
[2010/09/22 19:57:34 | 000,000,000 | ---D | C] -- C:\Users\Laura Warden\AppData\Roaming\AccurateRip
[2010/09/22 19:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\Exact Audio Copy
[2010/09/22 19:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\FLAC
[2010/09/16 18:06:53 | 000,000,000 | ---D | C] -- C:\Users\Laura Warden\Desktop\2010-09-16
[2010/09/12 21:33:49 | 000,000,000 | ---D | C] -- C:\Users\Laura Warden\Desktop\2010-09-12
[2010/09/12 19:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/09/05 17:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/05 17:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/05 15:12:58 | 000,093,056 | ---- | C] (GMER) -- C:\fgliiaob.sys
[2010/09/05 15:06:26 | 000,000,000 | ---D | C] -- C:\Users\Laura Warden\Desktop\Bleeping Computer
[2010/09/04 19:29:05 | 000,000,000 | ---D | C] -- C:\Users\Laura Warden\AppData\Roaming\SUPERAntiSpyware.com
[2010/09/04 19:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/09/04 19:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/04 19:24:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/09/04 19:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/04 19:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2010/08/26 18:10:00 | 000,000,000 | ---D | C] -- C:\Users\Laura Warden\Desktop\TS@Rockies
[2010/08/24 18:13:14 | 000,000,000 | ---D | C] -- C:\Users\Laura Warden\AppData\Roaming\DivX
[2010/08/21 18:56:16 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/08/21 15:48:27 | 000,000,000 | ---D | C] -- C:\Users\Laura Warden\AppData\Local\{48607020-D327-4808-A174-B13B8F94604F}
[2010/08/21 15:46:08 | 000,000,000 | ---D | C] -- C:\Users\Laura Warden\AppData\Local\Windows
[2010/08/20 11:49:27 | 000,000,000 | ---D | C] -- C:\Users\Laura Warden\Documents\MATH 7 to do asap
[2010/08/20 11:11:58 | 000,000,000 | ---D | C] -- C:\Users\Laura Warden\Documents\MATH 7 Common Core Standards
[2010/08/18 22:04:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/08/18 22:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/08/18 22:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/08/18 10:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/04 11:09:03 | 000,000,000 | ---D | C] -- C:\Users\Laura Warden\Desktop\monteverdi
[2010/07/30 17:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\Artensoft Photo Mosaic Wizard
[2010/07/28 18:16:06 | 000,000,000 | ---D | C] -- C:\Users\Laura Warden\Desktop\2010-07-28
[2010/07/08 13:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/08 13:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/04 21:29:49 | 000,000,000 | ---D | C] -- C:\Users\Laura Warden\Desktop\2010-07-04
[2010/06/27 12:32:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/06/27 12:32:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/06/27 12:32:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/01/14 23:53:39 | 001,526,576 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax9f.exe

========== Files - Modified Within 90 Days ==========

[2010/09/23 12:25:00 | 000,000,460 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EB5DCDB7-90EE-4FBC-99F3-4DE963CE0FD9}.job
[2010/09/23 12:22:15 | 002,097,152 | -HS- | M] () -- C:\Users\Laura Warden\NTUSER.DAT
[2010/09/23 12:21:44 | 000,001,356 | ---- | M] () -- C:\Users\Laura Warden\AppData\Local\d3d9caps.dat
[2010/09/23 12:20:57 | 000,133,632 | ---- | M] () -- C:\Users\Laura Warden\Desktop\RKUnhookerLE.EXE
[2010/09/23 12:20:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Laura Warden\Desktop\OTL.exe
[2010/09/23 12:20:26 | 000,000,458 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{410DD110-3D31-4442-AE50-3AD2D8F902EE}.job
[2010/09/23 12:04:14 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2010/09/23 12:04:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/23 12:04:01 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/23 12:04:01 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/23 12:03:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/23 12:03:51 | 3179,913,216 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/23 06:28:05 | 000,524,288 | -HS- | M] () -- C:\Users\Laura Warden\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/09/23 06:28:05 | 000,065,536 | -HS- | M] () -- C:\Users\Laura Warden\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/23 06:28:01 | 002,750,446 | -H-- | M] () -- C:\Users\Laura Warden\AppData\Local\IconCache.db
[2010/09/22 20:56:19 | 000,021,777 | ---- | M] () -- C:\Users\Laura Warden\Documents\Masters personal essay.odt
[2010/09/22 20:49:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-188890621-3632296348-2597848923-1004UA.job
[2010/09/22 20:01:00 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2010/09/22 19:57:23 | 000,000,789 | ---- | M] () -- C:\Users\Laura Warden\Desktop\Exact Audio Copy.lnk
[2010/09/22 13:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-188890621-3632296348-2597848923-1004Core.job
[2010/09/21 13:32:27 | 000,756,644 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/21 13:32:27 | 000,642,392 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/21 13:32:27 | 000,118,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/21 12:49:50 | 000,002,077 | ---- | M] () -- C:\Users\Laura Warden\Desktop\Google Chrome.lnk
[2010/09/21 12:49:50 | 000,002,039 | ---- | M] () -- C:\Users\Laura Warden\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/19 00:42:32 | 000,057,344 | ---- | M] () -- C:\Users\Laura Warden\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/12 23:10:28 | 007,135,736 | ---- | M] () -- C:\Users\Laura Warden\Desktop\Desktop.zip
[2010/09/06 08:23:01 | 000,007,896 | ---- | M] () -- C:\Users\Laura Warden\Documents\Marist personal essay.odt
[2010/09/05 20:48:03 | 000,025,001 | ---- | M] () -- C:\Users\Laura Warden\Documents\Canning Intructions.odt
[2010/09/05 17:20:21 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/05 16:06:20 | 000,000,000 | ---- | M] () -- C:\Users\Laura Warden\defogger_reenable
[2010/09/05 15:12:58 | 000,093,056 | ---- | M] (GMER) -- C:\fgliiaob.sys
[2010/09/04 19:24:00 | 306,272,490 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/29 00:01:20 | 000,015,629 | ---- | M] () -- C:\Users\Laura Warden\Documents\Inventory - belongings.ods
[2010/08/27 13:53:22 | 000,022,115 | ---- | M] () -- C:\Users\Laura Warden\Documents\Recipe - Cider Beans.odt
[2010/08/21 15:48:28 | 000,000,120 | ---- | M] () -- C:\Users\Laura Warden\AppData\Local\Wliwohidozotuqo.dat
[2010/08/21 15:48:28 | 000,000,000 | ---- | M] () -- C:\Users\Laura Warden\AppData\Local\Xmikimoxi.bin
[2010/08/20 09:20:19 | 000,394,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/18 22:04:30 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/08/13 13:05:19 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/08/04 19:50:52 | 000,029,810 | ---- | M] () -- C:\Users\Laura Warden\Documents\OHARA.odt
[2010/07/30 17:42:48 | 000,001,040 | ---- | M] () -- C:\Users\Laura Warden\Application Data\Microsoft\Internet Explorer\Quick Launch\Artensoft Photo Mosaic Wizard.lnk
[2010/07/24 23:06:25 | 000,026,682 | ---- | M] () -- C:\Users\Laura Warden\Desktop\Letter to Jared.odt
[2010/06/27 12:42:19 | 000,000,903 | ---- | M] () -- C:\Users\Laura Warden\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2010/09/23 12:20:56 | 000,133,632 | ---- | C] () -- C:\Users\Laura Warden\Desktop\RKUnhookerLE.EXE
[2010/09/22 20:56:18 | 000,021,777 | ---- | C] () -- C:\Users\Laura Warden\Documents\Masters personal essay.odt
[2010/09/22 19:57:23 | 000,000,789 | ---- | C] () -- C:\Users\Laura Warden\Desktop\Exact Audio Copy.lnk
[2010/09/12 23:10:27 | 007,135,736 | ---- | C] () -- C:\Users\Laura Warden\Desktop\Desktop.zip
[2010/09/08 12:23:30 | 000,002,077 | ---- | C] () -- C:\Users\Laura Warden\Desktop\Google Chrome.lnk
[2010/09/08 12:23:30 | 000,002,039 | ---- | C] () -- C:\Users\Laura Warden\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/06 08:23:00 | 000,007,896 | ---- | C] () -- C:\Users\Laura Warden\Documents\Marist personal essay.odt
[2010/09/05 20:48:01 | 000,025,001 | ---- | C] () -- C:\Users\Laura Warden\Documents\Canning Intructions.odt
[2010/09/05 17:20:21 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/05 16:06:20 | 000,000,000 | ---- | C] () -- C:\Users\Laura Warden\defogger_reenable
[2010/09/04 22:06:08 | 3179,913,216 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/04 19:24:00 | 306,272,490 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/27 13:53:40 | 000,015,629 | ---- | C] () -- C:\Users\Laura Warden\Documents\Inventory - belongings.ods
[2010/08/27 13:53:21 | 000,022,115 | ---- | C] () -- C:\Users\Laura Warden\Documents\Recipe - Cider Beans.odt
[2010/08/21 15:48:28 | 000,000,120 | ---- | C] () -- C:\Users\Laura Warden\AppData\Local\Wliwohidozotuqo.dat
[2010/08/21 15:48:28 | 000,000,000 | ---- | C] () -- C:\Users\Laura Warden\AppData\Local\Xmikimoxi.bin
[2010/08/18 22:04:30 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/08/04 19:50:52 | 000,029,810 | ---- | C] () -- C:\Users\Laura Warden\Documents\OHARA.odt
[2010/07/30 17:42:48 | 000,001,040 | ---- | C] () -- C:\Users\Laura Warden\Application Data\Microsoft\Internet Explorer\Quick Launch\Artensoft Photo Mosaic Wizard.lnk
[2010/07/22 22:06:34 | 000,026,682 | ---- | C] () -- C:\Users\Laura Warden\Desktop\Letter to Jared.odt
[2010/03/25 19:38:19 | 000,027,533 | ---- | C] () -- C:\Program Files\Uninstal.log
[2009/11/27 19:00:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/14 01:01:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/29 01:58:06 | 000,001,728 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/06/25 00:56:02 | 000,001,356 | ---- | C] () -- C:\Users\Laura Warden\AppData\Local\d3d9caps.dat
[2009/06/16 12:02:05 | 000,057,344 | ---- | C] () -- C:\Users\Laura Warden\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/15 12:23:19 | 009,338,880 | ---- | C] () -- C:\Windows\System32\Facev.dll
[2009/01/15 12:23:19 | 000,491,520 | ---- | C] () -- C:\Windows\System32\picn.dll
[2009/01/15 12:23:19 | 000,208,896 | ---- | C] () -- C:\Windows\System32\image.dll
[2009/01/15 12:23:17 | 000,655,360 | ---- | C] () -- C:\Windows\System32\EncIcons.dll
[2009/01/15 12:23:17 | 000,053,248 | ---- | C] () -- C:\Windows\System32\FunFrm.dll
[2009/01/15 12:23:16 | 000,507,904 | ---- | C] () -- C:\Windows\System32\SimpleExt.dll
[2009/01/15 12:23:16 | 000,241,752 | ---- | C] () -- C:\Windows\System32\IcnOvrly.dll
[2009/01/15 12:23:16 | 000,221,184 | ---- | C] () -- C:\Windows\System32\SetDev.dll
[2009/01/15 12:23:16 | 000,126,976 | ---- | C] () -- C:\Windows\System32\VideoOp.dll
[2009/01/15 12:23:15 | 009,502,720 | ---- | C] () -- C:\Windows\System32\FaceVerify.dll
[2009/01/15 12:23:15 | 001,564,672 | ---- | C] () -- C:\Windows\System32\MainOp.dll
[2009/01/15 12:23:15 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DevFilt.dll
[2009/01/15 12:23:14 | 001,974,272 | ---- | C] () -- C:\Windows\System32\Imagereog.dll
[2009/01/15 12:23:14 | 000,581,632 | ---- | C] () -- C:\Windows\System32\PicNotify.dll
[2009/01/15 12:23:14 | 000,442,368 | ---- | C] () -- C:\Windows\System32\Apblend.dll
[2009/01/15 12:23:14 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Momo.dll
[2009/01/14 23:50:49 | 000,057,344 | ---- | C] () -- C:\Windows\AsfHelper.dll
[2009/01/14 23:50:49 | 000,049,472 | ---- | C] () -- C:\Windows\System32\drivers\funfrm.sys
[2009/01/14 23:50:44 | 000,241,664 | ---- | C] () -- C:\Windows\System32\3DImageRenderer.dll
[2009/01/14 23:37:25 | 000,266,240 | ---- | C] () -- C:\Windows\System32\EMSC.DLL
[2008/11/04 05:19:25 | 000,001,001 | ---- | C] () -- C:\Windows\vm331Rmv.ini
[2008/10/24 21:51:26 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/10/24 21:51:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2008/06/06 02:18:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/05/21 19:04:04 | 000,008,832 | ---- | C] () -- C:\Windows\System32\drivers\Wdkbdmou.sys
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2010/06/15 18:02:37 | 000,000,000 | ---D | M] -- C:\Users\Laura Warden\AppData\Roaming\Facebook
[2009/05/30 06:47:26 | 000,000,000 | ---D | M] -- C:\Users\Laura Warden\AppData\Roaming\Lenovo
[2009/05/30 13:31:49 | 000,000,000 | ---D | M] -- C:\Users\Laura Warden\AppData\Roaming\Miranda
[2009/06/13 14:02:25 | 000,000,000 | ---D | M] -- C:\Users\Laura Warden\AppData\Roaming\OpenOffice.org
[2010/03/25 19:38:15 | 000,000,000 | ---D | M] -- C:\Users\Laura Warden\AppData\Roaming\RMS
[2009/06/16 11:23:46 | 000,000,000 | ---D | M] -- C:\Users\Laura Warden\AppData\Roaming\WeatherBug
[2010/09/22 20:01:00 | 000,000,270 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2010/09/23 06:28:06 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/23 12:20:26 | 000,000,458 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{410DD110-3D31-4442-AE50-3AD2D8F902EE}.job
[2010/09/23 12:25:00 | 000,000,460 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EB5DCDB7-90EE-4FBC-99F3-4DE963CE0FD9}.job

========== Purity Check ==========


< End of report >

****

Extra.txt

OTL Extras logfile created on: 9/23/2010 12:21:59 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Laura Warden\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 252.95 Gb Total Space | 162.88 Gb Free Space | 64.39% Space Free | Partition Type: NTFS
Drive D: | 30.39 Gb Total Space | 28.03 Gb Free Space | 92.24% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAURAWARDEN-PC
Current User Name: Laura Warden
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-188890621-3632296348-2597848923-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{35996CAD-E65D-4D9D-912F-531BE89B37B7}" = rport=137 | protocol=17 | dir=out | app=system |
"{51A6168E-F19D-41D1-9BC1-5E6F7FEBD827}" = rport=445 | protocol=6 | dir=out | app=system |
"{521A5954-0444-4BDF-A50E-748118B236D5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{60072361-25B2-4F6D-AE7C-83A13A15E2E7}" = rport=139 | protocol=6 | dir=out | app=system |
"{94620383-61E1-4A33-B93C-B35AD12520CC}" = lport=137 | protocol=17 | dir=in | app=system |
"{A7CF4413-1731-4D44-8449-C076A98F9692}" = lport=138 | protocol=17 | dir=in | app=system |
"{ACF5B386-FA66-4471-86F0-713B60D5B923}" = lport=139 | protocol=6 | dir=in | app=system |
"{B38F8090-F0C3-46B6-9D35-3069F58308FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EAB5DFD3-5762-4D15-B372-6A8018E6ED25}" = rport=138 | protocol=17 | dir=out | app=system |
"{F8A1277B-6B95-43F2-B2AF-ABAF09FDFBAF}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08AD6B5A-D230-4DD2-A84B-730FBEA8B0AE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{13C094D8-E6B2-4B1A-B363-D3DF5AAD992D}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{35E1A19A-1579-48CC-853A-C9F5FF74B06E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4FAFE681-0591-457C-9780-CD9A0580A04B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5B8728D8-7599-47A9-B418-DEC1E57FF0FD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6726E357-26AF-4CD9-9927-B5C226C8F0A8}" = dir=in | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{790036DF-C260-41C6-9BEC-E2B9B29F9493}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7ABBA709-5304-4B7D-82A3-A30FC7BBE382}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{7E8671E7-DE1F-4BF2-BFE2-DE36B0323B92}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"{882F9A40-12BF-4918-8F9B-050D9FF00CA1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8C425463-3B9F-47A7-89E4-923D65D6A409}" = dir=in | app=c:\program files\lenovo\readycomm\filereceiver.exe |
"{B327CC90-BAFC-422E-9F96-67286DD05021}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{BBECFBB5-BFED-4152-8AB8-AE59377F6198}" = dir=out | app=c:\program files\lenovo\readycomm\filereceiver.exe |
"{C9667250-232A-4A52-B954-2E9535C3D16D}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{CEAFD10C-3206-4710-8C79-1D507952DE26}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{D522D80D-1F8E-460B-889B-CCBC9093D93A}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{EE713DA8-45DD-4395-B546-64F296F6C7A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{0332D231-F206-4FDB-933F-F34AB3752963}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"TCP Query User{1B7A3D3F-EBF7-4251-B48B-F4E9868FB454}C:\program files\digsby\lib\digsby-app.exe" = protocol=6 | dir=in | app=c:\program files\digsby\lib\digsby-app.exe |
"TCP Query User{9E1D0FBE-2D25-49A2-BD55-96D37F9E6B33}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"TCP Query User{B6B2AE94-D6DF-4CE7-A4E5-88B9EEC77C94}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{CF682400-D889-4A51-A10D-6064E43FB521}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D3DDF8B6-BF5D-4F5E-AC68-5A714F9D0011}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{E3135939-BF4C-4F86-B6F0-7C6E4E7961E2}C:\program files\digsby\lib\digsby-app.exe" = protocol=6 | dir=in | app=c:\program files\digsby\lib\digsby-app.exe |
"UDP Query User{B3E2822F-3699-41D4-AB4C-197C1D17C44A}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{BB6D0541-B7DE-487E-9DDB-7C23CD47199B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{BF5049C5-75A4-4839-9FF8-BB78FEA42C4D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D9F12921-DA8B-4DFC-B3D7-CF61F7D60C2A}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"UDP Query User{DDA8BC0C-2D38-4FBB-8848-CCA047548DCD}C:\program files\digsby\lib\digsby-app.exe" = protocol=17 | dir=in | app=c:\program files\digsby\lib\digsby-app.exe |
"UDP Query User{E726282B-ECB4-4564-B86A-AEB726D22F68}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"UDP Query User{FAE395A9-83A8-40DC-AC01-684F49AEC0D5}C:\program files\digsby\lib\digsby-app.exe" = protocol=17 | dir=in | app=c:\program files\digsby\lib\digsby-app.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{26E9EE62-5517-4C46-8B6E-B7C9A0A95D66}" = SWelCntr
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{34A350D1-64FB-36D8-9D0C-1CD8E392DBA5}" = Google Talk Plugin
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BD5B5D2-406D-4bc5-BB10-2F0D1D367C95}" = c6100_Help
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6345DBAE-79E8-443A-9A21-926DA3998A70}" = Lenovo First Boot
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{720264BB-47DB-4728-9B00-AEA049576F48}" = Lenovo Idea Notes
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 4.0
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C200A620-DD82-42A9-9A32-2CDA92914DCB}" = O2Micro Flash Memory Card Reader Driver (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7FB1A71-D808-4CD2-997D-837B39EA7EB0}" = DIBS
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ECF9A76C-EDCE-45EF-95B0-6CD652DA8AF8}" = TmlCMode
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FAA9B753-45CE-4581-876C-55D97939B631}" = C6100
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"7-Zip" = 7-Zip 4.65
"AccompanEase" = AccompanEase
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Artensoft Photo Mosaic Wizard_is1" = Artensoft Photo Mosaic Wizard
"avast!" = avast! Antivirus
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"Celestia_is1" = Celestia 1.6.0
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Diablo II" = Diablo II
"Digsby" = Digsby
"DivX Setup.divx.com" = DivX Setup
"EasyBCD" = EasyBCD 1.7.2
"EasyCapture3.0" = EasyCapture
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"FLAC" = FLAC 1.2.1b (remove only)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{ECF9A76C-EDCE-45EF-95B0-6CD652DA8AF8}" = TmlCMode
"Lenovo Idea Central" = Lenovo Idea Central
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.24
"RealPlayer 12.0" = RealPlayer
"RocketDock_is1" = RocketDock 1.3.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.17
"VeriFace III" = VeriFace III
"verizon_broad" = Verizon Broadband Toolbar (IE only)
"Windows Live Toolbar" = Windows Live Toolbar
"Wubi" = Ubuntu

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-188890621-3632296348-2597848923-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Flux" = F.lux
"GCalc 3" = GCalc 3
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 9/20/2009 2:24:29 PM | Computer Name = LauraWarden-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000003.

Error - 9/20/2009 2:24:29 PM | Computer Name = LauraWarden-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000002.

Error - 9/20/2009 2:24:29 PM | Computer Name = LauraWarden-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000002.

Error - 9/20/2009 2:24:29 PM | Computer Name = LauraWarden-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000002.

Error - 9/20/2009 2:24:29 PM | Computer Name = LauraWarden-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000002.

Error - 8/21/2010 7:06:59 PM | Computer Name = LauraWarden-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.

[ Application Events ]
Error - 9/11/2010 6:11:05 PM | Computer Name = LauraWarden-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1310

Error - 9/11/2010 6:11:07 PM | Computer Name = LauraWarden-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/11/2010 6:11:07 PM | Computer Name = LauraWarden-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2433

Error - 9/11/2010 6:11:07 PM | Computer Name = LauraWarden-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2433

Error - 9/11/2010 6:11:08 PM | Computer Name = LauraWarden-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/11/2010 6:11:08 PM | Computer Name = LauraWarden-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3447

Error - 9/11/2010 6:11:08 PM | Computer Name = LauraWarden-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3447

Error - 9/11/2010 8:49:05 PM | Computer Name = LauraWarden-PC | Source = Google Update | ID = 20
Description =

Error - 9/12/2010 12:25:34 PM | Computer Name = LauraWarden-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/12/2010 4:42:13 PM | Computer Name = LauraWarden-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/22/2010 9:59:29 AM | Computer Name = LauraWarden-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 9/22/2010 1:04:22 PM | Computer Name = LauraWarden-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/22/2010 1:04:22 PM | Computer Name = LauraWarden-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 9/22/2010 6:20:26 PM | Computer Name = LauraWarden-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/22/2010 6:20:26 PM | Computer Name = LauraWarden-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 9/22/2010 9:00:17 PM | Computer Name = LauraWarden-PC | Source = DCOM | ID = 10010
Description =

Error - 9/23/2010 6:26:23 AM | Computer Name = LauraWarden-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/23/2010 6:26:28 AM | Computer Name = LauraWarden-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 9/23/2010 12:05:37 PM | Computer Name = LauraWarden-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/23/2010 12:05:38 PM | Computer Name = LauraWarden-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

*****

RKUnhooker Log

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8DE0C000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7315456 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x8220A000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x8220A000 PnpManager 3903488 bytes
0x8220A000 RAW 3903488 bytes
0x8220A000 WMIxWDM 3903488 bytes
0x8E80B000 C:\Windows\system32\DRIVERS\NETw5v32.sys 3698688 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x97640000 Win32k 2109440 bytes
0x97640000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8A40D000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8A080000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8F80D000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8FC95000 C:\Windows\System32\Drivers\vm331avs.sys 974848 bytes (Vimicro Corporation, VM0331 Digital Camera Driver)
0x8A209000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804E0000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xAFE00000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8F90F000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x90911000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8E506000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8A32D000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80606000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8A00F000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80416000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xAE001000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAE171000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x80738000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8FC01000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8068F000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8049F000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8ECC4000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8E5BC000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8F0FB000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x90808000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8A1B6000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8F0C1000 C:\Windows\system32\drivers\CHDRT32.sys 237568 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0xAE0F9000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A51D000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8F008000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x825C3000 ACPI_HAL 208896 bytes
0x825C3000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x805C0000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8FC4D000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8EB92000 C:\Windows\system32\DRIVERS\b57nd60x.sys 200704 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS6.0 Driver.)
0x8EC08000 C:\Windows\system32\DRIVERS\SynTP.sys 196608 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8EC95000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8F06F000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8A18B000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8EDC7000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x909D1000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8A575000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806E6000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xAE14A000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8A3BA000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8F09C000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8ED32000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8FDC2000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x90865000 C:\Windows\System32\Drivers\aswSP.SYS 135168 bytes (ALWIL Software, avast! self protection module)
0x8A5AD000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8F04E000 C:\Windows\system32\drivers\IntcHdmi.sys 135168 bytes (Intel® Corporation, Intel® High Definition Audio HDMI)
0xAE0B9000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8EDA4000 C:\Windows\system32\DRIVERS\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAE0DA000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8079A000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xAE06E000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8A2F3000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x908D7000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xAE08B000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8EC50000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8EC6E000 C:\Windows\system32\DRIVERS\enecir.sys 98304 bytes (ENE TECHNOLOGY INC., ENE CIR Driver for eHome)
0xAE132000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x908F2000 C:\Windows\system32\DRIVERS\aswMonFlt.sys 94208 bytes (ALWIL Software, avast! File System Minifilter for Windows 2003/Vista)
0x9084E000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8ED10000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8F196000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x90886000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8FC7F000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8F1AD000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xAE0A4000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8ED78000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8ED64000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8F1C3000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x807E0000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8F1E1000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8FDAF000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8A59C000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8FD9E000 C:\Windows\System32\Drivers\funfrm.SYS 69632 bytes (-, -)
0x8F03D000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80486000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x807D0000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8F9E1000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x909C1000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80782000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8EBC3000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8ED8D000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0xAFEF4000 C:\Windows\system32\drivers\tvtumon.sys 65536 bytes (Lenovo, Windows Update Monitor Driver)
0x8A3E0000 C:\Windows\system32\DRIVERS\AcpiVpc.sys 61440 bytes (Lenovo Corporation, ACPI Virtual Power Controller Driver)
0x8EC86000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x908C8000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A55E000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8070D000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8ED55000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8A31E000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80729000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8EBD3000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x97880000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8EDF1000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)
0x8FD90000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8F17F000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x807C2000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x9089C000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8F9C4000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8FD83000 C:\Windows\System32\Drivers\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0x8A3EF000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80682000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x8EBEB000 C:\Windows\system32\DRIVERS\o2media.sys 49152 bytes (O2Micro , o2media)
0xAFEE8000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8F158000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8E5A5000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x908A9000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8F800000 C:\Windows\system32\DRIVERS\hidir.sys 45056 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
0x8EC45000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8EC3A000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8F174000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8ED27000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8ED05000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8A400000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E5B1000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8F1D7000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)
0x8071F000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x908B4000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x908BE000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x807B8000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8E800000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8FDEA000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x90844000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8EBE1000 C:\Windows\system32\DRIVERS\o2sd.sys 40960 bytes (O2Micro , O2Micro SD Reader Driver)
0xAFEDE000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8A5CE000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8F141000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8F138000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xAFF0C000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8F18D000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x97860000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8A315000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806D5000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x90909000 C:\Windows\system32\DRIVERS\aswFsBlk.sys 32768 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0x80792000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80497000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8A56D000 C:\Windows\system32\DRIVERS\EMSC.SYS 32768 bytes (Windows ® Codename Longhorn DDK provider, Embedded System Control)
0x8F9D1000 C:\Windows\system32\DRIVERS\enecirhid.sys 32768 bytes (ENE TECHNOLOGY INC., ENE CIR HID Driver)
0x8F9D9000 C:\Windows\system32\DRIVERS\enecirhidma.sys 32768 bytes (ENE TECHNOLOGY INC., ENE CIR HID Mapper Driver)
0x8F9F8000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806DE000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8F164000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8F16C000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A556000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xAFF04000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8F151000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8F9F1000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8040F000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8F14A000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8A30E000 C:\Windows\system32\DRIVERS\Wdkbdmou.sys 28672 bytes
0x8ED9D000 C:\Windows\system32\DRIVERS\WDMirror.sys 28672 bytes (Windows ® Codename Longhorn DDK provider, WDMirror Miniport Driver)
0x8EC68000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8FDE4000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8FC49000 C:\Windows\System32\Drivers\aswRdr.SYS 16384 bytes (ALWIL Software, avast! TDI RDR Driver)
0x8EBF7000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xAE1D7000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8071C000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8EDC5000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8EC38000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

***

Edited by thefeintinggoat, 23 September 2010 - 11:04 PM.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:21 PM

Posted 24 September 2010 - 05:09 AM

Hello again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 thefeintinggoat

thefeintinggoat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 24 September 2010 - 11:08 AM

Here is the combofix log. Noticed that after the scan completed, I was missing most of my toolbar icons and my dock program wasn't running: is this something to be concerned about? NOTE: This appears to be fixed upon restart, no other complications have been noticed thus far.

ComboFix 10-09-23.01 - Laura Warden 09/24/2010 11:52:16.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3032.1809 [GMT -4:00]
Running from: c:\users\Laura Warden\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Laura Warden\AppData\Local\{48607020-D327-4808-A174-B13B8F94604F}
c:\users\Laura Warden\AppData\Local\{48607020-D327-4808-A174-B13B8F94604F}\chrome.manifest
c:\users\Laura Warden\AppData\Local\{48607020-D327-4808-A174-B13B8F94604F}\chrome\content\_cfg.js
c:\users\Laura Warden\AppData\Local\{48607020-D327-4808-A174-B13B8F94604F}\chrome\content\overlay.xul
c:\users\Laura Warden\AppData\Local\{48607020-D327-4808-A174-B13B8F94604F}\install.rdf
c:\windows\s.bat
c:\windows\system32\sda
c:\windows\system32\sda\SDPA7120.dll

----- BITS: Possible infected sites -----

hxxp://dibs.ddni.net
.
((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
.

2010-09-24 15:59 . 2010-09-24 15:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-22 23:57 . 2010-09-22 23:57 -------- d-----w- c:\users\Laura Warden\AppData\Roaming\AccurateRip
2010-09-22 23:57 . 2010-09-23 00:10 -------- d-----w- c:\program files\Exact Audio Copy
2010-09-22 23:46 . 2010-09-22 23:46 -------- d-----w- c:\program files\FLAC
2010-09-15 14:09 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 14:09 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 14:09 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 14:09 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-12 23:07 . 2010-09-12 23:07 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-12 23:07 . 2010-09-12 22:57 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
2010-09-12 23:07 . 2010-09-12 23:07 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-09-12 23:07 . 2010-09-12 23:07 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-09-12 23:06 . 2010-09-12 23:06 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-09-12 23:06 . 2010-09-12 23:06 84063 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-09-12 23:06 . 2010-09-12 23:06 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-09-12 23:06 . 2010-09-12 23:06 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-09-12 22:57 . 2010-09-12 22:57 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-05 21:19 . 2010-09-05 21:19 -------- d-----w- c:\program files\iPod
2010-09-05 21:19 . 2010-09-05 21:20 -------- d-----w- c:\program files\iTunes
2010-09-05 21:11 . 2010-09-05 21:11 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-05 19:12 . 2010-09-05 19:12 93056 ----a-w- C:\fgliiaob.sys
2010-09-04 23:30 . 2010-09-04 23:30 63488 ----a-w- c:\users\Laura Warden\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-04 23:30 . 2010-09-04 23:30 52224 ----a-w- c:\users\Laura Warden\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-04 23:30 . 2010-09-04 23:30 117760 ----a-w- c:\users\Laura Warden\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-04 23:29 . 2010-09-04 23:29 -------- d-----w- c:\users\Laura Warden\AppData\Roaming\SUPERAntiSpyware.com
2010-09-04 23:29 . 2010-09-04 23:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-04 23:28 . 2010-09-04 23:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-04 23:19 . 2010-09-04 23:19 388096 ----a-r- c:\users\Laura Warden\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-04 23:19 . 2010-09-04 23:19 -------- d-----w- c:\program files\Trend Micro
2010-09-04 23:17 . 2010-09-04 23:17 -------- d-----w- c:\programdata\Comodo Downloader
2010-08-31 16:11 . 2010-08-31 16:11 3401880 ----a-w- c:\users\Laura Warden\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 15:55 . 2010-08-31 15:55 275096 ----a-w- c:\users\Laura Warden\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-08-31 15:39 . 2010-08-31 15:39 3734536 ----a-w- c:\users\Laura Warden\AppData\Roaming\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 16:28 . 2009-06-25 04:56 1356 ----a-w- c:\users\Laura Warden\AppData\Local\d3d9caps.dat
2010-09-23 00:41 . 2009-06-13 18:02 1 ----a-w- c:\users\Laura Warden\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-22 23:43 . 2009-06-16 15:23 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-09-22 23:43 . 2009-01-15 03:24 -------- d-----w- c:\program files\Broadcom
2010-09-13 01:32 . 2010-08-19 02:05 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-12 23:07 . 2010-08-19 02:02 -------- d-----w- c:\program files\DivX
2010-09-12 23:07 . 2010-08-19 02:02 -------- d-----w- c:\programdata\DivX
2010-09-12 23:06 . 2010-08-24 22:13 -------- d-----w- c:\users\Laura Warden\AppData\Roaming\DivX
2010-09-12 22:57 . 2010-08-19 02:04 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-09-12 22:57 . 2010-08-19 02:04 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-09-05 21:19 . 2010-04-21 05:03 -------- d-----w- c:\program files\Common Files\Apple
2010-09-04 14:30 . 2010-05-26 18:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-02 15:26 . 2009-06-16 15:24 -------- d-----w- c:\program files\Digsby
2010-08-21 19:48 . 2010-08-21 19:48 120 ----a-w- c:\users\Laura Warden\AppData\Local\Wliwohidozotuqo.dat
2010-08-21 19:48 . 2010-08-21 19:48 0 ----a-w- c:\users\Laura Warden\AppData\Local\Xmikimoxi.bin
2010-08-20 00:52 . 2009-10-04 01:57 -------- d-----w- c:\users\Laura Warden\AppData\Roaming\HpUpdate
2010-08-18 14:37 . 2010-04-21 05:10 -------- d-----w- c:\program files\QuickTime
2010-08-18 14:25 . 2010-08-18 14:25 -------- d-----w- c:\program files\Bonjour
2010-07-30 21:42 . 2010-07-30 21:42 -------- d-----w- c:\program files\Artensoft Photo Mosaic Wizard
2010-07-01 14:59 . 2010-03-07 21:31 439816 ----a-w- c:\users\Laura Warden\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-06-29 15:47 . 2010-08-12 14:35 834048 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-12 14:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-27 16:32 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-25 23:38 . 2010-03-25 23:38 27533 ----a-w- c:\program files\Uninstal.log
2009-01-15 02:28 . 2009-01-15 02:28 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2009-01-15 16:23 241752 ----a-w- c:\windows\System32\IcnOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Google Update"="c:\users\Laura Warden\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-06-16 133104]
"F.lux"="c:\users\Laura Warden\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"ReadyComm"="c:\program files\Lenovo\ReadyComm\ReadyComm.exe" [2007-05-12 421888]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-15 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-15 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-15 154136]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2008-08-26 5289888]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-07-31 8851456]
"TmlCMode"="c:\program files\Compal\TmlCMode\TmlCMode.exe" [2009-01-15 348160]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2008-06-19 284096]
"VeriFaceManager"="c:\program files\Lenovo\VeriFaceIII\PManage.exe" [2009-01-15 2916352]
"IdeaNotesUser"="c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe" [2009-08-24 221872]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

c:\users\Laura Warden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 19:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-08-25 18:03 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-09 14:27 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2008-01-21 21504]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-01-10 81192]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2007-10-26 17192]
S0 Wdkbdmou;Lenovo RMCT KbdMou Service;c:\windows\system32\DRIVERS\Wdkbdmou.sys [2008-05-21 8832]
S1 aswSP;avast! Self Protection; [x]
S1 funfrm;funfrm; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 DDNIMSGService;DDNIMSGService;c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2009-08-24 172720]
S2 DDNIService;DDNIService;c:\program files\DDNI\DIBS\DDNIService.exe [2009-09-11 160432]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2008-02-14 32768]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2008-01-21 21504]
S2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [2008-04-24 430080]
S2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2007-11-24 47680]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2008-01-02 18448]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-25 183808]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-29 54784]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2008-04-29 11264]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-25 5632]
S3 IncSvc;ReadyComm Network Monitor and Configuration;c:\windows\System32\IgrsSvcs.exe [2008-01-21 21504]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-07-15 112128]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-05-13 51288]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]
S3 vm331avs;Lenovo EasyCamera;c:\windows\system32\Drivers\vm331avs.sys [2008-09-11 973568]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2008-05-21 8832]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter IncSvc PS_MDP
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-24 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 23:54]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-188890621-3632296348-2597848923-1004Core.job
- c:\users\Laura Warden\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-16 15:08]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-188890621-3632296348-2597848923-1004UA.job
- c:\users\Laura Warden\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-16 15:08]

2010-09-24 c:\windows\Tasks\User_Feed_Synchronization-{410DD110-3D31-4442-AE50-3AD2D8F902EE}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]

2010-09-24 c:\windows\Tasks\User_Feed_Synchronization-{EB5DCDB7-90EE-4FBC-99F3-4DE963CE0FD9}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.blackle.com/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Laura Warden\AppData\Roaming\Mozilla\Firefox\Profiles\k5cdox4z.default\
FF - prefs.js: browser.startup.homepage - www.blackle.com
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - plugin: c:\users\Laura Warden\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Laura Warden\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Laura Warden\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\Laura Warden\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Laura Warden\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKLM-Run-Unattend0000000001{70EB91E7-FAAB-44A4-BA19-C0A45B228BC0} - c:\windows\test.bat
AddRemove-Wubi - f:\ubuntu\uninstall-wubi.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 12:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-24 12:02:38
ComboFix-quarantined-files.txt 2010-09-24 16:02

Pre-Run: 176,789,475,328 bytes free
Post-Run: 176,567,152,640 bytes free

- - End Of File - - C03E178130149EE8EFBEB135549BA389

Edited by thefeintinggoat, 24 September 2010 - 11:21 AM.


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:21 PM

Posted 24 September 2010 - 11:38 AM

Hello again, please let me know how things are running now and if you have any problems left.

UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 thefeintinggoat

thefeintinggoat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 24 September 2010 - 09:51 PM

Status of the problem: haven't gotten any redirects all day, trying various different search terms. So, it seems resolved, with no ill effects.
Updated Java, and MBAM; MBAM scan didn't find anything. Here is log if you need it regardless.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4687

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

9/24/2010 10:43:52 PM
mbam-log-2010-09-24 (22-43-52).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 270055
Time elapsed: 1 hour(s), 32 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:21 PM

Posted 25 September 2010 - 11:33 AM

Looks great, lets do one last scan before calling it clean. smile.gif

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 thefeintinggoat

thefeintinggoat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 25 September 2010 - 05:54 PM

ESET scan found nothing. 0 infected files, 0 cleaned files.
Can we pronounce her clean as of now?

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:21 PM

Posted 26 September 2010 - 01:55 AM

Yes, we can. smile.gif

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean smile.gif

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS, GMER (this is a random named file) and OTL.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 thefeintinggoat

thefeintinggoat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 29 September 2010 - 12:54 PM

Seems to be working just fine; please close the topic.

Thanks again for all your help!

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:21 PM

Posted 29 September 2010 - 01:19 PM

You're welcome. smile.gif

This topic will now be closed. If you need it reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users