Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with goingonearth, keeps redirecting


  • This topic is locked This topic is locked
8 replies to this topic

#1 purple lace

purple lace

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 13 May 2011 - 03:13 PM

I keep getting redirected to different websites. It starts with the www.goingonearth.com... then gets redirected. I have ran several scans already yet I could not get rid of it. Here is the DDS log:

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Lourdes at 13:06:52.70 on 13/05/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.1788.343 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\TELUS\TELUS security services\Fws.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\TELUS\TELUS security services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\TELUS\TELUS security services\RpsSecurityAwareR.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\TELUS\TELUS security advisor\ServicepointService.exe
C:\Windows\System32\svchost.exe -k bdx
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TELUS\TELUS security services\rps.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TELUS\TELUS security advisor\TsaComHandler.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\TELUS\TELUS security advisor\Tsa.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskhost.exe
C:\Users\Lourdes\Desktop\hostman\hm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lourdes\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Presario&pf=cnnb
mStart Page = about:blank
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRunOnce: [IndexCleaner] "C:\Program Files (x86)\TELUS\TELUS security services\IdxClnR.exe"
mRun: [Tsa.exe] "C:\Program Files (x86)\TELUS\TELUS security advisor\Tsa.exe" /AUTORUN
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lourdes\AppData\Roaming\Mozilla\Firefox\Profiles\qhr80srp.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TELUS\TELUS security advisor\nprpspa.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-5-3 600920]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-5-3 287576]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2011-4-30 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-7-2 203264]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-5-3 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-5-3 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-5-12 42184]
R2 Radialpoint Security Services;TELUS security services;C:\Program Files (x86)\TELUS\TELUS security services\RpsSecurityAwareR.exe [2010-6-2 166944]
R2 RadialpointIDSAgent;RadialpointIDSAgent;C:\Program Files (x86)\TELUS\TELUS security services\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [2011-5-1 5832712]
R2 ServicepointService;ServicepointService;C:\Program Files (x86)\TELUS\TELUS security advisor\ServicepointService.exe [2011-5-1 689464]
R3 RadialpointIDSDriver;RadialpointIDSDriver;C:\Program Files (x86)\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2011-5-1 132616]
R3 RadialpointIDSFilter;RadialpointIDSFilter;C:\Program Files (x86)\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [2011-5-1 35848]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-30 215040]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-4-30 36408]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-5 1153368]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-25 228408]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2011-05-13 18:46:08 -------- d-----w- C:\Users\Lourdes\AppData\Roaming\abelhadigital.com
2011-05-13 18:38:56 -------- d-----w- C:\Program Files (x86)\ESET
2011-05-13 18:27:29 -------- d-----w- C:\Users\Lourdes\AppData\Roaming\Malwarebytes
2011-05-13 18:27:20 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-13 18:27:17 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-05-13 18:27:11 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-13 18:27:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-13 17:36:01 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2011-05-13 17:36:00 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2011-05-13 17:20:24 -------- d-----w- C:\PROGRA~3\PC Tools
2011-05-09 06:45:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-05-09 06:45:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-05-09 06:45:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-05-09 06:45:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-05-09 06:45:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-05-09 06:45:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-05-09 06:45:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-05-09 06:44:17 -------- d-----w- C:\Users\Lourdes\AppData\Local\Apple
2011-05-08 07:20:36 -------- d-----w- C:\Program Files (x86)\Browser Hijack Blaster
2011-05-07 00:13:23 -------- d-----w- C:\Users\Lourdes\AppData\Local\Diagnostics
2011-05-06 01:51:48 -------- d-----w- C:\Users\Lourdes\AppData\Roaming\Rovio
2011-05-05 20:27:35 -------- d-----w- C:\Users\Lourdes\AppData\Roaming\HP Support Assistant
2011-05-05 17:28:45 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-05-05 17:28:45 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-05-05 16:43:18 77824 ----a-w- C:\Windows\SysWow64\EBAPI.dll
2011-05-05 16:43:18 65536 ----a-w- C:\Windows\SysWow64\EEBUtil.dll
2011-05-05 16:43:18 55808 ----a-w- C:\Windows\SysWow64\EEBSDKIF.dll
2011-05-05 16:43:18 135168 ----a-w- C:\Windows\SysWow64\EEBAPI.dll
2011-05-05 16:43:18 110592 ----a-w- C:\Windows\SysWow64\EEBDSCVR.dll
2011-05-05 16:43:00 -------- d-----w- C:\Program Files\Common Files\EPSON
2011-05-05 16:32:32 -------- d-----w- C:\Program Files (x86)\EpsonNet
2011-05-05 16:32:07 558592 ----a-w- C:\Windows\System32\ensppmon.dll
2011-05-05 16:32:07 558592 ----a-w- C:\Windows\System32\enppmon.dll
2011-05-05 16:32:07 538112 ----a-w- C:\Windows\System32\ensppui.dll
2011-05-05 16:32:07 538112 ----a-w- C:\Windows\System32\enppui.dll
2011-05-05 16:32:07 250880 ----a-w- C:\Windows\System32\enspres.dll
2011-05-05 16:32:07 250880 ----a-w- C:\Windows\System32\enpres.dll
2011-05-05 16:32:07 -------- d-----w- C:\Program Files\EpsonNet
2011-05-05 16:31:54 -------- d-----w- C:\Program Files (x86)\Common Files\EPSON
2011-05-05 16:30:47 118784 ----a-w- C:\Windows\System32\E_ILMGCA.DLL
2011-05-05 16:30:46 88064 ----a-w- C:\Windows\System32\E_IBCBGCA.DLL
2011-05-05 16:30:30 -------- d-----w- C:\PROGRA~3\EPSON
2011-05-05 16:30:17 -------- d-----w- C:\Program Files (x86)\Epson Software
2011-05-05 16:29:51 128392 ----a-w- C:\Windows\System32\esdevapp.exe
2011-05-05 16:29:50 464384 ----a-w- C:\Windows\System32\esxw2ud.dll
2011-05-05 16:29:50 17408 ----a-w- C:\Windows\System32\esxcdev.dll
2011-05-05 16:29:48 -------- d-----w- C:\Program Files (x86)\epson
2011-05-04 03:51:05 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-05-04 03:51:01 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-05-04 03:50:02 40112 ----a-w- C:\Windows\avastSS.scr
2011-05-04 03:49:54 -------- d-----w- C:\Program Files\AVAST Software
2011-05-04 03:49:54 -------- d-----w- C:\PROGRA~3\AVAST Software
2011-05-02 04:37:18 -------- d-----w- C:\Windows\SysWow64\drivers\etc
2011-05-02 04:06:16 126976 --sha-r- C:\Windows\SysWow64\xwtpduil.dll
2011-05-02 04:05:35 -------- d-----w- C:\Users\Lourdes\AppData\Roaming\kompozer.net
2011-05-02 04:05:35 -------- d-----w- C:\Users\Lourdes\AppData\Local\kompozer.net
2011-05-02 04:05:26 -------- d-----w- C:\Program Files (x86)\KompoZer
2011-05-02 03:49:12 27144 ----a-w- C:\Windows\SysWow64\drivers\AVGIDSEH.sys
2011-05-02 03:49:08 -------- d-----w- C:\PROGRA~3\Media Get LLC
2011-05-02 03:48:39 340488 ----a-w- C:\Windows\System32\drivers\bdfsfltr.sys
2011-05-02 03:48:28 71456 ----a-w- C:\Windows\System32\drivers\rp_skt64.sys
2011-05-02 03:48:09 59136 ----a-w- C:\Windows\System32\drivers\rp_pkt64.sys
2011-05-02 03:47:48 -------- d-----w- C:\Program Files\Raxco
2011-05-02 03:46:59 -------- d-----w- C:\Users\Lourdes\AppData\Local\Babylon
2011-05-02 03:46:59 -------- d-----w- C:\PROGRA~3\Babylon
2011-05-02 03:46:58 -------- d-----w- C:\Users\Lourdes\AppData\Roaming\Babylon
2011-05-02 03:46:24 -------- d-----w- C:\Users\Lourdes\AppData\Local\MediaGet2
2011-05-02 03:45:30 -------- d-----w- C:\Users\Lourdes\AppData\Roaming\TELUS
2011-05-02 03:45:29 -------- d-----w- C:\PROGRA~3\Radialpoint
2011-05-02 03:45:18 -------- d-----w- C:\PROGRA~3\TELUS
2011-05-02 03:45:17 -------- d-----w- C:\Program Files (x86)\TELUS
2011-05-02 03:25:45 -------- d-----w- C:\PROGRA~3\dreamweaver
2011-05-01 05:11:11 -------- d-----w- C:\Users\Lourdes\AppData\Local\StickyNotes
2011-05-01 03:36:13 -------- d-----w- C:\Windows\pss
2011-05-01 03:04:55 -------- d-----w- C:\Program Files (x86)\PlotSoft
2011-05-01 02:09:49 87040 ----a-w- C:\Windows\System32\pdfcmnnt.dll
2011-05-01 02:09:49 662288 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX
2011-05-01 02:09:49 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX
2011-05-01 02:09:47 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
2011-05-01 02:09:47 -------- d-----w- C:\Program Files (x86)\PDFCreator
2011-05-01 01:44:25 -------- d-----w- C:\Users\Lourdes\AppData\Roaming\Foxit Software
2011-05-01 01:25:29 -------- d-----w- C:\Users\Lourdes\AppData\Local\Adobe
2011-05-01 01:23:11 -------- d-----w- C:\Program Files (x86)\Foxit Software
2011-05-01 01:16:42 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-05-01 01:16:03 -------- d-----w- C:\Users\Lourdes\AppData\Roaming\uTorrent
2011-05-01 00:55:46 -------- d-----w- C:\Users\Lourdes\AppData\Local\Syncplicity
2011-05-01 00:54:25 -------- d-----w- C:\Program Files\Syncplicity
2011-05-01 00:49:57 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-05-01 00:46:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-01 00:45:23 -------- d-----w- C:\Users\Lourdes\AppData\Roaming\HpUpdate
2011-05-01 00:40:20 -------- d-----w- C:\Users\Lourdes\AppData\Local\ATI
2011-05-01 00:39:34 -------- d-----w- C:\Users\Lourdes\AppData\Local\VirtualStore
2011-05-01 00:39:14 -------- d-----w- C:\Users\Lourdes\AppData\Roaming\hpqlog
2011-05-01 00:39:06 -------- d-----w- C:\Users\Lourdes\AppData\Local\Hewlett-Packard
2011-05-01 00:35:25 -------- d-----w- C:\Users\Lourdes\AppData\Roaming\HP TCS
2011-05-01 00:29:49 8802128 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{0D5169FC-9FE0-4F50-B10B-BA00579A0B06}\mpengine.dll
2011-05-01 00:29:49 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-01 00:23:19 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-05-01 00:23:19 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-05-01 00:23:12 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-05-01 00:22:26 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-05-01 00:21:59 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2011-05-01 00:21:15 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\aef930c51cc0795\DSETUP.dll
2011-05-01 00:21:15 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\aef930c51cc0795\DXSETUP.exe
2011-05-01 00:21:15 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\aef930c51cc0795\dsetup32.dll
2011-05-01 00:20:38 140066664 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcE09E.tmp
2011-05-01 00:20:21 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-05-01 00:18:58 -------- d-----w- C:\Windows\ehome
2011-05-01 00:17:12 -------- d-----w- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2011-05-01 00:15:37 -------- d-----w- C:\Windows\PCHEALTH
2011-05-01 00:14:04 -------- d-----w- C:\Windows\SHELLNEW
2011-05-01 00:13:51 -------- d-----w- C:\Users\Lourdes\AppData\Local\Microsoft Help
2011-05-01 00:01:44 -------- d-----w- C:\PROGRA~3\Recovery
2011-04-30 23:41:35 -------- d-----w- C:\Program Files (x86)\muvee Technologies
2011-04-30 23:41:27 -------- d-----w- C:\Program Files (x86)\Common Files\muvee Technologies
2011-04-30 23:33:21 -------- d-----w- C:\Windows\Hewlett-Packard
2011-04-30 23:31:56 -------- d-----w- C:\Program Files\IDT
2011-04-30 23:31:29 1484800 ----a-w- C:\Windows\System32\drivers\athrx.sys
2011-04-30 23:31:29 -------- d-----w- C:\Program Files (x86)\Atheros
2011-04-30 23:31:24 -------- d-----w- C:\PROGRA~3\Atheros
2011-04-30 23:30:46 67584 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-04-30 23:30:46 215040 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-04-30 23:30:31 36408 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2011-04-30 23:30:31 -------- d-----w- C:\Program Files (x86)\AMD
2011-04-30 23:30:18 7347200 ----a-w- C:\Windows\System32\RTSUSTORicon.dll
2011-04-30 23:30:11 -------- d-----w- C:\Program Files (x86)\Realtek
2011-04-30 23:29:57 -------- d-----w- C:\Program Files\Synaptics
2011-04-30 23:27:49 -------- d-----w- C:\Program Files\ATI
2011-04-30 23:27:46 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-04-30 07:00:48 -------- d-----w- C:\My Web Sites
.
==================== Find3M ====================
.
.
============= FINISH: 13:08:59.96 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:50 AM

Posted 16 May 2011 - 06:14 AM

Hi purple lace, and welcome to Bleeping Computer.

Firstly,
  • Please launch Malwarebytes' Anti-Malware, click the Update tab, and then Check for Updates.
  • Then choose the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Secondly,
Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 purple lace

purple lace
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 16 May 2011 - 12:10 PM

Thanks for the quick reply.

Here is the log for Malware bytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6591

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16/05/2011 9:45:37 AM
mbam-log-2011-05-16 (09-45-37).txt

Scan type: Quick scan
Objects scanned: 156522
Time elapsed: 2 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logs for the OTL:

OTL logfile created on: 5/16/2011 9:52:59 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Lourdes\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.09 Gb Total Space | 179.97 Gb Free Space | 82.15% Space Free | Partition Type: NTFS
Drive D: | 13.50 Gb Total Space | 2.21 Gb Free Space | 16.39% Space Free | Partition Type: NTFS

Computer Name: LOURDES-PC | User Name: Lourdes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/16 09:50:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lourdes\Downloads\OTL(1).exe
PRC - [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/12/15 18:20:28 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\TELUS\TELUS security advisor\ServicepointService.exe
PRC - [2010/12/15 18:20:22 | 004,318,520 | ---- | M] (TELUS) -- C:\Program Files (x86)\TELUS\TELUS security advisor\Tsa.exe
PRC - [2010/06/02 18:04:48 | 000,382,208 | ---- | M] (TELUS) -- C:\Program Files (x86)\TELUS\TELUS security services\Fws.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/11/02 16:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\TELUS\TELUS security services\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/05/16 09:50:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lourdes\Downloads\OTL(1).exe
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/21 18:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/02 11:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/08 12:32:58 | 001,481,992 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV:64bit: - [2009/06/08 12:32:56 | 001,487,624 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV:64bit: - [2009/03/02 14:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2011/05/05 09:49:35 | 000,395,264 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Running] -- C:\Program Files (x86)\TELUS\TELUS security services\BitDefender\scan.dll -- (scan)
SRV - [2010/12/15 18:20:28 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files (x86)\TELUS\TELUS security advisor\ServicepointService.exe -- (ServicepointService)
SRV - [2010/06/02 18:05:48 | 000,166,944 | ---- | M] (TELUS) [Auto | Stopped] -- C:\Program Files (x86)\TELUS\TELUS security services\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2010/06/02 18:04:48 | 000,382,208 | ---- | M] (TELUS) [Auto | Running] -- C:\Program Files (x86)\TELUS\TELUS security services\Fws.exe -- (RP_FWS)
SRV - [2009/11/02 16:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\TELUS\TELUS security services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 11:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 04:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/05/01 20:48:28 | 000,071,456 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rp_skt64.sys -- (RPSKT) Security Services Driver (x64)
DRV:64bit: - [2011/05/01 20:48:06 | 000,059,136 | ---- | M] (Radialpoint, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rp_pkt64.sys -- (RPPKT) Radialpoint Filter (x64)
DRV:64bit: - [2009/10/23 14:26:10 | 000,340,488 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2009/07/21 18:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/14 16:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 17:49:16 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/02 11:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 23:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/04 22:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/03/09 06:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/11/02 16:27:00 | 000,132,616 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys -- (RadialpointIDSDriver)
DRV - [2009/11/02 16:27:00 | 000,035,848 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys -- (RadialpointIDSFilter)
DRV - [2009/11/02 16:27:00 | 000,027,144 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\AVGIDSEH.sys -- (RadialpointIDSEH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Presario&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/25 18:16:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/12 20:59:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/08 23:45:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/04/30 17:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lourdes\AppData\Roaming\Mozilla\Extensions
[2011/04/30 00:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lourdes\AppData\Roaming\Mozilla\Firefox\Profiles\bxutd0qe.default\extensions
[2011/04/30 00:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lourdes\AppData\Roaming\Mozilla\Firefox\Profiles\bxutd0qe.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/04/30 00:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lourdes\AppData\Roaming\Mozilla\Firefox\Profiles\bxutd0qe.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/04/30 00:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lourdes\AppData\Roaming\Mozilla\Firefox\Profiles\bxutd0qe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/04/30 00:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lourdes\AppData\Roaming\Mozilla\Firefox\Profiles\bxutd0qe.default\extensions\toolbar@ask.com
[2011/05/13 11:55:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lourdes\AppData\Roaming\Mozilla\Firefox\Profiles\qhr80srp.default\extensions
[2011/05/02 08:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/05/01 20:46:59 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/08 00:33:58 | 000,433,994 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14934 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Tsa.exe] C:\Program Files (x86)\TELUS\TELUS security advisor\Tsa.exe (TELUS)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/05/13 15:52:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/13 15:52:03 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/05/13 15:51:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/13 13:23:05 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Local\ElevatedDiagnostics
[2011/05/13 11:46:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\HostsMan Backups
[2011/05/13 11:46:08 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\abelhadigital.com
[2011/05/13 11:45:50 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Desktop\hostman
[2011/05/13 11:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/05/13 11:27:29 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\Malwarebytes
[2011/05/13 11:27:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/13 11:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/13 11:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/13 11:27:11 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/13 11:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/13 10:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/05/08 23:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/05/08 23:45:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/05/08 23:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/05/08 23:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/05/08 23:44:17 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Local\Apple
[2011/05/08 23:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/05/08 23:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/05/08 00:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Hijack Blaster
[2011/05/08 00:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browser Hijack Blaster
[2011/05/06 17:13:23 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Local\Diagnostics
[2011/05/05 20:03:57 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\Epson
[2011/05/05 18:51:48 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\Rovio
[2011/05/05 18:50:31 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\angrybirds
[2011/05/05 13:27:35 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\HP Support Assistant
[2011/05/05 10:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/05 10:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/05/05 10:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/05/05 10:10:36 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\Leadertech
[2011/05/05 09:43:18 | 000,135,168 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBAPI.dll
[2011/05/05 09:43:18 | 000,110,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBDSCVR.dll
[2011/05/05 09:43:18 | 000,077,824 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EBAPI.dll
[2011/05/05 09:43:18 | 000,065,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBUtil.dll
[2011/05/05 09:43:18 | 000,055,808 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBSDKIF.dll
[2011/05/05 09:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2011/05/05 09:32:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
[2011/05/05 09:32:07 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppmon.dll
[2011/05/05 09:32:07 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppmon.dll
[2011/05/05 09:32:07 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppui.dll
[2011/05/05 09:32:07 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppui.dll
[2011/05/05 09:32:07 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enspres.dll
[2011/05/05 09:32:07 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enpres.dll
[2011/05/05 09:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2011/05/05 09:32:04 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\InstallShield
[2011/05/05 09:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2011/05/05 09:30:47 | 000,118,784 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMGCA.DLL
[2011/05/05 09:30:46 | 000,088,064 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBGCA.DLL
[2011/05/05 09:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2011/05/05 09:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2011/05/05 09:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2011/05/05 09:29:51 | 000,128,392 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe
[2011/05/05 09:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2011/05/05 09:29:50 | 000,464,384 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll
[2011/05/05 09:29:50 | 000,017,408 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcdev.dll
[2011/05/05 09:29:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2011/05/03 20:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/05/03 20:51:15 | 000,287,576 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/05/03 20:51:15 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/05/03 20:51:07 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/05/03 20:51:06 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/05/03 20:51:05 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/05/03 20:51:01 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/05/03 20:51:01 | 000,064,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/05/03 20:50:02 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/05/03 20:50:02 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/03 20:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/03 20:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/01 21:37:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\etc
[2011/05/01 21:05:35 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\kompozer.net
[2011/05/01 21:05:35 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Local\kompozer.net
[2011/05/01 21:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KompoZer
[2011/05/01 21:05:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KompoZer
[2011/05/01 21:04:41 | 006,785,285 | ---- | C] (KompoZer ) -- C:\Users\Lourdes\Desktop\kompozer-0.8b3.en-US.win32.exe
[2011/05/01 20:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TELUS security advisor
[2011/05/01 20:49:12 | 000,027,144 | ---- | C] (AVG Technologies ) -- C:\Windows\SysWow64\drivers\AVGIDSEH.sys
[2011/05/01 20:49:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Get LLC
[2011/05/01 20:48:39 | 000,340,488 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\SysNative\drivers\bdfsfltr.sys
[2011/05/01 20:48:28 | 000,071,456 | ---- | C] (Radialpoint Inc.) -- C:\Windows\SysNative\drivers\rp_skt64.sys
[2011/05/01 20:48:09 | 000,059,136 | ---- | C] (Radialpoint, Inc.) -- C:\Windows\SysNative\drivers\rp_pkt64.sys
[2011/05/01 20:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco
[2011/05/01 20:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco
[2011/05/01 20:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TELUS security services
[2011/05/01 20:47:03 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\Portable_Macromedia_Dreamweaver_8
[2011/05/01 20:46:59 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Local\Babylon
[2011/05/01 20:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011/05/01 20:46:58 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\Babylon
[2011/05/01 20:46:24 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Local\MediaGet2
[2011/05/01 20:45:30 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\TELUS
[2011/05/01 20:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Radialpoint
[2011/05/01 20:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TELUS
[2011/05/01 20:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TELUS
[2011/05/01 20:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\dreamweaver
[2011/05/01 19:57:32 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\WinRAR
[2011/05/01 19:57:32 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/01 19:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/01 19:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/04/30 22:11:11 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Local\StickyNotes
[2011/04/30 22:10:34 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\StickyNotes
[2011/04/30 21:08:49 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\New folder (3)
[2011/04/30 20:36:13 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/04/30 20:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PlotSoft
[2011/04/30 19:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2011/04/30 19:09:49 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2011/04/30 19:09:49 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2011/04/30 19:09:47 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2011/04/30 19:09:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2011/04/30 19:03:39 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\Template
[2011/04/30 18:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011/04/30 18:44:25 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\Foxit Software
[2011/04/30 18:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2011/04/30 18:25:29 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Local\Adobe
[2011/04/30 18:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2011/04/30 18:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Editor
[2011/04/30 18:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011/04/30 18:16:03 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\uTorrent
[2011/04/30 18:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/04/30 18:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/04/30 17:55:46 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Local\Syncplicity
[2011/04/30 17:54:25 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Syncplicity
[2011/04/30 17:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\Syncplicity
[2011/04/30 17:50:46 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\Mozilla
[2011/04/30 17:50:46 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Local\Mozilla
[2011/04/30 17:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/04/30 17:49:57 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/04/30 17:49:57 | 000,189,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/04/30 17:49:57 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/04/30 17:49:57 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/04/30 17:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/04/30 17:47:08 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/04/30 17:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/04/30 17:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/04/30 17:46:37 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/04/30 17:46:37 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/04/30 17:46:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/04/30 17:46:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/04/30 17:45:23 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\HpUpdate
[2011/04/30 17:41:55 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\Macromedia
[2011/04/30 17:41:33 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\Adobe
[2011/04/30 17:40:20 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\ATI
[2011/04/30 17:40:20 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Local\ATI
[2011/04/30 17:40:18 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\Hewlett-Packard
[2011/04/30 17:39:49 | 000,000,000 | R--D | C] -- C:\Users\Lourdes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/04/30 17:39:49 | 000,000,000 | R--D | C] -- C:\Users\Lourdes\Searches
[2011/04/30 17:39:49 | 000,000,000 | R--D | C] -- C:\Users\Lourdes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/04/30 17:39:49 | 000,000,000 | -H-D | C] -- C:\Users\Lourdes\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/04/30 17:39:40 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\Identities
[2011/04/30 17:39:37 | 000,000,000 | R--D | C] -- C:\Users\Lourdes\Contacts
[2011/04/30 17:39:34 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Local\VirtualStore
[2011/04/30 17:39:14 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\hpqlog
[2011/04/30 17:39:06 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Local\Hewlett-Packard
[2011/04/30 17:35:25 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\HP TCS
[2011/04/30 17:23:19 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011/04/30 17:23:19 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011/04/30 17:23:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/04/30 17:22:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2011/04/30 17:22:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/04/30 17:21:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2011/04/30 17:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/04/30 17:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/04/30 17:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/04/30 17:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2011/04/30 17:18:58 | 000,000,000 | ---D | C] -- C:\Windows\ehome
[2011/04/30 17:17:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/04/30 17:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
[2011/04/30 17:16:42 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/04/30 17:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2011/04/30 17:15:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/04/30 17:15:37 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/04/30 17:15:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/04/30 17:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/04/30 17:14:04 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2011/04/30 17:13:51 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Local\Microsoft Help
[2011/04/30 17:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/04/30 17:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/04/30 17:12:48 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/04/30 17:11:05 | 000,000,000 | -HSD | C] -- C:\Users\Lourdes\AppData\Local\Temporary Internet Files
[2011/04/30 17:11:05 | 000,000,000 | -HSD | C] -- C:\Users\Lourdes\Templates
[2011/04/30 17:11:05 | 000,000,000 | -HSD | C] -- C:\Users\Lourdes\Start Menu
[2011/04/30 17:11:05 | 000,000,000 | -HSD | C] -- C:\Users\Lourdes\SendTo
[2011/04/30 17:11:05 | 000,000,000 | -HSD | C] -- C:\Users\Lourdes\Recent
[2011/04/30 17:11:05 | 000,000,000 | -HSD | C] -- C:\Users\Lourdes\PrintHood
[2011/04/30 17:11:05 | 000,000,000 | -HSD | C] -- C:\Users\Lourdes\NetHood
[2011/04/30 17:11:05 | 000,000,000 | -HSD | C] -- C:\Users\Lourdes\Documents\My Videos
[2011/04/30 17:11:05 | 000,000,000 | -HSD | C] -- C:\Users\Lourdes\Documents\My Pictures
[2011/04/30 17:11:05 | 000,000,000 | -HSD | C] -- C:\Users\Lourdes\Documents\My Music
[2011/04/30 17:11:05 | 000,000,000 | -HSD | C] -- C:\Users\Lourdes\My Documents
[2011/04/30 17:11:05 | 000,000,000 | -HSD | C] -- C:\Users\Lourdes\Local Settings
[2011/04/30 17:11:05 | 000,000,000 | -HSD | C] -- C:\Users\Lourdes\AppData\Local\History
[2011/04/30 17:11:05 | 000,000,000 | -HSD | C] -- C:\Users\Lourdes\Cookies
[2011/04/30 17:11:05 | 000,000,000 | -HSD | C] -- C:\Users\Lourdes\Application Data
[2011/04/30 17:11:05 | 000,000,000 | -HSD | C] -- C:\Users\Lourdes\AppData\Local\Application Data
[2011/04/30 17:11:04 | 000,000,000 | --SD | C] -- C:\Users\Lourdes\AppData\Roaming\Microsoft
[2011/04/30 17:11:04 | 000,000,000 | R--D | C] -- C:\Users\Lourdes\Videos
[2011/04/30 17:11:04 | 000,000,000 | R--D | C] -- C:\Users\Lourdes\Saved Games
[2011/04/30 17:11:04 | 000,000,000 | R--D | C] -- C:\Users\Lourdes\Pictures
[2011/04/30 17:11:04 | 000,000,000 | R--D | C] -- C:\Users\Lourdes\Music
[2011/04/30 17:11:04 | 000,000,000 | R--D | C] -- C:\Users\Lourdes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/04/30 17:11:04 | 000,000,000 | R--D | C] -- C:\Users\Lourdes\Links
[2011/04/30 17:11:04 | 000,000,000 | R--D | C] -- C:\Users\Lourdes\Favorites
[2011/04/30 17:11:04 | 000,000,000 | R--D | C] -- C:\Users\Lourdes\Downloads
[2011/04/30 17:11:04 | 000,000,000 | R--D | C] -- C:\Users\Lourdes\My Documents
[2011/04/30 17:11:04 | 000,000,000 | R--D | C] -- C:\Users\Lourdes\Desktop
[2011/04/30 17:11:04 | 000,000,000 | R--D | C] -- C:\Users\Lourdes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/04/30 17:11:04 | 000,000,000 | -H-D | C] -- C:\Users\Lourdes\AppData
[2011/04/30 17:11:04 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Local\Temp
[2011/04/30 17:11:04 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager
[2011/04/30 17:11:04 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Local\Microsoft
[2011/04/30 17:11:04 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\Media Center Programs
[2011/04/30 17:11:04 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[2011/04/30 17:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2011/04/30 17:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/04/30 16:41:39 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\muvee
[2011/04/30 16:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\muvee Technologies
[2011/04/30 16:41:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\muvee Technologies
[2011/04/30 16:37:29 | 001,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll
[2011/04/30 16:37:29 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4r.dll
[2011/04/30 16:37:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll
[2011/04/30 16:37:10 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.dll
[2011/04/30 16:37:10 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71u.dll
[2011/04/30 16:37:10 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2011/04/30 16:37:10 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2011/04/30 16:37:10 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl71.dll
[2011/04/30 16:36:52 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2011/04/30 16:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2011/04/30 16:33:21 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2011/04/30 16:32:47 | 000,436,224 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTEC64.dll
[2011/04/30 16:32:47 | 000,160,768 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAC64.dll
[2011/04/30 16:32:47 | 000,068,608 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAR64.dll
[2011/04/30 16:32:45 | 012,158,464 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idtcpl64.cpl
[2011/04/30 16:32:45 | 003,593,216 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll
[2011/04/30 16:32:45 | 000,564,224 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idt64mp1.exe
[2011/04/30 16:32:45 | 000,450,048 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray64.exe
[2011/04/30 16:32:45 | 000,090,624 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTCo64.dll
[2011/04/30 16:32:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2011/04/30 16:32:02 | 001,431,552 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2011/04/30 16:32:02 | 000,487,936 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2011/04/30 16:32:02 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2011/04/30 16:32:02 | 000,209,920 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll
[2011/04/30 16:32:01 | 000,604,672 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2011/04/30 16:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011/04/30 16:31:29 | 001,484,800 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2011/04/30 16:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
[2011/04/30 16:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2011/04/30 16:30:46 | 000,215,040 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2011/04/30 16:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/04/30 16:30:31 | 000,036,408 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\usbfilter.sys
[2011/04/30 16:30:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/04/30 16:30:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2011/04/30 16:30:18 | 007,347,200 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSUSTORicon.dll
[2011/04/30 16:30:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011/04/30 16:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/04/30 16:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/04/30 16:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/04/30 16:27:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/04/30 16:24:47 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/04/30 16:22:24 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/04/30 00:29:07 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\Youcam
[2011/04/30 00:29:07 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\western union receipts
[2011/04/30 00:29:06 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\Vuze Downloads
[2011/04/30 00:27:38 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\The Diet Solution
[2011/04/30 00:27:38 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\Templates for EQ_TU
[2011/04/30 00:27:38 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\telus pay
[2011/04/30 00:27:37 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\telus
[2011/04/30 00:27:37 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\Syncplicity Folders
[2011/04/30 00:26:31 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\Sponship Application
[2011/04/30 00:26:30 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\Simply
[2011/04/30 00:26:30 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\similla
[2011/04/30 00:26:29 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\school certificates
[2011/04/30 00:26:29 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\scans for sponsorship
[2011/04/30 00:26:29 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\Scanned Documents
[2011/04/30 00:26:28 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\resume
[2011/04/30 00:26:28 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\Remote Assistance Logs
[2011/04/30 00:26:27 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\prenup
[2011/04/30 00:26:19 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\Photoshop_CS2_tryout
[2011/04/30 00:26:15 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\phone
[2011/04/30 00:25:40 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\pendrive
[2011/04/30 00:25:39 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\pearls for ebay
[2011/04/30 00:25:18 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\pearls
[2011/04/30 00:25:18 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\paypal
[2011/04/30 00:25:11 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\new photos of pearls
[2011/04/30 00:25:08 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\New MTM Collection1
[2011/04/30 00:25:08 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\New folder (2)
[2011/04/30 00:25:02 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\New folder
[2011/04/30 00:24:35 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\FOLDER2
[2011/04/30 00:24:05 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\My Stationery
[2011/04/30 00:24:05 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\My Smilebox Creations
[2011/04/30 00:23:59 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\My Scans
[2011/04/30 00:23:59 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\My Received Files
[2011/04/30 00:23:33 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\My Karaoke
[2011/04/30 00:23:33 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\My Digital Editions
[2011/04/30 00:23:27 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\mtm catalogue
[2011/04/30 00:23:25 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\MTM
[2011/04/30 00:23:25 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\msp payments
[2011/04/30 00:23:25 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\msp nov_files
[2011/04/30 00:23:25 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\MSP Dec_files
[2011/04/30 00:23:19 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\markham revisions
[2011/04/30 00:23:19 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\maps
[2011/04/30 00:23:19 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\lourdes
[2011/04/30 00:22:05 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\LKM working website
[2011/04/30 00:22:02 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\LKM
[2011/04/30 00:22:01 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\Lita LCP
[2011/04/30 00:22:00 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\kimono
[2011/04/30 00:20:29 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\karen
[2011/04/30 00:20:29 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\JustUsMaids
[2011/04/30 00:20:28 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\JUS
[2011/04/30 00:19:52 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\jum
[2011/04/30 00:19:52 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\jena thesis
[2011/04/30 00:19:52 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\jena
[2011/04/30 00:19:52 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\income tax
[2011/04/30 00:19:50 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\IACT
[2011/04/30 00:19:50 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\htc
[2011/04/30 00:18:49 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\hangers
[2011/04/30 00:18:49 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\Fax
[2011/04/30 00:18:48 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\Ebooks
[2011/04/30 00:18:47 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\Downloads
[2011/04/30 00:18:19 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\design ideas
[2011/04/30 00:18:18 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\David's Files
[2011/04/30 00:18:17 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\Credit repair
[2011/04/30 00:18:12 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\cleaning
[2011/04/30 00:18:12 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\Charts
[2011/04/30 00:18:05 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\business cards
[2011/04/30 00:16:16 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\Bryan_Adams
[2011/04/30 00:16:16 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\birth cert
[2011/04/30 00:16:16 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\baptismal cert
[2011/04/30 00:16:16 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\backup of HTC
[2011/04/30 00:16:13 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\application for permanent residency2
[2011/04/30 00:16:12 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\application for permanent residency
[2011/04/30 00:16:11 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\3 ebooks(STIEGLARSEN)
[2011/04/30 00:16:10 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Desktop\visa papers
[2011/04/30 00:16:10 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Documents\111
[2011/04/30 00:15:42 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Desktop\New folder (3)
[2011/04/30 00:15:34 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Desktop\New folder
[2011/04/30 00:15:01 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Desktop\Desktop
[2011/04/30 00:14:51 | 000,000,000 | ---D | C] -- C:\Users\Lourdes\Desktop\Macromedia
[2011/04/30 00:00:48 | 000,000,000 | ---D | C] -- C:\My Web Sites
[2008/11/11 19:38:44 | 000,086,474 | -HS- | C] (PortableAppZ.blogspot.com) -- C:\Users\Lourdes\AppData\Roaming\DreamweaverPortable.exe

========== Files - Modified Within 30 Days ==========

[2011/05/16 09:39:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/15 22:14:20 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/15 22:14:20 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/15 22:06:37 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\LXCISVCKC.job
[2011/05/15 22:06:21 | 1406,296,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/13 22:51:52 | 000,080,705 | ---- | M] () -- C:\Users\Lourdes\Desktop\audition- jena.pdf
[2011/05/13 12:37:23 | 000,625,664 | ---- | M] () -- C:\Users\Lourdes\Desktop\dds.scr
[2011/05/13 12:36:38 | 000,000,000 | ---- | M] () -- C:\Users\Lourdes\defogger_reenable
[2011/05/13 11:27:20 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 10:37:46 | 001,049,370 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/05/12 21:55:53 | 000,084,862 | ---- | M] () -- C:\Users\Lourdes\Desktop\GOES Registration-nexus.pdf
[2011/05/12 20:59:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/05/11 21:09:22 | 000,004,963 | ---- | M] () -- C:\Users\Lourdes\Desktop\enso.gif
[2011/05/10 05:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/10 05:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/05/10 05:10:44 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/05/10 05:04:08 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/05/10 05:04:07 | 000,287,576 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/05/10 05:02:41 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/05/10 04:59:59 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/05/10 04:59:48 | 000,064,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/05/10 04:59:37 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/05/08 23:09:23 | 000,101,166 | ---- | M] () -- C:\Users\Lourdes\Desktop\verseo2.pdf
[2011/05/08 00:33:58 | 000,433,994 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/05/08 00:27:07 | 000,000,037 | ---- | M] () -- C:\Windows\wininit.ini
[2011/05/05 19:36:11 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/05 19:36:11 | 000,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/05 19:36:11 | 000,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/05 19:29:46 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLourdes.job
[2011/05/05 19:10:56 | 000,004,521 | ---- | M] () -- C:\Users\Lourdes\Desktop\AngryBirds - Shortcut.lnk
[2011/05/05 18:22:49 | 000,630,983 | ---- | M] () -- C:\Users\Lourdes\Desktop\japanese.png
[2011/05/05 10:10:28 | 000,000,071 | ---- | M] () -- C:\Windows\ENX420.ini
[2011/05/05 09:29:51 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011/05/03 20:51:17 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/01 21:05:05 | 006,785,285 | ---- | M] (KompoZer ) -- C:\Users\Lourdes\Desktop\kompozer-0.8b3.en-US.win32.exe
[2011/05/01 20:48:28 | 000,071,456 | ---- | M] (Radialpoint Inc.) -- C:\Windows\SysNative\drivers\rp_skt64.sys
[2011/05/01 20:48:06 | 000,059,136 | ---- | M] (Radialpoint, Inc.) -- C:\Windows\SysNative\drivers\rp_pkt64.sys
[2011/05/01 20:18:15 | 000,101,091 | ---- | M] () -- C:\Users\Lourdes\Desktop\verseo order.pdf
[2011/04/30 20:37:43 | 000,352,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/30 19:09:52 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011/04/30 19:05:40 | 000,000,480 | ---- | M] () -- C:\Users\Lourdes\AppData\Roaming\wklnhst.dat
[2011/04/30 17:50:47 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/04/30 17:50:41 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/30 17:49:49 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/04/30 17:49:49 | 000,189,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/04/30 17:49:49 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/04/30 17:49:49 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/04/30 17:41:14 | 000,001,441 | ---- | M] () -- C:\Users\Lourdes\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/30 17:40:31 | 000,000,292 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/04/30 17:23:13 | 000,000,020 | ---- | M] () -- C:\Windows\´øb
[2011/04/30 17:12:00 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Presario CQ61 Notebook PC_Y5335KV_0U_QCNF945459T_E572195-121_4A_I363F_SQuanta_V42.14_F.07_T091010_WU3-0_L409_M1789_J250_7AMD_8F62_92.00_#110430_N168C002B;10EC8136_(VM363UA#ABC)_XMOBILE_CN10_Z.MRK
[2011/04/30 17:12:00 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Presario CQ61 Notebook PC_Y5335KV_0U_QCNF945459T_E572195-121_4A_I363F_SQuanta_V42.14_F.07_T091010_WU3-0_L409_M1789_J250_7AMD_8F62_92.00_#110430_N168C002B;10EC8136_(VM363UA#ABC)_XMOBILE_CN10_Z.MRK
[2011/04/30 17:08:02 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/04/30 17:08:02 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/04/30 16:30:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01007.Wdf
[2011/04/17 12:18:22 | 000,151,742 | ---- | M] () -- C:\Users\Lourdes\Desktop\RBC International Remittanc...pdf

========== Files Created - No Company Name ==========

[2011/05/13 22:51:50 | 000,080,705 | ---- | C] () -- C:\Users\Lourdes\Desktop\audition- jena.pdf
[2011/05/13 12:37:01 | 000,625,664 | ---- | C] () -- C:\Users\Lourdes\Desktop\dds.scr
[2011/05/13 12:36:38 | 000,000,000 | ---- | C] () -- C:\Users\Lourdes\defogger_reenable
[2011/05/13 11:27:20 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 10:37:14 | 001,049,370 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/05/12 21:55:51 | 000,084,862 | ---- | C] () -- C:\Users\Lourdes\Desktop\GOES Registration-nexus.pdf
[2011/05/11 21:09:06 | 000,004,963 | ---- | C] () -- C:\Users\Lourdes\Desktop\enso.gif
[2011/05/08 23:44:13 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/05/08 23:09:21 | 000,101,166 | ---- | C] () -- C:\Users\Lourdes\Desktop\verseo2.pdf
[2011/05/05 19:10:56 | 000,004,521 | ---- | C] () -- C:\Users\Lourdes\Desktop\AngryBirds - Shortcut.lnk
[2011/05/05 18:22:49 | 000,630,983 | ---- | C] () -- C:\Users\Lourdes\Desktop\japanese.png
[2011/05/05 13:59:04 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForLourdes.job
[2011/05/05 11:30:14 | 000,000,037 | ---- | C] () -- C:\Windows\wininit.ini
[2011/05/05 09:29:51 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011/05/05 09:27:56 | 000,000,071 | ---- | C] () -- C:\Windows\ENX420.ini
[2011/05/03 20:51:17 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/03 20:51:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/05/01 21:06:16 | 000,000,312 | -HS- | C] () -- C:\Windows\tasks\LXCISVCKC.job
[2011/05/01 20:18:12 | 000,101,091 | ---- | C] () -- C:\Users\Lourdes\Desktop\verseo order.pdf
[2011/04/30 19:09:52 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011/04/30 19:09:49 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll
[2011/04/30 19:03:37 | 000,000,480 | ---- | C] () -- C:\Users\Lourdes\AppData\Roaming\wklnhst.dat
[2011/04/30 17:50:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/04/30 17:50:41 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/30 17:50:41 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/30 17:41:14 | 000,001,441 | ---- | C] () -- C:\Users\Lourdes\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/30 17:40:01 | 000,001,413 | ---- | C] () -- C:\Users\Lourdes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/04/30 17:39:51 | 000,001,447 | ---- | C] () -- C:\Users\Lourdes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/04/30 17:35:19 | 000,002,196 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2011/04/30 17:23:12 | 000,000,020 | ---- | C] () -- C:\Windows\´øb
[2011/04/30 17:20:02 | 000,048,265 | ---- | C] () -- C:\Windows\HomePremium.xml
[2011/04/30 17:19:40 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/04/30 17:19:22 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/04/30 17:12:00 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Presario CQ61 Notebook PC_Y5335KV_0U_QCNF945459T_E572195-121_4A_I363F_SQuanta_V42.14_F.07_T091010_WU3-0_L409_M1789_J250_7AMD_8F62_92.00_#110430_N168C002B;10EC8136_(VM363UA#ABC)_XMOBILE_CN10_Z.MRK
[2011/04/30 17:12:00 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Presario CQ61 Notebook PC_Y5335KV_0U_QCNF945459T_E572195-121_4A_I363F_SQuanta_V42.14_F.07_T091010_WU3-0_L409_M1789_J250_7AMD_8F62_92.00_#110430_N168C002B;10EC8136_(VM363UA#ABC)_XMOBILE_CN10_Z.MRK
[2011/04/30 17:11:05 | 000,000,290 | ---- | C] () -- C:\Users\Lourdes\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/04/30 17:11:05 | 000,000,272 | ---- | C] () -- C:\Users\Lourdes\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/04/30 16:37:54 | 000,000,292 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2011/04/30 16:37:47 | 000,001,955 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Play.lnk
[2011/04/30 16:30:46 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2011/04/30 16:30:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01007.Wdf
[2011/04/30 16:24:20 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/04/30 16:24:15 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/04/30 16:21:30 | 1406,296,064 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/30 00:36:22 | 000,080,223 | ---- | C] () -- C:\Users\Lourdes\Documents\index.html
[2011/04/30 00:36:22 | 000,010,965 | ---- | C] () -- C:\Users\Lourdes\Documents\ear-tuck.html
[2011/04/30 00:36:22 | 000,001,906 | ---- | C] () -- C:\Users\Lourdes\Documents\image336.gif
[2011/04/30 00:29:07 | 000,288,188 | ---- | C] () -- C:\Users\Lourdes\Documents\www.filgifts.com_ssl_Invoice.asp_xid=77054.pdf
[2011/04/30 00:29:07 | 000,210,673 | ---- | C] () -- C:\Users\Lourdes\Documents\Yahoo! Registration Confirm...pdf
[2011/04/30 00:29:07 | 000,206,282 | ---- | C] () -- C:\Users\Lourdes\Documents\zeljko.jpg
[2011/04/30 00:29:07 | 000,100,302 | ---- | C] () -- C:\Users\Lourdes\Documents\www.rogers.com_web_....pdf
[2011/04/30 00:27:42 | 000,418,776 | ---- | C] () -- C:\Users\Lourdes\Documents\This is the Last Will and Testament of me.pdf
[2011/04/30 00:27:42 | 000,286,568 | ---- | C] () -- C:\Users\Lourdes\Documents\Vanccommcollege.pdf
[2011/04/30 00:27:38 | 000,270,379 | ---- | C] () -- C:\Users\Lourdes\Documents\Temporary Password.pdf
[2011/04/30 00:26:31 | 000,113,863 | ---- | C] () -- C:\Users\Lourdes\Documents\skills_iACT.pdf
[2011/04/30 00:26:29 | 000,476,325 | ---- | C] () -- C:\Users\Lourdes\Documents\Re_ Recent Graduate Looking...pdf
[2011/04/30 00:26:28 | 000,403,110 | ---- | C] () -- C:\Users\Lourdes\Documents\RBC Financial Group - Onlin...pdf
[2011/04/30 00:26:27 | 014,314,755 | ---- | C] () -- C:\Users\Lourdes\Documents\Product Catalog.pdf
[2011/04/30 00:25:40 | 000,407,287 | ---- | C] () -- C:\Users\Lourdes\Documents\permanent residencyPAYEMENT.pdf
[2011/04/30 00:25:18 | 000,214,546 | ---- | C] () -- C:\Users\Lourdes\Documents\newMTMforecast.pdf
[2011/04/30 00:25:18 | 000,210,733 | ---- | C] () -- C:\Users\Lourdes\Documents\Payment Receipt - PayPal.pdf
[2011/04/30 00:25:11 | 001,173,876 | ---- | C] () -- C:\Users\Lourdes\Documents\new Passport.jpg
[2011/04/30 00:24:06 | 000,387,148 | ---- | C] () -- C:\Users\Lourdes\Documents\Name Requests Online.pdf
[2011/04/30 00:24:06 | 000,028,304 | ---- | C] () -- C:\Users\Lourdes\Documents\Name_Request_Results.pdf
[2011/04/30 00:24:06 | 000,004,408 | ---- | C] () -- C:\Users\Lourdes\Documents\New 2009 MTM Samples Book1.pdf
[2011/04/30 00:24:06 | 000,000,024 | ---- | C] () -- C:\Users\Lourdes\Documents\Name_Request_Results.pdf_Zone.Identifier
[2011/04/30 00:23:25 | 000,570,411 | ---- | C] () -- C:\Users\Lourdes\Documents\msp_oct2010.pdf
[2011/04/30 00:23:25 | 000,206,023 | ---- | C] () -- C:\Users\Lourdes\Documents\msp - Payment Receipt2.pdf
[2011/04/30 00:23:25 | 000,049,814 | ---- | C] () -- C:\Users\Lourdes\Documents\msp nov.htm
[2011/04/30 00:23:25 | 000,000,026 | ---- | C] () -- C:\Users\Lourdes\Documents\msp nov.htm_Zone.Identifier
[2011/04/30 00:23:19 | 000,343,701 | ---- | C] () -- C:\Users\Lourdes\Documents\Maid Squad.pdf
[2011/04/30 00:23:19 | 000,118,311 | ---- | C] () -- C:\Users\Lourdes\Documents\LOURDES_KAO-CC.PDF
[2011/04/30 00:22:01 | 000,481,717 | ---- | C] () -- C:\Users\Lourdes\Documents\Last_Will_Instructions.pdf
[2011/04/30 00:22:01 | 000,223,331 | ---- | C] () -- C:\Users\Lourdes\Documents\Last Will and Testament.pdf
[2011/04/30 00:22:01 | 000,037,796 | ---- | C] () -- C:\Users\Lourdes\Documents\lilies_carnations.jpg
[2011/04/30 00:22:01 | 000,015,462 | ---- | C] () -- C:\Users\Lourdes\Documents\lariat.jpg
[2011/04/30 00:20:29 | 000,337,932 | ---- | C] () -- C:\Users\Lourdes\Documents\keyfinder.2.0.1.zip
[2011/04/30 00:20:29 | 000,198,995 | ---- | C] () -- C:\Users\Lourdes\Documents\Just Us Maids.pdf
[2011/04/30 00:19:52 | 000,460,535 | ---- | C] () -- C:\Users\Lourdes\Documents\InstantUnlockCodes.pdf
[2011/04/30 00:19:52 | 000,375,475 | ---- | C] () -- C:\Users\Lourdes\Documents\JOHN_GODADDY.pdf
[2011/04/30 00:19:52 | 000,062,396 | ---- | C] () -- C:\Users\Lourdes\Documents\image-50684872-640x480.jpg
[2011/04/30 00:19:52 | 000,009,642 | ---- | C] () -- C:\Users\Lourdes\Documents\jena..gif
[2011/04/30 00:19:52 | 000,000,024 | ---- | C] () -- C:\Users\Lourdes\Documents\image-50684872-640x480.jpg_Zone.Identifier
[2011/04/30 00:18:52 | 001,173,876 | ---- | C] () -- C:\Users\Lourdes\Documents\hpqscan0005.jpg
[2011/04/30 00:18:52 | 000,363,563 | ---- | C] () -- C:\Users\Lourdes\Documents\Harris - Online Account Con...pdf
[2011/04/30 00:18:49 | 000,697,348 | ---- | C] () -- C:\Users\Lourdes\Documents\godaddy .pdf
[2011/04/30 00:18:49 | 000,603,065 | ---- | C] () -- C:\Users\Lourdes\Documents\graphics resume.pdf
[2011/04/30 00:18:49 | 000,398,102 | ---- | C] () -- C:\Users\Lourdes\Documents\Equifax Credit Watch.pdf
[2011/04/30 00:18:49 | 000,323,654 | ---- | C] () -- C:\Users\Lourdes\Documents\EquifaxPrintOrder.pdf
[2011/04/30 00:18:49 | 000,129,036 | ---- | C] () -- C:\Users\Lourdes\Documents\Fees_receipt_R016628767.pdf
[2011/04/30 00:18:49 | 000,018,795 | ---- | C] () -- C:\Users\Lourdes\Documents\gallery-liposuction.html
[2011/04/30 00:18:49 | 000,014,655 | ---- | C] () -- C:\Users\Lourdes\Documents\gallery-liposuction2.html
[2011/04/30 00:18:49 | 000,013,417 | ---- | C] () -- C:\Users\Lourdes\Documents\gallery-detailpointl2.html
[2011/04/30 00:18:49 | 000,012,506 | ---- | C] () -- C:\Users\Lourdes\Documents\gallery-detailliposuction7.html
[2011/04/30 00:18:49 | 000,012,506 | ---- | C] () -- C:\Users\Lourdes\Documents\gallery-detailliposuction6.html
[2011/04/30 00:18:49 | 000,000,000 | ---- | C] () -- C:\Users\Lourdes\Documents\graphics resume business manager.pdf
[2011/04/30 00:18:48 | 000,476,035 | ---- | C] () -- C:\Users\Lourdes\Documents\drakes_laptop .pdf
[2011/04/30 00:18:18 | 000,601,849 | ---- | C] () -- C:\Users\Lourdes\Documents\creditcards.jpg
[2011/04/30 00:18:18 | 000,530,768 | ---- | C] () -- C:\Users\Lourdes\Documents\david.jpg
[2011/04/30 00:18:18 | 000,000,046 | ---- | C] () -- C:\Users\Lourdes\Documents\david.jpg_Zone.Identifier
[2011/04/30 00:18:17 | 001,007,138 | ---- | C] () -- C:\Users\Lourdes\Documents\CR SCORES.zip
[2011/04/30 00:18:17 | 000,212,425 | R--- | C] () -- C:\Users\Lourdes\Documents\collage.jpg
[2011/04/30 00:18:17 | 000,212,168 | ---- | C] () -- C:\Users\Lourdes\Documents\Confirmation and Information.pdf
[2011/04/30 00:18:17 | 000,134,126 | ---- | C] () -- C:\Users\Lourdes\Documents\CoverMeCI-App-Direct-Nat-English-FinalApproved-2009 H1 OK.pdf
[2011/04/30 00:18:17 | 000,119,022 | ---- | C] () -- C:\Users\Lourdes\Documents\cleaningtips.html
[2011/04/30 00:18:12 | 000,392,341 | ---- | C] () -- C:\Users\Lourdes\Documents\Capilano University - Confi...pdf
[2011/04/30 00:18:12 | 000,213,754 | ---- | C] () -- C:\Users\Lourdes\Documents\buy house for rent to own.pdf
[2011/04/30 00:18:12 | 000,113,726 | ---- | C] () -- C:\Users\Lourdes\Documents\CheatSheet.pdf
[2011/04/30 00:16:16 | 000,330,230 | ---- | C] () -- C:\Users\Lourdes\Documents\Apply for Birth and Other C...pdf
[2011/04/30 00:16:16 | 000,291,267 | ---- | C] () -- C:\Users\Lourdes\Documents\augustrent.pdf
[2011/04/30 00:16:16 | 000,179,975 | ---- | C] () -- C:\Users\Lourdes\Documents\application.PDF
[2011/04/30 00:16:16 | 000,152,434 | ---- | C] () -- C:\Users\Lourdes\Documents\bookmarks.html
[2011/04/30 00:16:11 | 003,000,657 | ---- | C] () -- C:\Users\Lourdes\Documents\8.5x11_BRO_HalfFold_Outside.psd
[2011/04/30 00:16:11 | 002,989,212 | ---- | C] () -- C:\Users\Lourdes\Documents\8.5x11_BRO_HalfFold_Inside.psd
[2011/04/30 00:16:11 | 000,427,448 | ---- | C] () -- C:\Users\Lourdes\Documents\Alberta Post-secondary Appl...pdf
[2011/04/30 00:16:11 | 000,351,626 | ---- | C] () -- C:\Users\Lourdes\Documents\4My Transaction History - Xo...pdf
[2011/04/30 00:16:11 | 000,351,479 | ---- | C] () -- C:\Users\Lourdes\Documents\3My Transaction History - Xo...pdf
[2011/04/30 00:16:11 | 000,351,415 | ---- | C] () -- C:\Users\Lourdes\Documents\2My Transaction History - Xo...pdf
[2011/04/30 00:16:11 | 000,349,783 | ---- | C] () -- C:\Users\Lourdes\Documents\1My Transaction History - Xo...pdf
[2011/04/30 00:16:11 | 000,153,676 | ---- | C] () -- C:\Users\Lourdes\Documents\Acknowledgement (Print Version).pdf
[2011/04/30 00:16:11 | 000,001,833 | ---- | C] () -- C:\Users\Lourdes\Documents\13ways.html
[2011/04/30 00:16:11 | 000,001,820 | ---- | C] () -- C:\Users\Lourdes\Documents\13.html
[2011/04/30 00:15:43 | 000,497,422 | R--- | C] () -- C:\Users\Lourdes\Desktop\PaulaGrace-submit-cra10.pdf
[2011/04/30 00:15:43 | 000,222,494 | ---- | C] () -- C:\Users\Lourdes\Desktop\paulaReturn Accepted.pdf
[2011/04/30 00:15:43 | 000,151,742 | ---- | C] () -- C:\Users\Lourdes\Desktop\RBC International Remittanc...pdf
[2009/08/25 16:42:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/15 17:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 18:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2011/05/15 22:06:21 | 1406,296,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/15 22:06:21 | 1875,062,784 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

OTL Extras logfile created on: 5/16/2011 9:52:59 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Lourdes\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.09 Gb Total Space | 179.97 Gb Free Space | 82.15% Space Free | Partition Type: NTFS
Drive D: | 13.50 Gb Total Space | 2.21 Gb Free Space | 16.39% Space Free | Partition Type: NTFS

Computer Name: LOURDES-PC | User Name: Lourdes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java™ 6 Update 25 (64-bit)
"{2BD7E784-16E7-460B-87AB-9E34743E7F38}" = RPS RpsCore64
"{6C47240C-016E-03B5-D13E-AECAED09F2E3}" = ATI Catalyst Install Manager
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ADEB3402-CFBD-00E2-0EE6-F6A3F1AFACF0}" = ccc-utility64
"{EB35E973-7560-4E47-B653-3CD000160CF7}" = Syncplicity
"EPSON NX420 Series" = EPSON NX420 Series Printer Uninstall
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{09CC0D0E-061D-3C7B-3881-D2EB53A8AAFC}" = CCC Help Polish
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F9D123D-2850-494B-AAA0-24492F70C4A4}" = RPS CRT
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26606D8F-3133-DBE2-8AF5-AB28F300860A}" = CCC Help Chinese Standard
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{293F900D-3743-A8CC-46AD-5AFBFF8E29CF}" = muvee Reveal
"{2D4E1F8A-901B-4BBD-B311-B6E56059066E}" = Microsoft Live Search Toolbar
"{33C17B75-EA9C-0687-9CED-03D92637B042}" = CCC Help Hungarian
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3FBDB7B8-7472-E895-2E5D-99D190B2D1B6}" = Catalyst Control Center InstallProxy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{546937C5-0529-333E-0D5E-FE3C53108806}" = CCC Help Japanese
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{55C70B62-5EF1-D527-7CAB-E50D8B3B4990}" = Catalyst Control Center Graphics Full New
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{577ED77E-25D9-1A76-4EF0-773B9C173758}" = CCC Help Portuguese
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5C1E3F85-3FBA-40F0-9BA6-3A640E505357}" = RPS PerfectDiskStub
"{5DB4EA68-A509-D408-585C-C9D045FADF72}" = Catalyst Control Center Graphics Previews Vista
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6D335F78-1F4F-7826-56DD-4F350EA6EADD}" = CCC Help Greek
"{6EF04EAE-0354-9919-E757-F1203E6F422B}" = CCC Help Italian
"{7028B245-30A2-BD8C-31B9-6008216FBDC2}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{779D3256-84D0-936F-18F9-A154DC85B4B4}" = Catalyst Control Center Localization All
"{7D8EB6EC-82C2-47CA-99BA-05DE6C3D4D45}" = RPS RpsCore
"{7F4DA5B8-6884-47F2-AEBA-D9111E420C63}" = CCC Help Danish
"{7F9A8D27-A1B9-164F-FCB1-0B64C88629CF}" = CCC Help Norwegian
"{803263F7-8CAC-DC6D-3288-8128865A7472}" = CCC Help German
"{8265D6DA-AE00-45B6-8763-5E6FC0E32028}" = TELUS security services
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC47AA0-5774-61FC-6A59-7E1C936DB753}" = ccc-core-static
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A28867B-109A-5BBF-85C0-FC1BAA98CA1C}" = CCC Help Russian
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8BCC9E4-9036-3029-F2BC-AA73A62DA73D}" = CCC Help Turkish
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B5C746E6-D961-445C-3768-5B6FAF6A1A31}" = CCC Help Spanish
"{C0769946-2CF1-9E8D-009B-5C413B3F01D1}" = CCC Help Czech
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4F7EEE5-3D99-8552-7483-B2F412838B2A}" = Catalyst Control Center Graphics Previews Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D4C41D27-A2D5-94C6-1D08-3D470A12EAF0}" = CCC Help Swedish
"{D9D6A848-1BFD-592B-5F9D-0BA8692FDF0B}" = CCC Help Finnish
"{DCD91C2F-3A86-B328-59A0-5EED6190D983}" = Catalyst Control Center Graphics Full Existing
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5F5CAA5-84ED-DE41-40D0-8926FE7E5F4D}" = Catalyst Control Center Graphics Light
"{E6CE345D-BF83-1242-9E4D-3D60A5036D87}" = CCC Help English
"{EC155897-712F-5637-A5DA-6C7CE7CB5521}" = CCC Help Korean
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0580F64-44A1-C607-9364-887912B74F4D}" = CCC Help Thai
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F3F9A4E5-CD9F-4657-CF99-5CE3F7729909}" = Catalyst Control Center Core Implementation
"{F5B1D41A-05B9-98E2-C350-E69D4A444CB4}" = CCC Help Chinese Traditional
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCF0F615-6E70-B949-028F-88D32C55C2BC}" = CCC Help Dutch
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"Browser Hijack Blaster_is1" = Browser Hijack Blaster v1.0
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"RadialpointClientGateway_is1" = TELUS security advisor 3.7.44
"uTorrent" = µTorrent
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/13/2011 5:45:24 PM | Computer Name = Lourdes-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Lourdes\Downloads\SoftonicDownloader_for_kompozer-portable.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.

Error - 5/13/2011 5:50:10 PM | Computer Name = Lourdes-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Lourdes\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 5/13/2011 5:50:16 PM | Computer Name = Lourdes-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Lourdes\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 5/14/2011 12:36:11 AM | Computer Name = Lourdes-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 5/14/2011 12:36:12 AM | Computer Name = Lourdes-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 5/14/2011 12:37:42 AM | Computer Name = Lourdes-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/14/2011 12:38:38 AM | Computer Name = Lourdes-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\Lourdes\downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 5/14/2011 12:39:02 AM | Computer Name = Lourdes-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\Lourdes\downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 5/14/2011 12:39:12 AM | Computer Name = Lourdes-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\Lourdes\downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 5/15/2011 2:04:23 AM | Computer Name = Lourdes-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 2.0.1.4120 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2a8 Start
Time: 01cc11f581685aae Termination Time: 2785 Application Path: C:\Program Files
(x86)\Mozilla Firefox\firefox.exe Report Id: 1c74c31b-7eb9-11e0-ae69-00269e8f218f


[ System Events ]
Error - 5/2/2011 12:50:27 AM | Computer Name = Lourdes-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
StarOpen

Error - 5/2/2011 10:22:41 AM | Computer Name = Lourdes-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:40:12 AM on ?02/?05/?2011 was unexpected.

Error - 5/2/2011 10:23:42 AM | Computer Name = Lourdes-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
StarOpen

Error - 5/4/2011 10:22:12 AM | Computer Name = Lourdes-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
StarOpen


< End of report >

#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:50 AM

Posted 16 May 2011 - 01:18 PM

Hi again purple lace!!.. :)

As far as I can see, the file responsible for redirects has already been deleted... Could you confirm the problem with redirects is gone??..

I see you have run ComboFix on your own...
Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Ok, back to the log:
Firstly,
I notice that you are using more than one antivirus program - Avast! and TELUS Security Suite.
It's not recommended to run more than one antivirus program in resident mode because they can conflict with each other.
I strongly suggest you either disable a real time protection or uninstall one of these programs.

Also, I can see that you're running Spybot's TeaTimer in resident mode - it provides anti-spyware protection (which, to say the truth, is not very effective these days)... It's not needed as any antivirus you'll leave installed on your machine will protect you against spyware threats as well... That's why I recommend you disable TeaTimer, use instructions from this thread: How to disable your security applications

Secondly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
    [2011/04/30 00:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lourdes\AppData\Roaming\Mozilla\Firefox\Profiles\bxutd0qe.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2011/04/30 00:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lourdes\AppData\Roaming\Mozilla\Firefox\Profiles\bxutd0qe.default\extensions\toolbar@ask.com
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    [2011/05/01 21:06:16 | 000,000,312 | -HS- | C] () -- C:\Windows\tasks\LXCISVCKC.job
    :Files
    C:\Windows\SysWow64\xwtpduil.dll
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 purple lace

purple lace
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 16 May 2011 - 04:08 PM

Hi, as far as i remember, i just downloaded the Combo Fix and opened it but i did not run it yet. I did read the warning so i did not run it.

Here is the result for the fix. So far i have not had any redirects anymore.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
C:\Users\Lourdes\AppData\Roaming\Mozilla\Firefox\Profiles\bxutd0qe.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin folder moved successfully.
C:\Users\Lourdes\AppData\Roaming\Mozilla\Firefox\Profiles\bxutd0qe.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults folder moved successfully.
C:\Users\Lourdes\AppData\Roaming\Mozilla\Firefox\Profiles\bxutd0qe.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} folder moved successfully.
C:\Users\Lourdes\AppData\Roaming\Mozilla\Firefox\Profiles\bxutd0qe.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\Lourdes\AppData\Roaming\Mozilla\Firefox\Profiles\bxutd0qe.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Lourdes\AppData\Roaming\Mozilla\Firefox\Profiles\bxutd0qe.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Lourdes\AppData\Roaming\Mozilla\Firefox\Profiles\bxutd0qe.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Lourdes\AppData\Roaming\Mozilla\Firefox\Profiles\bxutd0qe.default\extensions\toolbar@ask.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
C:\Windows\Tasks\LXCISVCKC.job moved successfully.
========== FILES ==========
File\Folder C:\Windows\SysWow64\xwtpduil.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lourdes
->Temp folder emptied: 19464712 bytes
->Temporary Internet Files folder emptied: 29400393 bytes
->Java cache emptied: 33053 bytes
->FireFox cache emptied: 49218652 bytes
->Flash cache emptied: 19553 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12852955 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 106.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Lourdes
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05162011_135118

Files\Folders moved on Reboot...
C:\Users\Lourdes\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\ZKT{99BCACBE-35FC-445C-A27E-9DD966396CB1}.tmp moved successfully.

Registry entries deleted on Reboot...

#6 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:50 AM

Posted 16 May 2011 - 04:16 PM

Hi again purple lace!!.. :)

Could you tell me what decision you made regarding protection programs on your computer??.. Did you uninstall or completely disable one of the antivirus programs?..

Please run this scan for me:

  • Download TDSSKiller.zip and extract TDSSKiller.exe to your Desktop.
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
Posted Image

  • If Malicious objects are found, ensure Cure is selected (it should be by default).
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Please post that log here.

Then,
We need to update outdated programs (with security vulnerabilities) on your machine:

- Adobe Acrobat Reader:

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities, you can update it here (uninstall version 9.1 first):
Adobe Reader X

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

After successfully installing Adobe Reader X, see this article on how to make this program more secure: Adobe Reader X secures itself by playing in the sandbox.

- Adobe Flash Player:

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

- Service Pack 1 for Windows 7: the latest Service pack for Windows 7 is out (see here: KB976932)! I recommend you install it. It should be available via Windows Update...

- Internet Explorer - version #9 is out! I recommend you upgrade your version of IE!.. It should be available as an optional install via Windows Update; you can alsow download and install it from here: Internet Explorer


Let me know if all the updates went well...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#7 purple lace

purple lace
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 16 May 2011 - 11:23 PM

Hello, Thanks so much for the replies. I did uninstall Avast and Tea Timer.

here is the log of the scan. i am now going to update the needed softwares.


2011/05/16 21:18:24.0395 4972 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/16 21:18:26.0398 4972 ================================================================================
2011/05/16 21:18:26.0399 4972 SystemInfo:
2011/05/16 21:18:26.0399 4972
2011/05/16 21:18:26.0399 4972 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/16 21:18:26.0399 4972 Product type: Workstation
2011/05/16 21:18:26.0399 4972 ComputerName: LOURDES-PC
2011/05/16 21:18:26.0400 4972 UserName: Lourdes
2011/05/16 21:18:26.0400 4972 Windows directory: C:\Windows
2011/05/16 21:18:26.0400 4972 System windows directory: C:\Windows
2011/05/16 21:18:26.0400 4972 Running under WOW64
2011/05/16 21:18:26.0400 4972 Processor architecture: Intel x64
2011/05/16 21:18:26.0400 4972 Number of processors: 2
2011/05/16 21:18:26.0400 4972 Page size: 0x1000
2011/05/16 21:18:26.0400 4972 Boot type: Normal boot
2011/05/16 21:18:26.0400 4972 ================================================================================
2011/05/16 21:18:27.0131 4972 Initialize success
2011/05/16 21:18:57.0317 2548 ================================================================================
2011/05/16 21:18:57.0317 2548 Scan started
2011/05/16 21:18:57.0317 2548 Mode: Manual;
2011/05/16 21:18:57.0317 2548 ================================================================================
2011/05/16 21:18:58.0945 2548 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/16 21:18:59.0106 2548 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/16 21:18:59.0245 2548 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/16 21:18:59.0402 2548 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/16 21:18:59.0537 2548 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/16 21:18:59.0695 2548 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/16 21:18:59.0893 2548 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/05/16 21:19:00.0073 2548 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/05/16 21:19:00.0231 2548 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/16 21:19:00.0393 2548 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/16 21:19:00.0549 2548 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/16 21:19:00.0718 2548 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/16 21:19:00.0867 2548 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/16 21:19:00.0991 2548 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/05/16 21:19:01.0140 2548 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/16 21:19:01.0305 2548 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/05/16 21:19:01.0463 2548 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/05/16 21:19:01.0629 2548 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/16 21:19:01.0775 2548 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/16 21:19:01.0925 2548 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/16 21:19:02.0052 2548 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/16 21:19:02.0201 2548 athr (5d4529ac4156e16bedb01441ae0cf984) C:\Windows\system32\DRIVERS\athrx.sys
2011/05/16 21:19:02.0540 2548 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/16 21:19:02.0868 2548 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/05/16 21:19:03.0056 2548 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/16 21:19:03.0212 2548 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/16 21:19:03.0386 2548 bdfsfltr (151390d51a96867f5142ba708d044b6b) C:\Windows\system32\drivers\bdfsfltr.sys
2011/05/16 21:19:03.0557 2548 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/16 21:19:03.0733 2548 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/16 21:19:03.0868 2548 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/16 21:19:04.0016 2548 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/16 21:19:04.0149 2548 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/16 21:19:04.0282 2548 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/16 21:19:04.0416 2548 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/16 21:19:04.0550 2548 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/16 21:19:04.0684 2548 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/16 21:19:04.0876 2548 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/16 21:19:05.0033 2548 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/16 21:19:05.0275 2548 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/16 21:19:05.0470 2548 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/16 21:19:05.0628 2548 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/16 21:19:05.0826 2548 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/16 21:19:05.0962 2548 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/16 21:19:06.0117 2548 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/05/16 21:19:06.0345 2548 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/16 21:19:06.0523 2548 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/16 21:19:06.0668 2548 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/16 21:19:06.0877 2548 DefragFS (afaaa345fceb1ac24e0d63d85a7775fd) C:\Windows\system32\drivers\DefragFS.sys
2011/05/16 21:19:07.0048 2548 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/05/16 21:19:07.0192 2548 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/16 21:19:07.0338 2548 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/16 21:19:07.0514 2548 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/16 21:19:07.0685 2548 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/16 21:19:07.0976 2548 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/16 21:19:08.0258 2548 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/16 21:19:08.0388 2548 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/16 21:19:08.0545 2548 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/16 21:19:08.0610 2548 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/16 21:19:08.0746 2548 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/16 21:19:08.0822 2548 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/16 21:19:08.0935 2548 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/16 21:19:09.0059 2548 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/16 21:19:09.0197 2548 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/05/16 21:19:09.0361 2548 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/16 21:19:09.0503 2548 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/16 21:19:09.0643 2548 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/16 21:19:09.0804 2548 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/16 21:19:09.0955 2548 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/16 21:19:10.0101 2548 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/05/16 21:19:10.0238 2548 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/16 21:19:10.0348 2548 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/16 21:19:10.0395 2548 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/16 21:19:10.0508 2548 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/16 21:19:10.0648 2548 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/16 21:19:10.0835 2548 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/05/16 21:19:10.0982 2548 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/16 21:19:11.0105 2548 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/05/16 21:19:11.0214 2548 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/16 21:19:11.0336 2548 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/16 21:19:11.0469 2548 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/05/16 21:19:11.0793 2548 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/05/16 21:19:12.0110 2548 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/16 21:19:12.0232 2548 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/16 21:19:12.0369 2548 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/16 21:19:12.0503 2548 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/16 21:19:12.0627 2548 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/16 21:19:12.0762 2548 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/16 21:19:12.0901 2548 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/16 21:19:13.0032 2548 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/16 21:19:13.0175 2548 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/16 21:19:13.0322 2548 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/16 21:19:13.0454 2548 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/16 21:19:13.0593 2548 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/16 21:19:13.0709 2548 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/16 21:19:13.0818 2548 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/16 21:19:13.0998 2548 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/16 21:19:14.0155 2548 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/16 21:19:14.0291 2548 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/16 21:19:14.0423 2548 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/16 21:19:14.0559 2548 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/16 21:19:14.0704 2548 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/16 21:19:14.0837 2548 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/16 21:19:14.0966 2548 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/16 21:19:15.0135 2548 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/16 21:19:15.0273 2548 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/16 21:19:15.0398 2548 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/16 21:19:15.0549 2548 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/16 21:19:15.0678 2548 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/05/16 21:19:15.0814 2548 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/16 21:19:15.0952 2548 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/16 21:19:16.0109 2548 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/16 21:19:16.0239 2548 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/16 21:19:16.0377 2548 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/16 21:19:16.0532 2548 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/16 21:19:16.0665 2548 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/16 21:19:16.0792 2548 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/16 21:19:16.0935 2548 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/16 21:19:17.0060 2548 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/16 21:19:17.0183 2548 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/16 21:19:17.0341 2548 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/16 21:19:17.0474 2548 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/16 21:19:17.0608 2548 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/16 21:19:17.0744 2548 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/05/16 21:19:17.0884 2548 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/16 21:19:18.0019 2548 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/16 21:19:18.0141 2548 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/16 21:19:18.0274 2548 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/16 21:19:18.0444 2548 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/16 21:19:18.0626 2548 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/05/16 21:19:18.0768 2548 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/16 21:19:18.0897 2548 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/16 21:19:19.0058 2548 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/16 21:19:19.0190 2548 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/16 21:19:19.0311 2548 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/05/16 21:19:19.0437 2548 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/16 21:19:19.0565 2548 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/16 21:19:19.0885 2548 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/05/16 21:19:20.0143 2548 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/16 21:19:20.0299 2548 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/16 21:19:20.0421 2548 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/16 21:19:20.0599 2548 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/05/16 21:19:20.0729 2548 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/16 21:19:20.0847 2548 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/05/16 21:19:20.0970 2548 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/05/16 21:19:21.0094 2548 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/16 21:19:21.0245 2548 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/16 21:19:21.0483 2548 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/16 21:19:21.0605 2548 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/05/16 21:19:21.0742 2548 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/05/16 21:19:21.0843 2548 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/16 21:19:21.0954 2548 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/16 21:19:22.0086 2548 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/16 21:19:22.0236 2548 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/16 21:19:22.0464 2548 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/16 21:19:22.0601 2548 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/16 21:19:22.0761 2548 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/16 21:19:22.0924 2548 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/16 21:19:23.0090 2548 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/16 21:19:23.0246 2548 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/16 21:19:23.0452 2548 RadialpointIDSDriver (084e03dce90fedbb5cea32743a4a4ff6) C:\Program Files (x86)\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys
2011/05/16 21:19:23.0660 2548 RadialpointIDSFilter (6be281483d6476606795bd1a5e4ba7df) C:\Program Files (x86)\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys
2011/05/16 21:19:23.0789 2548 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/16 21:19:23.0934 2548 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/16 21:19:24.0084 2548 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/16 21:19:24.0218 2548 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/16 21:19:24.0353 2548 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/16 21:19:24.0489 2548 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/16 21:19:24.0618 2548 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/16 21:19:24.0674 2548 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/16 21:19:24.0841 2548 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/16 21:19:24.0904 2548 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/16 21:19:25.0011 2548 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/05/16 21:19:25.0160 2548 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/05/16 21:19:25.0359 2548 RPPKT (fe15c4c61b51159e8c826b64ff89b1ea) C:\Windows\system32\DRIVERS\rp_pkt64.sys
2011/05/16 21:19:25.0484 2548 RPSKT (98f7aa362690324afa5c328c48cec932) C:\Windows\system32\DRIVERS\rp_skt64.sys
2011/05/16 21:19:25.0659 2548 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/16 21:19:25.0900 2548 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/05/16 21:19:26.0141 2548 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/16 21:19:26.0316 2548 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/16 21:19:26.0479 2548 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/16 21:19:26.0627 2548 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/16 21:19:26.0703 2548 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/16 21:19:26.0752 2548 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/16 21:19:26.0859 2548 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/16 21:19:27.0004 2548 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/16 21:19:27.0138 2548 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/16 21:19:27.0260 2548 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/16 21:19:27.0407 2548 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/16 21:19:27.0564 2548 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/16 21:19:27.0703 2548 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/16 21:19:27.0846 2548 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/16 21:19:28.0001 2548 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/16 21:19:28.0174 2548 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
2011/05/16 21:19:28.0311 2548 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/16 21:19:28.0456 2548 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/05/16 21:19:28.0652 2548 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/05/16 21:19:28.0839 2548 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/05/16 21:19:28.0988 2548 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/16 21:19:29.0293 2548 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/16 21:19:29.0446 2548 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/05/16 21:19:29.0606 2548 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/16 21:19:29.0777 2548 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/16 21:19:30.0026 2548 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2011/05/16 21:19:30.0270 2548 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/16 21:19:30.0412 2548 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/16 21:19:30.0636 2548 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/16 21:19:30.0813 2548 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/16 21:19:31.0026 2548 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/16 21:19:31.0237 2548 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/16 21:19:31.0517 2548 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/16 21:19:31.0831 2548 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/16 21:19:32.0034 2548 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/16 21:19:32.0241 2548 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/16 21:19:32.0811 2548 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/16 21:19:32.0978 2548 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/16 21:19:33.0123 2548 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/16 21:19:33.0302 2548 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/16 21:19:33.0629 2548 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/16 21:19:33.0757 2548 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/16 21:19:33.0873 2548 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/05/16 21:19:33.0976 2548 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/16 21:19:34.0075 2548 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/16 21:19:34.0172 2548 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/16 21:19:34.0286 2548 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/16 21:19:34.0531 2548 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/16 21:19:34.0917 2548 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/16 21:19:35.0137 2548 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/16 21:19:35.0404 2548 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/16 21:19:35.0637 2548 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/16 21:19:35.0891 2548 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/16 21:19:36.0060 2548 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/16 21:19:36.0229 2548 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/16 21:19:36.0428 2548 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/05/16 21:19:36.0606 2548 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/16 21:19:36.0851 2548 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/16 21:19:37.0051 2548 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/16 21:19:37.0174 2548 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/16 21:19:37.0362 2548 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/16 21:19:37.0509 2548 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/16 21:19:37.0558 2548 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/16 21:19:37.0698 2548 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/16 21:19:37.0838 2548 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/16 21:19:38.0195 2548 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/16 21:19:38.0318 2548 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/16 21:19:38.0567 2548 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/16 21:19:38.0719 2548 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/16 21:19:38.0888 2548 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/05/16 21:19:39.0070 2548 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/05/16 21:19:39.0152 2548 ================================================================================
2011/05/16 21:19:39.0152 2548 Scan finished
2011/05/16 21:19:39.0152 2548 ================================================================================

#8 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:50 AM

Posted 17 May 2011 - 06:02 AM

Hi again purple lace!!.. :)

That looks good!.. If all the updates went well, and no problem remains, you're good to go!.. Some final steps to perform:

Firstly,
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Secondly,
Please set a new Restore Point to prevent infection from any previous Restore Points.
The easiest and safest way to do this is:
  • Open Control Panel (Start --> Control Panel) and double-click the System icon.
  • Click on the System Protection link on the left. If an UAC (User Account Control) prompt appears, click Continue. Close the System window.
  • Make sure that you have System Protection turned on for your System drive (usually C:\):
    • In Windows 7: On under Protection,
    • In Windows Vista: a box on the left will be checked.
  • Click on the Create button. Give the restore point a name, and click Create. Wait till the new system restore point is created, and click Close.
  • Then go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire (usually C:\).
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here and for Windows 7 here.

Please check my site - snemelk.hekko.pl:

Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again!
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#9 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:50 AM

Posted 31 May 2011 - 07:58 AM

Glad we could help. :)

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users