Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google searches are being redirected


  • This topic is locked This topic is locked
38 replies to this topic

#1 CBR954RR

CBR954RR

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 19 August 2011 - 12:18 PM

Blade Zephon has been helping me and advised me to post a new topic in this forum. The original thread was here http://www.bleepingcomputer.com/forums/topic415127.html

My problem is that google search links are randomly being redirected to random places. Somtimes the links will take me where they are supposed to and other times I am redirected to random locations that have nothing to do with the link.

My system is as follows: I have a dual boot system with 2 partitions. 1 partition has Windows XP Pro SP3 with Ubuntu installed in a working directory on this partition. Partition 2 has Windows 7 Pro SP1 64 bit version. This gives me the option to boot into XP, Ubuntu or Windows 7 at boot time with Windows 7 being my normal bootup OS.

The problem above is only in Windows 7. XP and Ubuntu do not display this problem.

I have run a full scan with eset Smart Security v.4.2.71.2 with latest def update and also Malwarebyte's Anti-Malware v.1.51.1.1800 with latest defs and both find nothing.

As per Blade's suggestion, I am posting here with the initial results from the Preparation Guide.

Below is the DDS info and attached is the Attach file from DDS. There is no gMer info as I am running a 64 bit OS.

If I left anything out, please don't hesitate to let me know what else I should provide.

I appreciate any and all help that you can provide.

Thank you.

- Dan

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Dan Hoffmann at 12:57:01 on 2011-08-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4061.2199 [GMT -4:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\ShadowExplorer\sesvc.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\fxssvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:5300;https=127.0.0.1:5300
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {16711829-73cb-4bda-1072-15c66a771d4f} - C:\Windows\SysWOW64\NlsDatta000f.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SmAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe -c
uRun: [Power2GoExpress] NA
mRun: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe
mPolicies-explorer: DontSetAutoplayCheckbox = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{A0B503BF-3018-45C1-AC10-DAF3FDFDFF0D} : DhcpNameServer = 192.168.11.1
TCP: Interfaces\{A0B503BF-3018-45C1-AC10-DAF3FDFDFF0D}\1436365642424456E4965646 : DhcpNameServer = 192.168.9.1
TCP: Interfaces\{A0B503BF-3018-45C1-AC10-DAF3FDFDFF0D}\25572756445643D456 : DhcpNameServer = 216.144.187.101 204.186.0.201 207.44.0.1
TCP: Interfaces\{A0B503BF-3018-45C1-AC10-DAF3FDFDFF0D}\25D47514 : DhcpNameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{A0B503BF-3018-45C1-AC10-DAF3FDFDFF0D}\3416E65536D456C48327 : DhcpNameServer = 216.144.187.101 204.186.0.201 207.44.0.1
TCP: Interfaces\{A0B503BF-3018-45C1-AC10-DAF3FDFDFF0D}\44C696E6B42343 : DhcpNameServer = 192.168.11.1
TCP: Interfaces\{A0B503BF-3018-45C1-AC10-DAF3FDFDFF0D}\44C696E6B453 : DhcpNameServer = 192.168.12.1
TCP: Interfaces\{A0B503BF-3018-45C1-AC10-DAF3FDFDFF0D}\C4F65516E64635861627F6E4 : DhcpNameServer = 192.168.5.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
BHO-X64: Adobe PDF Link Helper: {16711829-73CB-4BDA-1072-15C66A771D4F} - C:\Windows\SysWOW64\NlsDatta000f.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun-x64: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 iaNvStor;Intel® Turbo Memory Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys --> C:\Windows\system32\DRIVERS\iaNvStor.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/05/05 13:41:34];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2011-5-16 146928]
R2 ASMMAP64;ASMMAP64;C:\Program Files\Lenovo\ATK Hotkey\ASMMAP64.sys [2009-11-9 14904]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-1-12 810144]
R2 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-9-9 93032]
R2 LFKAS;Service of LFKA;C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe [2009-11-9 208896]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-14 366640]
R2 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-6-20 148840]
R2 sesvc;ShadowExplorer Service;C:\Program Files (x86)\ShadowExplorer\sesvc.exe [2011-3-14 9216]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-8-10 518984]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-3-7 341832]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-3-5 284696]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-7-26 64952]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 DCamUSBGene;Integrated Camera;C:\Windows\system32\DRIVERS\usbstk.sys --> C:\Windows\system32\DRIVERS\usbstk.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MTsensor64;PU ACPI UTILITY;C:\Windows\system32\DRIVERS\PuAcpi64.sys --> C:\Windows\system32\DRIVERS\PuAcpi64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 SWIPsec;SonicWALL IPsec Driver;\??\C:\Windows\system32\Drivers\SWIPsec.sys --> C:\Windows\system32\Drivers\SWIPsec.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2009-11-9 83304]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011\RpcAgentSrv.exe [2010-12-29 93848]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SWVNIC;SonicWALL Virtual Miniport;C:\Windows\system32\DRIVERS\swvnic.sys --> C:\Windows\system32\DRIVERS\swvnic.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2011-08-19 15:25:46 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{7B55B4D0-FBE6-42A7-BA9D-3277541B706F}
2011-08-19 15:25:24 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{2DD915E2-878B-4D65-A099-E8EDBD9A5F57}
2011-08-19 06:43:13 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-19 06:12:45 98816 ----a-w- C:\Windows\sed.exe
2011-08-19 06:12:45 518144 ----a-w- C:\Windows\SWREG.exe
2011-08-19 06:12:45 256000 ----a-w- C:\Windows\PEV.exe
2011-08-19 06:12:45 208896 ----a-w- C:\Windows\MBR.exe
2011-08-19 03:14:47 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{0CD2DB66-6F3C-4313-B5C4-1B8DB9A4FB03}
2011-08-19 03:14:23 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{B00DC08A-F1ED-4EAB-B122-7B3201E4DCD4}
2011-08-18 14:34:52 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{E3863F74-EBC1-4B10-81B6-F626B0D4220E}
2011-08-18 14:34:41 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{A40C3FAC-5D87-4088-89A5-A9DD11C7B749}
2011-08-18 14:32:24 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{20B83B76-652F-40A7-B56E-0AD5CE42264F}\mpengine.dll
2011-08-17 14:45:36 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{4A203B1D-02AA-4B8D-9AF0-0407F52CFBEE}
2011-08-17 14:45:25 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{386528B6-1627-4281-AD5D-3A58706B5BE4}
2011-08-16 21:35:18 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{F02E8813-2B4D-483F-A924-68BB8D07DBB7}
2011-08-16 21:35:07 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{E7095997-47CC-4595-B569-87D3B596F0C7}
2011-08-16 06:55:23 951680 ----a-w- C:\Windows\System32\drivers\ndis.sys
2011-08-16 06:42:11 -------- d-----w- C:\Program Files (x86)\ThinkVantage
2011-08-16 05:30:56 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{A067CBE9-3B1B-4C72-BB39-AFCF86B52FAA}
2011-08-16 05:30:42 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{C4E8463E-F5BA-4522-B640-0C2508AD46BF}
2011-08-15 17:25:35 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{0DBD2F03-A040-4436-B781-3C0FFC200444}
2011-08-15 17:25:23 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{FA087E6E-33B2-4D53-A492-51524A834162}
2011-08-15 05:00:55 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2011-08-15 05:00:55 62744 ----a-w- C:\Windows\SysWow64\xinput1_2.dll
2011-08-15 05:00:55 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2011-08-15 05:00:55 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2011-08-15 04:47:25 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-08-15 04:47:24 -------- d-----w- C:\Program Files (x86)\Steam
2011-08-15 04:28:01 -------- d-----w- C:\Program Files (x86)\Playdead
2011-08-15 04:27:26 -------- d-----w- C:\Windows\SysWow64\2055
2011-08-15 01:22:08 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{49CE979A-8C6C-40C3-AA6C-10F30FE1B7CA}
2011-08-15 01:21:57 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{6FC99669-7F35-41C7-BAAE-966C02D45A51}
2011-08-14 05:23:20 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{03F405CF-6C6A-4B1E-B1E2-28A0D0DBF176}
2011-08-14 05:22:58 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{D16E7F46-4F71-4658-832C-95219EC189DF}
2011-08-13 03:11:51 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{11688EA5-2B54-4035-BD10-1331FB5232FF}
2011-08-13 03:11:29 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{598E7C9E-011D-4B97-9F26-02BB023A59D0}
2011-08-13 02:55:44 -------- d-----w- C:\ProgramData\Splashtop
2011-08-13 02:55:33 -------- d-----w- C:\Program Files (x86)\Splashtop
2011-08-13 02:54:26 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{0A36B131-6523-4C74-8318-740330A367C3}
2011-08-11 17:09:06 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{AA827ACF-F82F-4096-979F-E9D25704F0EE}
2011-08-11 17:08:44 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{4E2EB5E3-9CEA-4FC9-BA59-DBF4A27EA6C8}
2011-08-11 00:47:47 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{89567120-0B79-4B42-9C10-B9281A2A6248}
2011-08-10 22:09:44 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{E82A2E63-0854-40B0-8DD2-D12DAA867591}
2011-08-10 08:21:31 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{F1BD2634-74C1-42AA-8108-EE5A29E47A0A}
2011-08-10 08:21:08 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{46FC2CDA-D9BB-4505-A6E0-C53815340397}
2011-08-10 05:57:59 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-08-09 15:00:39 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{04931877-1609-4C55-BF93-AA480EDD027D}
2011-08-09 15:00:21 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{7BA0BE5F-70EF-47A6-92D0-3171F5A89A80}
2011-08-08 16:01:32 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{CE403ADC-5E4C-4F25-BEF3-B5C168EE9BB8}
2011-08-08 16:01:09 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{832C126D-B519-49B8-822E-ECE25A7BD9F4}
2011-08-07 22:15:40 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{EA663F02-9170-4D9B-8603-7CB7989CEFE6}
2011-08-07 22:15:18 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{D2F7EA53-D52F-4D0F-8373-49759B675AD9}
2011-08-07 19:52:46 -------- d-----w- C:\Program Files\PerformanceTest
2011-08-07 19:46:27 -------- d-----w- C:\Program Files (x86)\PerformanceTest
2011-08-07 16:33:26 -------- d-----w- C:\Windows\en
2011-08-07 16:32:01 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-07 16:29:14 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{8C820F1B-4810-4291-9086-EFF4F380CE17}
2011-08-07 16:29:03 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{D420D183-2952-429D-9C63-904587046857}
2011-08-07 16:21:06 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{230FE516-B3A3-424E-9430-745F1F8AAB36}
2011-08-06 20:17:16 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{76C357F7-0327-4D5C-9570-4E15D345E459}
2011-08-06 20:16:54 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{14FC96A9-C226-4BDB-BE14-66D57CEC42DA}
2011-08-06 17:17:47 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{D9766578-5F11-462A-A048-24BBB4F2D4E4}
2011-08-06 05:58:43 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{B37B39FC-0C1A-4ECE-A16C-D9DC7D9186BD}
2011-08-06 02:03:25 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{085814F4-EB71-4780-A3E5-96285D918F16}
2011-08-05 14:55:39 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{169D57AC-55F5-4267-8888-D48126699462}
2011-08-05 04:27:14 -------- d-----w- C:\Program Files\MetaGeek
2011-08-04 15:46:07 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\LogMeIn
2011-08-04 15:46:07 -------- d-----w- C:\ProgramData\LogMeIn
2011-08-04 15:37:33 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{97CFA0DC-EA0B-49A1-A5EE-26C3EC79FF13}
2011-08-04 15:19:42 -------- d-----w- C:\Program Files (x86)\Intel Corporation
2011-08-04 14:41:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-04 14:41:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-04 14:41:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-04 14:41:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-04 14:41:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-04 14:41:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-04 14:41:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-08-04 03:36:57 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{5AAF5823-B474-4C8F-8D9C-F322588092B0}
2011-08-03 04:31:25 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{0104AB94-0D6E-42BF-8CA6-C19AAF841322}
2011-08-02 14:08:50 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{7818F6AE-8829-406F-A4FC-C127D67D87E8}
2011-08-01 16:27:08 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{2092C491-2850-41B7-9670-3B58656B84AD}
2011-08-01 04:50:06 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Roaming\Dropbox
2011-07-31 22:48:49 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{4F698A42-4087-4AD0-BF37-7041659E598D}
2011-07-31 05:35:33 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{9A27DD94-2BCF-4A35-A8B4-375DC983F899}
2011-07-30 03:39:06 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{51693F98-76A9-426B-908B-A45BB22464AB}
2011-07-29 14:08:59 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{EA328851-F5F3-4479-8195-72B2C7735635}
2011-07-29 02:14:27 -------- d-----w- C:\ProgramData\Gibraltar
2011-07-28 17:29:54 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{35370353-A973-4466-8273-BE34B29B3793}
2011-07-28 05:29:19 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{B9246291-4546-4B9A-89DE-804D94C24234}
2011-07-27 15:51:16 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{C9423EF6-8679-40FA-9396-1B897E202A42}
2011-07-26 15:19:16 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{F1C004D2-1EC3-4181-AB87-7D20BE795C14}
2011-07-25 14:47:34 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{731C9C51-27AC-48F7-9C6F-525259A0FFCD}
2011-07-25 07:36:47 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{C351F179-7687-4CB0-AD7C-E3E746E14822}
2011-07-25 03:10:52 81008 ----a-w- C:\Windows\System32\drivers\vmci.sys
2011-07-25 03:10:48 68720 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2011-07-25 03:09:44 334448 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2011-07-25 03:09:40 404080 ----a-w- C:\Windows\SysWow64\vmnat.exe
2011-07-25 03:09:40 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2011-07-25 03:09:34 968816 ----a-w- C:\Windows\System32\vnetlib64.dll
2011-07-25 03:09:16 31856 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2011-07-25 03:09:06 38512 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2011-07-25 03:08:20 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2011-07-25 03:07:25 -------- d-----w- C:\Program Files (x86)\VMware
2011-07-24 15:53:28 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{CF7F35D0-1784-4111-984D-117239A3982F}
2011-07-23 13:23:14 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{EF517BAB-E4DA-4222-95B4-E6ADAF02ADC1}
2011-07-23 01:11:48 -------- d-----w- C:\Users\Dan Hoffmann\.shsh
2011-07-22 21:39:30 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\Macroplant
2011-07-22 21:39:25 -------- d-----w- C:\Program Files (x86)\iPhone Explorer
2011-07-22 16:39:26 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{A38309D3-0581-4C3D-863B-8BBADCF5FA2F}
2011-07-22 04:49:20 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{E819DDAB-9054-4D1C-8A9E-AC4D4B388312}
2011-07-21 15:03:35 -------- d-----w- C:\Program Files\iTunes
2011-07-21 15:03:35 -------- d-----w- C:\Program Files\iPod
2011-07-21 15:03:35 -------- d-----w- C:\Program Files (x86)\iTunes
2011-07-21 15:01:39 -------- d-----w- C:\Program Files\Bonjour
2011-07-21 15:01:39 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-07-21 14:40:14 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{381D87F5-AFB4-47F8-8823-CF8A8F7E023A}
.
==================== Find3M ====================
.
2011-08-18 15:42:35 6656 ----a-w- C:\Windows\System32\lpcio.dll
2011-08-11 16:37:02 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 15:34:00 96104 ------w- C:\Windows\System32\dns-sd.exe
2011-07-12 15:34:00 85864 ------w- C:\Windows\System32\dnssd.dll
2011-07-12 15:20:54 83816 ------w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 15:20:54 73064 ------w- C:\Windows\SysWow64\dnssd.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-06 23:52:42 41272 ------w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 25912 ------w- C:\Windows\System32\drivers\mbam.sys
2011-07-05 22:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 23:21:55 100748 ------w- C:\cc_20110623_192144.reg
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-22 23:12:11 29480 ------w- C:\Windows\SysWow64\msxml3a.dll
2011-06-21 06:20:53 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-06-21 05:28:33 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-20 18:42:03 175616 ------w- C:\Windows\System32\msclmd.dll
2011-06-20 18:42:03 152576 ------w- C:\Windows\SysWow64\msclmd.dll
2011-06-20 16:51:48 0 ------w- C:\Windows\qfe1E39.tmp
2011-06-20 16:35:49 525544 ------w- C:\Windows\System32\deployJava1.dll
2011-06-20 16:31:01 472808 ------w- C:\Windows\SysWow64\deployJava1.dll
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 03:07:25 3137536 ------w- C:\Windows\System32\win32k.sys
2011-06-10 18:34:52 74272 ------w- C:\Windows\System32\RtNicProp64.dll
2011-06-10 18:34:52 539240 ------w- C:\Windows\System32\drivers\Rt64win7.sys
2011-06-10 18:34:52 107552 ------w- C:\Windows\System32\RTNUninst64.dll
2011-06-02 17:53:02 94208 ------w- C:\Windows\SysWow64\dpl100.dll
2011-06-02 07:01:00 517480 ------w- C:\Windows\PWMBTHLV.EXE
2011-06-02 07:01:00 14960 ----a-w- C:\Windows\System32\drivers\TPPWR64V.SYS
2011-06-02 07:01:00 1018728 ----a-w- C:\Windows\System32\PWMCP64V.cpl
2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-24 11:42:55 404480 ------w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ------w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ------w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ------w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ------w- C:\Windows\SysWow64\drvinst.exe
.
============= FINISH: 12:57:31.51 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CBR954RR

CBR954RR
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 23 August 2011 - 01:27 AM

While I am waiting for assistance with my issue, I wanted to post a quick oddity that I noticed. When I type in www.google.com, the favicon that shows up is not the usual colored g but rather an icon that looks like a computer screen. I have attached an image to show what I mean.

Also, if I go to www.google.ca and do a search, I do not seem to get the redirects when clicking on the links like I would had I done the search from www.google.com.

As always, thanks to all that can provide info on ridding this issue.

- Dan

Attached Files



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 PM

Posted 24 August 2011 - 12:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/415168 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 CBR954RR

CBR954RR
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 24 August 2011 - 07:28 PM

I am having issues when I do a Google, Bing, or Yahoo search. When I click on any of the links from the search, I am randomly redirected to sites other than where the link I am clicking on should be taking me.

I am running a dual boot system which has Windows XP SP3 on one partition with Ubuntu installed in a working directory on this patition, and Windows 7 Professional SP1 (64 bit OS) on a second partition. Windows 7 is set as the normal boot OS.

The problems only seem to occur on the second partition with Windows 7 and not on the first partition as Windows XP and Ubuntu do not show signs of the redirection when searching.

Below is a copy of the DDS report. Attached is the Attach.txt file from the DDS run. There is no gMer report as I am running a 64 bit OS and it is stated that gMer will not work with 64 bit OS's.

I do have the original Windows 7 OS DVD that came with my laptop.

Thanks in advance for helping solve this problem.

- Dan


.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Dan Hoffmann at 20:15:21 on 2011-08-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4061.1953 [GMT -4:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\ShadowExplorer\sesvc.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\fxssvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:5300;https=127.0.0.1:5300
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {16711829-73cb-4bda-1072-15c66a771d4f} - C:\Windows\SysWOW64\NlsDatta000f.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SmAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe -c
uRun: [Power2GoExpress] NA
mRun: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe
mPolicies-explorer: DontSetAutoplayCheckbox = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{A0B503BF-3018-45C1-AC10-DAF3FDFDFF0D} : DhcpNameServer = 192.168.11.1
TCP: Interfaces\{A0B503BF-3018-45C1-AC10-DAF3FDFDFF0D}\1436365642424456E4965646 : DhcpNameServer = 192.168.9.1
TCP: Interfaces\{A0B503BF-3018-45C1-AC10-DAF3FDFDFF0D}\25572756445643D456 : DhcpNameServer = 216.144.187.101 204.186.0.201 207.44.0.1
TCP: Interfaces\{A0B503BF-3018-45C1-AC10-DAF3FDFDFF0D}\25D47514 : DhcpNameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{A0B503BF-3018-45C1-AC10-DAF3FDFDFF0D}\3416E65536D456C48327 : DhcpNameServer = 216.144.187.101 204.186.0.201 207.44.0.1
TCP: Interfaces\{A0B503BF-3018-45C1-AC10-DAF3FDFDFF0D}\44C696E6B42343 : DhcpNameServer = 192.168.11.1
TCP: Interfaces\{A0B503BF-3018-45C1-AC10-DAF3FDFDFF0D}\44C696E6B453 : DhcpNameServer = 192.168.12.1
TCP: Interfaces\{A0B503BF-3018-45C1-AC10-DAF3FDFDFF0D}\C4F65516E64635861627F6E4 : DhcpNameServer = 192.168.5.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
BHO-X64: Adobe PDF Link Helper: {16711829-73CB-4BDA-1072-15C66A771D4F} - C:\Windows\SysWOW64\NlsDatta000f.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun-x64: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 iaNvStor;Intel® Turbo Memory Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys --> C:\Windows\system32\DRIVERS\iaNvStor.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/05/05 13:41:34];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2011-5-16 146928]
R2 ASMMAP64;ASMMAP64;C:\Program Files\Lenovo\ATK Hotkey\ASMMAP64.sys [2009-11-9 14904]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-1-12 810144]
R2 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-9-9 93032]
R2 LFKAS;Service of LFKA;C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe [2009-11-9 208896]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-14 366640]
R2 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-6-20 148840]
R2 sesvc;ShadowExplorer Service;C:\Program Files (x86)\ShadowExplorer\sesvc.exe [2011-3-14 9216]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-8-10 518984]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-3-7 341832]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-3-5 284696]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-7-26 64952]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 DCamUSBGene;Integrated Camera;C:\Windows\system32\DRIVERS\usbstk.sys --> C:\Windows\system32\DRIVERS\usbstk.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MTsensor64;PU ACPI UTILITY;C:\Windows\system32\DRIVERS\PuAcpi64.sys --> C:\Windows\system32\DRIVERS\PuAcpi64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 SWIPsec;SonicWALL IPsec Driver;\??\C:\Windows\system32\Drivers\SWIPsec.sys --> C:\Windows\system32\Drivers\SWIPsec.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2009-11-9 83304]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011\RpcAgentSrv.exe [2010-12-29 93848]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SWVNIC;SonicWALL Virtual Miniport;C:\Windows\system32\DRIVERS\swvnic.sys --> C:\Windows\system32\DRIVERS\swvnic.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2011-08-24 03:23:03 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{A8C50A46-3054-4064-92FC-6BF625F1DA02}
2011-08-24 03:22:40 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{D47265B5-6AF8-42F5-B52F-7A034823D800}
2011-08-24 03:12:16 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\CutePDF Writer
2011-08-24 03:11:21 -------- d-----w- C:\Program Files (x86)\GPLGS
2011-08-24 03:11:02 85504 ----a-w- C:\Windows\System32\cpwmon64.dll
2011-08-24 03:11:01 -------- d-----w- C:\Program Files (x86)\Acro Software
2011-08-24 02:41:55 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F6881A0B-D0C9-4DBF-B234-179646DD5906}\mpengine.dll
2011-08-24 02:41:27 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-24 02:41:27 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-24 02:40:07 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\Adobe
2011-08-23 04:28:15 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{1738E8C1-9F70-4E91-AB8D-18FCA31358E6}
2011-08-23 04:28:04 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{2D8EAD87-1B80-41B6-AE85-3BA34D48AA88}
2011-08-20 19:57:59 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{AAF3F6B6-857C-46A5-81F6-59D6DAD12467}
2011-08-20 19:57:37 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{E6A81F11-270C-4598-AF8F-C9DC1D41F055}
2011-08-19 18:51:52 -------- d-----w- C:\ProgramData\Hitman Pro
2011-08-19 15:25:46 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{7B55B4D0-FBE6-42A7-BA9D-3277541B706F}
2011-08-19 15:25:24 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{2DD915E2-878B-4D65-A099-E8EDBD9A5F57}
2011-08-19 06:43:13 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-19 06:12:45 98816 ----a-w- C:\Windows\sed.exe
2011-08-19 06:12:45 518144 ----a-w- C:\Windows\SWREG.exe
2011-08-19 06:12:45 256000 ----a-w- C:\Windows\PEV.exe
2011-08-19 06:12:45 208896 ----a-w- C:\Windows\MBR.exe
2011-08-19 03:14:47 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{0CD2DB66-6F3C-4313-B5C4-1B8DB9A4FB03}
2011-08-19 03:14:23 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{B00DC08A-F1ED-4EAB-B122-7B3201E4DCD4}
2011-08-18 14:34:52 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{E3863F74-EBC1-4B10-81B6-F626B0D4220E}
2011-08-18 14:34:41 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{A40C3FAC-5D87-4088-89A5-A9DD11C7B749}
2011-08-17 14:45:36 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{4A203B1D-02AA-4B8D-9AF0-0407F52CFBEE}
2011-08-17 14:45:25 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{386528B6-1627-4281-AD5D-3A58706B5BE4}
2011-08-16 21:35:18 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{F02E8813-2B4D-483F-A924-68BB8D07DBB7}
2011-08-16 21:35:07 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{E7095997-47CC-4595-B569-87D3B596F0C7}
2011-08-16 06:55:23 951680 ----a-w- C:\Windows\System32\drivers\ndis.sys
2011-08-16 06:42:11 -------- d-----w- C:\Program Files (x86)\ThinkVantage
2011-08-16 05:30:56 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{A067CBE9-3B1B-4C72-BB39-AFCF86B52FAA}
2011-08-16 05:30:42 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{C4E8463E-F5BA-4522-B640-0C2508AD46BF}
2011-08-15 17:25:35 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{0DBD2F03-A040-4436-B781-3C0FFC200444}
2011-08-15 17:25:23 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{FA087E6E-33B2-4D53-A492-51524A834162}
2011-08-15 05:00:55 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2011-08-15 05:00:55 62744 ----a-w- C:\Windows\SysWow64\xinput1_2.dll
2011-08-15 05:00:55 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2011-08-15 05:00:55 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2011-08-15 04:47:25 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-08-15 04:47:24 -------- d-----w- C:\Program Files (x86)\Steam
2011-08-15 04:28:01 -------- d-----w- C:\Program Files (x86)\Playdead
2011-08-15 04:27:26 -------- d-----w- C:\Windows\SysWow64\2055
2011-08-15 01:22:08 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{49CE979A-8C6C-40C3-AA6C-10F30FE1B7CA}
2011-08-15 01:21:57 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{6FC99669-7F35-41C7-BAAE-966C02D45A51}
2011-08-14 05:23:20 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{03F405CF-6C6A-4B1E-B1E2-28A0D0DBF176}
2011-08-14 05:22:58 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{D16E7F46-4F71-4658-832C-95219EC189DF}
2011-08-13 03:11:51 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{11688EA5-2B54-4035-BD10-1331FB5232FF}
2011-08-13 03:11:29 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{598E7C9E-011D-4B97-9F26-02BB023A59D0}
2011-08-13 02:55:44 -------- d-----w- C:\ProgramData\Splashtop
2011-08-13 02:55:33 -------- d-----w- C:\Program Files (x86)\Splashtop
2011-08-13 02:54:26 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{0A36B131-6523-4C74-8318-740330A367C3}
2011-08-11 17:09:06 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{AA827ACF-F82F-4096-979F-E9D25704F0EE}
2011-08-11 17:08:44 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{4E2EB5E3-9CEA-4FC9-BA59-DBF4A27EA6C8}
2011-08-11 00:47:47 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{89567120-0B79-4B42-9C10-B9281A2A6248}
2011-08-10 22:09:44 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{E82A2E63-0854-40B0-8DD2-D12DAA867591}
2011-08-10 08:21:31 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{F1BD2634-74C1-42AA-8108-EE5A29E47A0A}
2011-08-10 08:21:08 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{46FC2CDA-D9BB-4505-A6E0-C53815340397}
2011-08-10 05:57:59 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-08-09 15:00:39 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{04931877-1609-4C55-BF93-AA480EDD027D}
2011-08-09 15:00:21 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{7BA0BE5F-70EF-47A6-92D0-3171F5A89A80}
2011-08-08 16:01:32 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{CE403ADC-5E4C-4F25-BEF3-B5C168EE9BB8}
2011-08-08 16:01:09 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{832C126D-B519-49B8-822E-ECE25A7BD9F4}
2011-08-07 22:15:40 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{EA663F02-9170-4D9B-8603-7CB7989CEFE6}
2011-08-07 22:15:18 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{D2F7EA53-D52F-4D0F-8373-49759B675AD9}
2011-08-07 19:52:46 -------- d-----w- C:\Program Files\PerformanceTest
2011-08-07 19:46:27 -------- d-----w- C:\Program Files (x86)\PerformanceTest
2011-08-07 16:33:26 -------- d-----w- C:\Windows\en
2011-08-07 16:32:01 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-07 16:29:14 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{8C820F1B-4810-4291-9086-EFF4F380CE17}
2011-08-07 16:29:03 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{D420D183-2952-429D-9C63-904587046857}
2011-08-07 16:21:06 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{230FE516-B3A3-424E-9430-745F1F8AAB36}
2011-08-06 20:17:16 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{76C357F7-0327-4D5C-9570-4E15D345E459}
2011-08-06 20:16:54 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{14FC96A9-C226-4BDB-BE14-66D57CEC42DA}
2011-08-06 17:17:47 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{D9766578-5F11-462A-A048-24BBB4F2D4E4}
2011-08-06 05:58:43 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{B37B39FC-0C1A-4ECE-A16C-D9DC7D9186BD}
2011-08-06 02:03:25 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{085814F4-EB71-4780-A3E5-96285D918F16}
2011-08-05 14:55:39 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{169D57AC-55F5-4267-8888-D48126699462}
2011-08-05 04:27:14 -------- d-----w- C:\Program Files\MetaGeek
2011-08-04 15:46:07 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\LogMeIn
2011-08-04 15:46:07 -------- d-----w- C:\ProgramData\LogMeIn
2011-08-04 15:37:33 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{97CFA0DC-EA0B-49A1-A5EE-26C3EC79FF13}
2011-08-04 15:19:42 -------- d-----w- C:\Program Files (x86)\Intel Corporation
2011-08-04 14:41:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-04 14:41:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-04 14:41:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-04 14:41:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-04 14:41:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-04 14:41:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-04 14:41:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-08-04 03:36:57 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{5AAF5823-B474-4C8F-8D9C-F322588092B0}
2011-08-03 04:31:25 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{0104AB94-0D6E-42BF-8CA6-C19AAF841322}
2011-08-02 14:08:50 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{7818F6AE-8829-406F-A4FC-C127D67D87E8}
2011-08-01 16:27:08 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{2092C491-2850-41B7-9670-3B58656B84AD}
2011-08-01 04:50:06 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Roaming\Dropbox
2011-07-31 22:48:49 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{4F698A42-4087-4AD0-BF37-7041659E598D}
2011-07-31 05:35:33 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{9A27DD94-2BCF-4A35-A8B4-375DC983F899}
2011-07-30 03:39:06 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{51693F98-76A9-426B-908B-A45BB22464AB}
2011-07-29 14:08:59 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{EA328851-F5F3-4479-8195-72B2C7735635}
2011-07-29 02:14:27 -------- d-----w- C:\ProgramData\Gibraltar
2011-07-28 17:29:54 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{35370353-A973-4466-8273-BE34B29B3793}
2011-07-28 05:29:19 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{B9246291-4546-4B9A-89DE-804D94C24234}
2011-07-27 15:51:16 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{C9423EF6-8679-40FA-9396-1B897E202A42}
2011-07-26 15:19:16 -------- d-----w- C:\Users\Dan Hoffmann\AppData\Local\{F1C004D2-1EC3-4181-AB87-7D20BE795C14}
.
==================== Find3M ====================
.
2011-08-18 15:42:35 6656 ----a-w- C:\Windows\System32\lpcio.dll
2011-08-11 16:37:02 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 15:34:00 96104 ------w- C:\Windows\System32\dns-sd.exe
2011-07-12 15:34:00 85864 ------w- C:\Windows\System32\dnssd.dll
2011-07-12 15:20:54 83816 ------w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 15:20:54 73064 ------w- C:\Windows\SysWow64\dnssd.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-06 23:52:42 41272 ------w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 25912 ------w- C:\Windows\System32\drivers\mbam.sys
2011-07-05 22:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 23:21:55 100748 ------w- C:\cc_20110623_192144.reg
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-22 23:12:11 29480 ------w- C:\Windows\SysWow64\msxml3a.dll
2011-06-21 06:20:53 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-06-21 05:28:33 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-20 18:42:03 175616 ------w- C:\Windows\System32\msclmd.dll
2011-06-20 18:42:03 152576 ------w- C:\Windows\SysWow64\msclmd.dll
2011-06-20 16:51:48 0 ------w- C:\Windows\qfe1E39.tmp
2011-06-20 16:35:49 525544 ------w- C:\Windows\System32\deployJava1.dll
2011-06-20 16:31:01 472808 ------w- C:\Windows\SysWow64\deployJava1.dll
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 03:07:25 3137536 ------w- C:\Windows\System32\win32k.sys
2011-06-10 18:34:52 74272 ------w- C:\Windows\System32\RtNicProp64.dll
2011-06-10 18:34:52 539240 ------w- C:\Windows\System32\drivers\Rt64win7.sys
2011-06-10 18:34:52 107552 ------w- C:\Windows\System32\RTNUninst64.dll
2011-06-02 17:53:02 94208 ------w- C:\Windows\SysWow64\dpl100.dll
2011-06-02 07:01:00 517480 ------w- C:\Windows\PWMBTHLV.EXE
2011-06-02 07:01:00 14960 ----a-w- C:\Windows\System32\drivers\TPPWR64V.SYS
2011-06-02 07:01:00 1018728 ----a-w- C:\Windows\System32\PWMCP64V.cpl
.
============= FINISH: 20:15:49.78 ===============

Attached Files



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:14 PM

Posted 24 August 2011 - 09:01 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 CBR954RR

CBR954RR
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 24 August 2011 - 09:33 PM

Gringo,

Thanks so much for taking on my issue. Much appreciated.

Below is the ComboFix log. It found and deleted three dll files. It did not state that the machine needed to be rebooted but I will reboot as soon as I finish posting this reply.

I just tested a google search and I am still being redirected with the search links. I did notice that the favicon for Google is not back to normal. After my reboot, I will try another search and post whether the results are still the same or not.

- Dan

ComboFix 11-08-24.06 - Dan Hoffmann 08/24/2011 22:18:11.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4061.2106 [GMT -4:00]
Running from: c:\users\Dan Hoffmann\Desktop\HELP\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5849\AddOnDownloaded\44f70218-ad19-47a4-ac5e-007d247abe0f.dll
c:\programdata\PCDr\5849\AddOnDownloaded\4ab76655-9a01-4a2f-b4dc-226350587a29.dll
c:\programdata\PCDr\5849\AddOnDownloaded\a6dab7e8-9159-49a5-9681-40f16e907a98.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2011-08-25 02:23 . 2011-08-25 02:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-25 02:23 . 2011-08-25 02:23 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-08-24 03:12 . 2011-08-24 03:12 -------- d-----w- c:\users\Dan Hoffmann\AppData\Local\CutePDF Writer
2011-08-24 03:11 . 2011-08-24 03:11 -------- d-----w- c:\program files (x86)\GPLGS
2011-08-24 03:11 . 2009-11-05 12:40 85504 ----a-w- c:\windows\system32\cpwmon64.dll
2011-08-24 03:11 . 2011-08-24 03:11 -------- d-----w- c:\program files (x86)\Acro Software
2011-08-24 02:41 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6881A0B-D0C9-4DBF-B234-179646DD5906}\mpengine.dll
2011-08-24 02:41 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 02:41 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-24 02:40 . 2011-08-24 02:40 -------- d-----w- c:\users\Dan Hoffmann\AppData\Local\Adobe
2011-08-19 18:51 . 2011-08-19 18:51 -------- d-----w- c:\programdata\Hitman Pro
2011-08-16 06:55 . 2010-12-29 10:57 951680 ----a-w- c:\windows\system32\drivers\ndis.sys
2011-08-15 05:00 . 2010-05-26 15:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2011-08-15 05:00 . 2010-05-26 15:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2011-08-15 05:00 . 2007-04-04 22:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2011-08-15 05:00 . 2006-07-28 13:30 62744 ----a-w- c:\windows\SysWow64\xinput1_2.dll
2011-08-15 04:47 . 2011-08-15 04:53 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-08-15 04:47 . 2011-08-15 05:38 -------- d-----w- c:\program files (x86)\Steam
2011-08-15 04:28 . 2011-08-15 04:28 -------- d-----w- c:\program files (x86)\Playdead
2011-08-15 04:27 . 2011-08-15 04:27 -------- d-----w- c:\windows\SysWow64\2055
2011-08-13 02:55 . 2011-08-13 02:55 -------- d-----w- c:\programdata\Splashtop
2011-08-13 02:55 . 2011-08-13 02:55 -------- d-----w- c:\program files (x86)\Splashtop
2011-08-13 02:54 . 2011-08-13 02:54 -------- d-----w- c:\users\Dan Hoffmann\AppData\Local\{0A36B131-6523-4C74-8318-740330A367C3}
2011-08-10 05:57 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-07 19:52 . 2011-08-07 19:53 -------- d-----w- c:\program files\PerformanceTest
2011-08-07 19:46 . 2011-08-07 19:49 -------- d-----w- c:\program files (x86)\PerformanceTest
2011-08-07 16:33 . 2011-08-07 16:33 -------- d-----w- c:\windows\en
2011-08-07 16:32 . 2011-08-07 16:32 -------- d-----w- c:\program files\Windows Live
2011-08-07 16:32 . 2011-08-07 16:32 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-05 04:27 . 2011-08-05 04:27 -------- d-----w- c:\program files\MetaGeek
2011-08-04 15:46 . 2011-08-04 15:46 -------- d-----w- c:\users\Dan Hoffmann\AppData\Local\LogMeIn
2011-08-04 15:46 . 2011-08-04 15:46 -------- d-----w- c:\programdata\LogMeIn
2011-08-04 15:19 . 2011-08-04 15:19 -------- d-----w- c:\program files (x86)\Intel Corporation
2011-08-04 14:41 . 2011-08-04 14:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-04 14:41 . 2011-08-04 14:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-04 14:41 . 2011-08-04 14:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-04 14:41 . 2011-08-04 14:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-04 14:41 . 2011-08-04 14:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-04 14:41 . 2011-08-04 14:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-04 14:41 . 2011-08-04 14:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-08-04 14:41 . 2011-08-04 14:41 -------- d-----w- c:\program files (x86)\QuickTime
2011-08-01 04:50 . 2011-08-24 03:18 -------- d-----w- c:\users\Dan Hoffmann\AppData\Roaming\Dropbox
2011-07-29 02:14 . 2011-07-29 02:14 -------- d-----w- c:\programdata\Gibraltar
2011-07-27 00:40 . 2011-07-27 00:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-18 15:42 . 2009-07-13 23:28 6656 ----a-w- c:\windows\system32\lpcio.dll
2011-08-11 16:37 . 2011-06-20 18:00 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-16 04:26 . 2011-08-10 05:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-12 15:34 . 2011-07-12 15:34 96104 ------w- c:\windows\system32\dns-sd.exe
2011-07-12 15:34 . 2011-07-12 15:34 85864 ------w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 83816 ------w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ------w- c:\windows\SysWow64\dnssd.dll
2011-07-06 23:52 . 2009-11-10 02:28 41272 ------w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2009-11-10 02:28 25912 ------w- c:\windows\system32\drivers\mbam.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-06-23 23:21 . 2011-06-23 23:21 100748 ------w- C:\cc_20110623_192144.reg
2011-06-22 23:12 . 2009-11-10 02:54 29480 ------w- c:\windows\SysWow64\msxml3a.dll
2011-06-20 18:42 . 2009-07-14 02:36 175616 ------w- c:\windows\system32\msclmd.dll
2011-06-20 18:42 . 2009-07-14 02:36 152576 ------w- c:\windows\SysWow64\msclmd.dll
2011-06-20 16:51 . 2011-06-20 16:51 0 ------w- c:\windows\qfe1E39.tmp
2011-06-20 16:35 . 2010-04-22 02:49 525544 ------w- c:\windows\system32\deployJava1.dll
2011-06-20 16:31 . 2010-04-22 02:46 472808 ------w- c:\windows\SysWow64\deployJava1.dll
2011-06-11 03:07 . 2011-07-12 22:53 3137536 ------w- c:\windows\system32\win32k.sys
2011-06-10 18:34 . 2011-06-10 18:34 539240 ------w- c:\windows\system32\drivers\Rt64win7.sys
2011-06-10 18:34 . 2011-03-21 17:22 74272 ------w- c:\windows\system32\RtNicProp64.dll
2011-06-10 18:34 . 2009-11-12 12:24 107552 ------w- c:\windows\system32\RTNUninst64.dll
2011-06-02 17:53 . 2011-06-02 17:53 94208 ------w- c:\windows\SysWow64\dpl100.dll
2011-06-02 07:01 . 2009-11-09 23:42 517480 ------w- c:\windows\PWMBTHLV.EXE
2011-06-02 07:01 . 2009-11-09 23:42 14960 ----a-w- c:\windows\system32\drivers\TPPWR64V.SYS
2011-06-02 07:01 . 2009-11-09 23:42 1018728 ----a-w- c:\windows\system32\PWMCP64V.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-19_06.19.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-08-21 20:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-08-19 05:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-08-21 20:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-19 05:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-10 02:28 . 2011-08-23 04:16 65938 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-23 04:16 48162 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-09 23:08 . 2011-08-23 04:16 16602 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-104986063-2620454175-4151223757-1001_UserData.bin
+ 2009-11-10 01:44 . 2011-08-25 02:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-10 01:44 . 2011-08-19 06:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-10 01:44 . 2011-08-25 02:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-10 01:44 . 2011-08-19 06:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-19 06:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-25 02:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-20 18:23 . 2010-11-20 13:25 49664 c:\windows\servicing\GC64\tzupd.exe
+ 2011-08-24 02:41 . 2011-07-09 05:29 49664 c:\windows\servicing\GC64\tzupd.exe
- 2009-11-09 22:59 . 2011-08-19 05:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-09 22:59 . 2011-08-21 21:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-09 22:59 . 2011-08-19 05:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-09 22:59 . 2011-08-21 21:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-09 22:59 . 2011-08-19 05:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-09 22:59 . 2011-08-21 21:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-09 22:59 . 2011-08-25 02:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-09 22:59 . 2011-08-19 06:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-09 22:59 . 2011-08-19 06:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-09 22:59 . 2011-08-25 02:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-10 02:15 . 2011-08-21 20:50 3217 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2009-11-10 02:15 . 2011-08-19 06:07 3217 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-08-19 06:08 . 2011-08-19 06:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-21 20:58 . 2011-08-21 20:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-21 20:58 . 2011-08-21 20:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-19 06:08 . 2011-08-19 06:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2011-08-19 05:23 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-21 20:58 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-10 19:41 . 2011-08-24 23:16 427562 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-08-24 03:11 . 2006-11-02 10:18 628736 c:\windows\system32\spool\drivers\x64\PSCRIPT5.DLL
+ 2011-08-24 03:11 . 2006-11-02 10:18 850432 c:\windows\system32\spool\drivers\x64\PS5UI.DLL
+ 2011-08-24 03:11 . 2006-11-02 10:18 628736 c:\windows\system32\spool\drivers\x64\3\PSCRIPT5.DLL
+ 2011-08-24 03:11 . 2006-11-02 10:18 850432 c:\windows\system32\spool\drivers\x64\3\PS5UI.DLL
+ 2009-07-14 02:36 . 2011-08-23 04:23 664864 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-08-19 05:34 664864 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-23 04:23 123276 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-08-19 05:34 123276 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:46 . 2011-08-20 19:57 111776 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2011-08-21 20:50 394184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-19 06:07 394184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-05-29 14:38 . 2011-08-19 05:20 2123264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-104986063-2620454175-4151223757-1001-8192.dat
+ 2010-05-29 14:38 . 2011-08-21 20:50 2123264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-104986063-2620454175-4151223757-1001-8192.dat
+ 2009-07-14 02:34 . 2011-08-24 02:53 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-08-16 06:56 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-11-09 23:48 . 2011-08-21 20:50 13124600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-11-09 23:48 . 2011-08-19 06:07 13124600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{16711829-73CB-4BDA-1072-15C66A771D4F}]
2009-07-14 01:16 61440 ----a-w- c:\windows\SysWOW64\NlsDatta000f.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dan Hoffmann\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dan Hoffmann\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dan Hoffmann\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SmAudio"="c:\program files\Conexant\SmartAudio\SmAudio.exe" [2008-10-03 2708808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Message Center Plus"="c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-06-02 1553256]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-05-16 75048]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2010-08-20 136488]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2010-09-13 162912]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-20 107816]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-03-26 129648]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 1090848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DontSetAutoplayCheckbox"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;QuickCam for Notebooks Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-06-02 83304]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2011\RpcAgentSrv.exe [2009-08-18 93848]
R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/05/05 13:41];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2011-05-16 19:58 146928]
S2 ASMMAP64;ASMMAP64;c:\program files\Lenovo\ATK Hotkey\ASMMAP64.sys [2007-07-24 14904]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [2009-04-15 208896]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-06-02 148840]
S2 sesvc;ShadowExplorer Service;c:\program files (x86)\ShadowExplorer\sesvc.exe [2011-01-03 9216]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-08-10 518984]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-03-08 341832]
S2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-03-06 284696]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 DCamUSBGene;Integrated Camera;c:\windows\system32\DRIVERS\usbstk.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MTsensor64;PU ACPI UTILITY;c:\windows\system32\DRIVERS\PuAcpi64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-15 c:\windows\Tasks\At1.job
- c:\windows\SysWOW64\rdrleakdiiag.exe [2009-07-13 01:14]
.
2011-08-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2011-08-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dan Hoffmann\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dan Hoffmann\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dan Hoffmann\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dan Hoffmann\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2010-11-29 64952]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"IaNvSrv"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-07-13 33304]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-04-14 31592]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2918656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2010-12-08 85328]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:5300;https=127.0.0.1:5300
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.11.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,dc,73,e6,90,11,31,4c,95,18,bf,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,dc,73,e6,90,11,31,4c,95,18,bf,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEC09E59-C559-E665-B14B-9F917CD921E1}\InProcServer32*]
"bbfoljinplieogbgihjmnoggmhoiaehjhmlo"=hex:61,61,00,01
"nafokjbmlleloeigifjjdpcednmk"=hex:61,61,00,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-24 22:25:58
ComboFix-quarantined-files.txt 2011-08-25 02:25
ComboFix2.txt 2011-08-19 06:21
ComboFix3.txt 2011-08-19 05:29
.
Pre-Run: 102,087,102,464 bytes free
Post-Run: 101,786,181,632 bytes free
.
- - End Of File - - 44FD8547CE4BEE2158A3E115189812ED

#7 CBR954RR

CBR954RR
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 24 August 2011 - 10:04 PM

Gringo,

After a reboot, it is still doing it but I don't think it is as often. The first few attempts after a search were about 50% redirects then it seemed to subside. I tried Google, Bing, and Yahoo and it seemed to almost back to normal after the initial redirects. So, I closed my browser, flushed the DNS (ipconfig /flushdns) and reopened IE and tried again. Same results. The first search seemed to produce redirects and then it subsided and continued to be pretty normal there after.

So, I do believe there is still something hiding in the system somewhere.

Thanks for your continued support.

- Dan

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:14 PM

Posted 24 August 2011 - 11:26 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 CBR954RR

CBR954RR
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 25 August 2011 - 12:11 AM

TDSSKiller did not find anything. Log is below.

- Dan

2011/08/25 01:09:11.0976 2972 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/25 01:09:12.0409 2972 ================================================================================
2011/08/25 01:09:12.0409 2972 SystemInfo:
2011/08/25 01:09:12.0409 2972
2011/08/25 01:09:12.0409 2972 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/25 01:09:12.0409 2972 Product type: Workstation
2011/08/25 01:09:12.0409 2972 ComputerName: LENOVOSL500
2011/08/25 01:09:12.0409 2972 UserName: Dan Hoffmann
2011/08/25 01:09:12.0409 2972 Windows directory: C:\Windows
2011/08/25 01:09:12.0409 2972 System windows directory: C:\Windows
2011/08/25 01:09:12.0409 2972 Running under WOW64
2011/08/25 01:09:12.0409 2972 Processor architecture: Intel x64
2011/08/25 01:09:12.0409 2972 Number of processors: 2
2011/08/25 01:09:12.0409 2972 Page size: 0x1000
2011/08/25 01:09:12.0409 2972 Boot type: Normal boot
2011/08/25 01:09:12.0409 2972 ================================================================================
2011/08/25 01:09:13.0069 2972 Initialize success
2011/08/25 01:09:16.0461 6956 ================================================================================
2011/08/25 01:09:16.0461 6956 Scan started
2011/08/25 01:09:16.0461 6956 Mode: Manual;
2011/08/25 01:09:16.0461 6956 ================================================================================
2011/08/25 01:09:16.0962 6956 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/08/25 01:09:17.0028 6956 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/08/25 01:09:17.0117 6956 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/08/25 01:09:17.0189 6956 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/25 01:09:17.0269 6956 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/25 01:09:17.0348 6956 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/25 01:09:17.0404 6956 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/08/25 01:09:17.0459 6956 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/08/25 01:09:17.0501 6956 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/08/25 01:09:17.0539 6956 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/08/25 01:09:17.0579 6956 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/25 01:09:17.0630 6956 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/25 01:09:17.0695 6956 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/08/25 01:09:17.0733 6956 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/25 01:09:17.0780 6956 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/08/25 01:09:17.0876 6956 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/08/25 01:09:17.0959 6956 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/25 01:09:17.0998 6956 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/25 01:09:18.0089 6956 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP64.sys
2011/08/25 01:09:18.0145 6956 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/25 01:09:18.0188 6956 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/08/25 01:09:18.0280 6956 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/25 01:09:18.0338 6956 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/25 01:09:18.0403 6956 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/25 01:09:18.0445 6956 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/25 01:09:18.0485 6956 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/25 01:09:18.0546 6956 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/25 01:09:18.0580 6956 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/25 01:09:18.0629 6956 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/25 01:09:18.0678 6956 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/25 01:09:18.0712 6956 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/25 01:09:18.0742 6956 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/25 01:09:18.0776 6956 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
2011/08/25 01:09:18.0814 6956 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/25 01:09:18.0851 6956 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/25 01:09:18.0901 6956 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
2011/08/25 01:09:18.0949 6956 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
2011/08/25 01:09:19.0055 6956 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
2011/08/25 01:09:19.0103 6956 btwaudio (a72a9101f9730db7332714e566614e4d) C:\Windows\system32\drivers\btwaudio.sys
2011/08/25 01:09:19.0139 6956 btwavdt (5ceec634b617525f2b6ad29f871033f7) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/08/25 01:09:19.0174 6956 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/08/25 01:09:19.0209 6956 btwrchid (2af5604d28bef77b7cf4b9d232fe7cd3) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/08/25 01:09:19.0275 6956 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/25 01:09:19.0311 6956 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/25 01:09:19.0370 6956 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/25 01:09:19.0409 6956 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/25 01:09:19.0465 6956 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
2011/08/25 01:09:19.0518 6956 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/25 01:09:19.0583 6956 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/08/25 01:09:19.0626 6956 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/08/25 01:09:19.0694 6956 CnxtHdAudService (73b6990cb91d0b249cb104b7dac1e4a3) C:\Windows\system32\drivers\CHDRT64.sys
2011/08/25 01:09:19.0731 6956 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/25 01:09:19.0764 6956 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/25 01:09:19.0800 6956 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/25 01:09:19.0854 6956 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/08/25 01:09:19.0906 6956 DCamUSBGene (8b3019459ad164f3ac0dd431b31ff234) C:\Windows\system32\DRIVERS\usbstk.sys
2011/08/25 01:09:19.0955 6956 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/08/25 01:09:19.0990 6956 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/25 01:09:20.0025 6956 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/25 01:09:20.0074 6956 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
2011/08/25 01:09:20.0137 6956 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/25 01:09:20.0189 6956 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/08/25 01:09:20.0252 6956 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/25 01:09:20.0318 6956 eamonm (aca3fe4f18a945b7bf2618a79f6f670b) C:\Windows\system32\DRIVERS\eamonm.sys
2011/08/25 01:09:20.0432 6956 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/25 01:09:20.0542 6956 ehdrv (6672438bdcbfd87250d22112d458294d) C:\Windows\system32\DRIVERS\ehdrv.sys
2011/08/25 01:09:20.0604 6956 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/25 01:09:20.0658 6956 epfw (443805b5b11c859ac8ca35297648ff0c) C:\Windows\system32\DRIVERS\epfw.sys
2011/08/25 01:09:20.0691 6956 Epfwndis (66e61bc6c9f519a99275eb0f0e530bf4) C:\Windows\system32\DRIVERS\Epfwndis.sys
2011/08/25 01:09:20.0747 6956 epfwwfp (f72c97f3d34ea5ec919c73e3901266bb) C:\Windows\system32\DRIVERS\epfwwfp.sys
2011/08/25 01:09:20.0810 6956 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/08/25 01:09:20.0864 6956 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/25 01:09:20.0903 6956 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/25 01:09:20.0969 6956 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/25 01:09:21.0008 6956 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/25 01:09:21.0057 6956 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/25 01:09:21.0099 6956 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/25 01:09:21.0138 6956 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/08/25 01:09:21.0208 6956 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/25 01:09:21.0251 6956 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/25 01:09:21.0310 6956 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/25 01:09:21.0352 6956 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/25 01:09:21.0383 6956 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/25 01:09:21.0421 6956 hcmon (d5fa01185a7d5a65724fd87b34e53f5b) C:\Windows\system32\drivers\hcmon.sys
2011/08/25 01:09:21.0463 6956 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/25 01:09:21.0516 6956 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/08/25 01:09:21.0558 6956 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/25 01:09:21.0597 6956 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/25 01:09:21.0630 6956 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/25 01:09:21.0667 6956 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/25 01:09:21.0712 6956 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/08/25 01:09:21.0782 6956 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/25 01:09:21.0835 6956 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/08/25 01:09:21.0885 6956 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/25 01:09:21.0923 6956 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/08/25 01:09:21.0970 6956 iaNvStor (81f6586accdb49bcb20004c3e9866048) C:\Windows\system32\DRIVERS\iaNvStor.sys
2011/08/25 01:09:22.0014 6956 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/25 01:09:22.0080 6956 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/08/25 01:09:22.0120 6956 IBMPMDRV (b7f1bc81ccc19ebc4324808952cd033b) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
2011/08/25 01:09:22.0489 6956 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/08/25 01:09:22.0882 6956 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/25 01:09:22.0925 6956 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
2011/08/25 01:09:22.0994 6956 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/08/25 01:09:23.0025 6956 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/25 01:09:23.0072 6956 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/25 01:09:23.0115 6956 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/25 01:09:23.0149 6956 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/25 01:09:23.0187 6956 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/25 01:09:23.0248 6956 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/08/25 01:09:23.0290 6956 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/08/25 01:09:23.0305 6956 ISODrive (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
2011/08/25 01:09:23.0350 6956 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/08/25 01:09:23.0396 6956 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/08/25 01:09:23.0435 6956 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/25 01:09:23.0472 6956 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/25 01:09:23.0507 6956 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/25 01:09:23.0553 6956 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
2011/08/25 01:09:23.0594 6956 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/25 01:09:23.0695 6956 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/25 01:09:23.0732 6956 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/25 01:09:23.0778 6956 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/25 01:09:23.0815 6956 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/25 01:09:23.0849 6956 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/25 01:09:24.0011 6956 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/08/25 01:09:24.0088 6956 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/25 01:09:24.0132 6956 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/25 01:09:24.0191 6956 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/25 01:09:24.0226 6956 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/25 01:09:24.0269 6956 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/08/25 01:09:24.0306 6956 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/25 01:09:24.0341 6956 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/08/25 01:09:24.0384 6956 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/08/25 01:09:24.0417 6956 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/25 01:09:24.0496 6956 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/08/25 01:09:24.0531 6956 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/25 01:09:24.0574 6956 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/25 01:09:24.0636 6956 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/25 01:09:24.0671 6956 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/08/25 01:09:24.0710 6956 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/08/25 01:09:24.0752 6956 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/25 01:09:24.0795 6956 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/25 01:09:24.0825 6956 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/08/25 01:09:24.0892 6956 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/25 01:09:24.0929 6956 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/25 01:09:24.0970 6956 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/25 01:09:25.0011 6956 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/08/25 01:09:25.0056 6956 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/08/25 01:09:25.0089 6956 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/25 01:09:25.0125 6956 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/25 01:09:25.0158 6956 MTsensor64 (0df53a9649073cebbc0988d6353fed6e) C:\Windows\system32\DRIVERS\PuAcpi64.sys
2011/08/25 01:09:25.0202 6956 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/25 01:09:25.0249 6956 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/25 01:09:25.0317 6956 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
2011/08/25 01:09:25.0382 6956 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/25 01:09:25.0414 6956 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/25 01:09:25.0448 6956 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/25 01:09:25.0484 6956 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/25 01:09:25.0521 6956 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/08/25 01:09:25.0575 6956 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/25 01:09:25.0615 6956 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/25 01:09:25.0843 6956 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
2011/08/25 01:09:26.0133 6956 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/08/25 01:09:26.0519 6956 NETwNs64 (9aa75919d0a5f33bea0df7b9db09b755) C:\Windows\system32\DRIVERS\NETwNs64.sys
2011/08/25 01:09:26.0865 6956 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/25 01:09:26.0923 6956 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/25 01:09:26.0958 6956 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/25 01:09:27.0043 6956 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/08/25 01:09:27.0121 6956 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/25 01:09:27.0164 6956 nusb3hub (f5bc2345e8c89d4e90fafd23a2239935) C:\Windows\system32\DRIVERS\nusb3hub.sys
2011/08/25 01:09:27.0206 6956 nusb3xhc (5d42578241bc2a9b4a64837077436d5f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2011/08/25 01:09:27.0273 6956 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/08/25 01:09:27.0316 6956 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/08/25 01:09:27.0424 6956 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/08/25 01:09:27.0487 6956 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/08/25 01:09:27.0555 6956 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/25 01:09:27.0589 6956 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/08/25 01:09:27.0643 6956 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/08/25 01:09:27.0731 6956 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/08/25 01:09:27.0777 6956 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/25 01:09:27.0811 6956 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/25 01:09:27.0862 6956 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/25 01:09:27.0960 6956 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/25 01:09:28.0053 6956 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/25 01:09:28.0103 6956 psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys
2011/08/25 01:09:28.0140 6956 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/25 01:09:28.0189 6956 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/08/25 01:09:28.0255 6956 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/25 01:09:28.0340 6956 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/25 01:09:28.0383 6956 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/25 01:09:28.0417 6956 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/25 01:09:28.0451 6956 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/25 01:09:28.0489 6956 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/25 01:09:28.0549 6956 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/25 01:09:28.0583 6956 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/25 01:09:28.0635 6956 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/25 01:09:28.0673 6956 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/25 01:09:28.0705 6956 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/25 01:09:28.0764 6956 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/08/25 01:09:28.0820 6956 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/25 01:09:28.0857 6956 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/25 01:09:28.0904 6956 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/08/25 01:09:28.0955 6956 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/08/25 01:09:29.0004 6956 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/25 01:09:29.0038 6956 rimmptsk (f45d6e12eb99a668f52201637c67c8f5) C:\Windows\system32\DRIVERS\rimmpx64.sys
2011/08/25 01:09:29.0072 6956 rimsptsk (eac02ed935a9c1f2ddd8d985c465b854) C:\Windows\system32\DRIVERS\rimspx64.sys
2011/08/25 01:09:29.0106 6956 rismxdp (931a8f843b4120df527c3684daf77fd9) C:\Windows\system32\DRIVERS\rixdpx64.sys
2011/08/25 01:09:29.0151 6956 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/25 01:09:29.0211 6956 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/08/25 01:09:29.0332 6956 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/08/25 01:09:29.0375 6956 SANDRA (5efbbfcc6adac121c8e2fe76641ed329) C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011\WNt500x64\Sandra.sys
2011/08/25 01:09:29.0429 6956 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/25 01:09:29.0482 6956 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/25 01:09:29.0534 6956 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
2011/08/25 01:09:29.0570 6956 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/25 01:09:29.0620 6956 Ser2pl (ef7b5ec21e7c0f6e4237424a41fa720e) C:\Windows\system32\DRIVERS\ser2pl64.sys
2011/08/25 01:09:29.0660 6956 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/25 01:09:29.0699 6956 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/25 01:09:29.0730 6956 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/25 01:09:29.0810 6956 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/08/25 01:09:29.0843 6956 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/25 01:09:29.0884 6956 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/25 01:09:29.0920 6956 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/25 01:09:29.0962 6956 Shockprf (c3f190562fe82efda7ccef305ebad3e3) C:\Windows\system32\DRIVERS\Apsx64.sys
2011/08/25 01:09:30.0000 6956 SI3132 (0f498dee92fd73dd999bae4d506367f5) C:\Windows\system32\DRIVERS\SI3132.sys
2011/08/25 01:09:30.0034 6956 SiFilter (127ce10e01f53f2edaca7fe42e5631ea) C:\Windows\system32\DRIVERS\SiWinAcc.sys
2011/08/25 01:09:30.0068 6956 SiRemFil (b742c37002b8ebef6e230df9b4b28546) C:\Windows\system32\DRIVERS\SiRemFil.sys
2011/08/25 01:09:30.0112 6956 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/25 01:09:30.0173 6956 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/25 01:09:30.0215 6956 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/25 01:09:30.0224 6956 smihlp (c5b1a19b14f19b08ae72fcb20a3075b6) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
2011/08/25 01:09:30.0271 6956 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/25 01:09:30.0328 6956 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/08/25 01:09:30.0385 6956 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/25 01:09:30.0446 6956 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/08/25 01:09:30.0526 6956 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/08/25 01:09:30.0630 6956 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/08/25 01:09:30.0684 6956 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/25 01:09:30.0790 6956 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/25 01:09:30.0825 6956 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/08/25 01:09:30.0865 6956 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/08/25 01:09:30.0911 6956 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/08/25 01:09:30.0950 6956 SWIPsec (1e036f98e6c780dd7669f516e8be0cea) C:\Windows\system32\Drivers\SWIPsec.sys
2011/08/25 01:09:30.0989 6956 SWVNIC (dcf11e08a8524b19ec47515c22be492e) C:\Windows\system32\DRIVERS\swvnic.sys
2011/08/25 01:09:31.0030 6956 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/25 01:09:31.0137 6956 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
2011/08/25 01:09:31.0277 6956 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/25 01:09:31.0320 6956 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/25 01:09:31.0380 6956 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/25 01:09:31.0419 6956 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/25 01:09:31.0454 6956 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/25 01:09:31.0486 6956 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/08/25 01:09:31.0531 6956 TPDIGIMN (1bb77eccbfa3675b1ee8d6d6d37a1e1e) C:\Windows\system32\DRIVERS\ApsHM64.sys
2011/08/25 01:09:31.0571 6956 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys
2011/08/25 01:09:31.0620 6956 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/25 01:09:31.0661 6956 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/25 01:09:31.0696 6956 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/25 01:09:31.0738 6956 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/25 01:09:31.0779 6956 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/25 01:09:31.0863 6956 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/25 01:09:31.0897 6956 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/25 01:09:31.0944 6956 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/25 01:09:32.0079 6956 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
2011/08/25 01:09:32.0137 6956 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/08/25 01:09:32.0183 6956 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/25 01:09:32.0258 6956 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/08/25 01:09:32.0290 6956 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/25 01:09:32.0333 6956 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\drivers\usbhub.sys
2011/08/25 01:09:32.0374 6956 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
2011/08/25 01:09:32.0408 6956 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/25 01:09:32.0472 6956 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/25 01:09:32.0503 6956 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/25 01:09:32.0546 6956 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/25 01:09:32.0587 6956 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/25 01:09:32.0651 6956 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/25 01:09:32.0683 6956 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/25 01:09:32.0731 6956 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/25 01:09:32.0812 6956 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/08/25 01:09:32.0852 6956 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/08/25 01:09:32.0916 6956 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/08/25 01:09:32.0949 6956 vmci (312aec23a85424543af898a59209b479) C:\Windows\system32\drivers\vmci.sys
2011/08/25 01:09:32.0983 6956 vmkbd (ffc30caeeb2fc5fee8568cff74edeaed) C:\Windows\system32\drivers\VMkbd.sys
2011/08/25 01:09:33.0019 6956 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
2011/08/25 01:09:33.0055 6956 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
2011/08/25 01:09:33.0093 6956 VMnetuserif (56d547bfc3f1619fa82ec9ef5d24e802) C:\Windows\system32\drivers\vmnetuserif.sys
2011/08/25 01:09:33.0180 6956 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
2011/08/25 01:09:33.0226 6956 vmx86 (62cd5a87fde14701506d4e0dd8f13d2e) C:\Windows\system32\drivers\vmx86.sys
2011/08/25 01:09:33.0259 6956 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/08/25 01:09:33.0327 6956 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/08/25 01:09:33.0374 6956 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/08/25 01:09:33.0434 6956 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/08/25 01:09:33.0471 6956 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/08/25 01:09:33.0505 6956 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/08/25 01:09:33.0564 6956 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
2011/08/25 01:09:33.0669 6956 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/25 01:09:33.0701 6956 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
2011/08/25 01:09:33.0734 6956 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/25 01:09:33.0779 6956 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/25 01:09:33.0813 6956 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/08/25 01:09:33.0855 6956 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/25 01:09:33.0891 6956 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/25 01:09:33.0912 6956 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/25 01:09:33.0959 6956 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/25 01:09:34.0009 6956 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/25 01:09:34.0077 6956 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/25 01:09:34.0118 6956 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/25 01:09:34.0191 6956 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/08/25 01:09:34.0241 6956 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/25 01:09:34.0289 6956 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/25 01:09:34.0349 6956 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/08/25 01:09:34.0404 6956 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/08/25 01:09:34.0452 6956 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/25 01:09:34.0543 6956 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
2011/08/25 01:09:34.0585 6956 MBR (0x1B8) (1bf0302bd6cd231cab7a5180e522014d) \Device\Harddisk0\DR0
2011/08/25 01:09:34.0596 6956 Boot (0x1200) (ffc10a3f5de7a4b85d82ecd18214f183) \Device\Harddisk0\DR0\Partition0
2011/08/25 01:09:34.0606 6956 Boot (0x1200) (69d3fa590807036213af5a296dcbc473) \Device\Harddisk0\DR0\Partition1
2011/08/25 01:09:34.0612 6956 ================================================================================
2011/08/25 01:09:34.0612 6956 Scan finished
2011/08/25 01:09:34.0612 6956 ================================================================================
2011/08/25 01:09:34.0620 5288 Detected object count: 0
2011/08/25 01:09:34.0620 5288 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:14 PM

Posted 25 August 2011 - 01:03 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 CBR954RR

CBR954RR
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 25 August 2011 - 11:14 AM

Here is the contents of the OTL file.

OTL logfile created on: 8/25/2011 12:09:20 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Dan Hoffmann\Desktop\HELP
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 54.12% Memory free
7.93 Gb Paging File | 5.90 Gb Available in Paging File | 74.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 191.74 Gb Total Space | 94.73 Gb Free Space | 49.40% Space Free | Partition Type: NTFS
Drive D: | 100.00 Gb Total Space | 42.71 Gb Free Space | 42.71% Space Free | Partition Type: NTFS

Computer Name: LENOVOSL500 | User Name: Dan Hoffmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dan Hoffmann\Desktop\HELP\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe ()
PRC - C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe (Lenovo)
PRC - C:\Program Files\Lenovo\ATK Hotkey\LControl.exe (ATK0101)
PRC - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe ()
PRC - C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\ThinkPad\Utilities\US\PWMROV.DLL ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\Lenovo\CDRecord.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV:64bit: - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (Lenovo.VIRTSCRLSVC) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV:64bit: - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011\RpcAgentSrv.exe (SiSoftware)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (LFKAS) -- C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe ()
SRV:64bit: - (SWGVCSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe (SonicWALL, Inc.)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe ()
SRV:64bit: - (ASLDRService) -- C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe ()
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SplashtopRemoteService) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (SSUService) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
SRV - (sesvc) -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)
DRV:64bit: - (Epfwndis) -- C:\Windows\SysNative\drivers\epfwndis.sys (ESET)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV:64bit: - (NETwNs64) ___ Intel® -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (NETw5s64) Intel® -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011\WNt500x64\sandra.sys (SiSoftware)
DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (iaNvStor) Intel® -- C:\Windows\SysNative\drivers\iaNvStor.sys (Intel Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor64) -- C:\Windows\SysNative\drivers\PuAcpi64.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (smihlp) SMI Helper Driver (smihlp) -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV:64bit: - (SWIPsec) -- C:\Windows\SysNative\drivers\SWIPsec.sys (SonicWALL, Inc.)
DRV:64bit: - (SWVNIC) -- C:\Windows\SysNative\drivers\SWVNIC.sys (SonicWALL, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (DCamUSBGene) -- C:\Windows\SysNative\drivers\USBSTK.sys ()
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc)
DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc)
DRV:64bit: - (SI3132) -- C:\Windows\SysNative\drivers\SI3132.sys (Silicon Image, Inc)
DRV:64bit: - (ASMMAP64) -- C:\Program Files\Lenovo\ATK Hotkey\ASMMAP64.sys ()
DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-104986063-2620454175-4151223757-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-104986063-2620454175-4151223757-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-104986063-2620454175-4151223757-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 5B C6 A7 A3 61 CA 01 [binary data]
IE - HKU\S-1-5-21-104986063-2620454175-4151223757-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-104986063-2620454175-4151223757-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-104986063-2620454175-4151223757-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5300;https=127.0.0.1:5300

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/06/20 01:17:52 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/08/24 22:23:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {16711829-73CB-4BDA-1072-15C66A771D4F} - C:\Windows\SysWOW64\NlsDatta000f.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IaNvSrv] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-104986063-2620454175-4151223757-1001..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-21-104986063-2620454175-4151223757-1001..\Run: [SmAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe (Conexant Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-104986063-2620454175-4151223757-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-104986063-2620454175-4151223757-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab (SysInfo Class)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes3\deskscapes.dll (Stardock Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 03:13:35 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/25 12:07:04 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\Apple
[2011/08/24 22:41:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/24 20:31:46 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{942EDFC9-4136-456D-AEA7-4DEA881D4F4B}
[2011/08/24 20:31:35 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{EF15052D-1D4B-49D7-8737-E91F801AB3BF}
[2011/08/23 23:23:03 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{A8C50A46-3054-4064-92FC-6BF625F1DA02}
[2011/08/23 23:22:40 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{D47265B5-6AF8-42F5-B52F-7A034823D800}
[2011/08/23 23:12:16 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\CutePDF Writer
[2011/08/23 23:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2011/08/23 23:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
[2011/08/23 23:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acro Software
[2011/08/23 22:40:07 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\Adobe
[2011/08/23 00:28:15 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{1738E8C1-9F70-4E91-AB8D-18FCA31358E6}
[2011/08/23 00:28:04 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{2D8EAD87-1B80-41B6-AE85-3BA34D48AA88}
[2011/08/20 15:57:59 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{AAF3F6B6-857C-46A5-81F6-59D6DAD12467}
[2011/08/20 15:57:37 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{E6A81F11-270C-4598-AF8F-C9DC1D41F055}
[2011/08/19 14:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/08/19 14:44:34 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\Desktop\HitmanPro
[2011/08/19 12:54:41 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\Desktop\HELP
[2011/08/19 11:25:46 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{7B55B4D0-FBE6-42A7-BA9D-3277541B706F}
[2011/08/19 11:25:24 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{2DD915E2-878B-4D65-A099-E8EDBD9A5F57}
[2011/08/19 02:21:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/19 02:12:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/19 02:12:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/19 02:12:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/19 02:09:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/19 02:05:22 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2011/08/19 01:13:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/19 00:34:22 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\Desktop\Virus Removal Software
[2011/08/18 23:14:47 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{0CD2DB66-6F3C-4313-B5C4-1B8DB9A4FB03}
[2011/08/18 23:14:23 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{B00DC08A-F1ED-4EAB-B122-7B3201E4DCD4}
[2011/08/18 10:34:52 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{E3863F74-EBC1-4B10-81B6-F626B0D4220E}
[2011/08/18 10:34:41 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{A40C3FAC-5D87-4088-89A5-A9DD11C7B749}
[2011/08/17 10:45:36 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{4A203B1D-02AA-4B8D-9AF0-0407F52CFBEE}
[2011/08/17 10:45:25 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{386528B6-1627-4281-AD5D-3A58706B5BE4}
[2011/08/16 17:35:18 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{F02E8813-2B4D-483F-A924-68BB8D07DBB7}
[2011/08/16 17:35:07 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{E7095997-47CC-4595-B569-87D3B596F0C7}
[2011/08/16 03:06:14 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ThinkVantage
[2011/08/16 02:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThinkVantage
[2011/08/16 02:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThinkVantage
[2011/08/16 01:30:56 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{A067CBE9-3B1B-4C72-BB39-AFCF86B52FAA}
[2011/08/16 01:30:42 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{C4E8463E-F5BA-4522-B640-0C2508AD46BF}
[2011/08/15 13:25:35 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{0DBD2F03-A040-4436-B781-3C0FFC200444}
[2011/08/15 13:25:23 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{FA087E6E-33B2-4D53-A492-51524A834162}
[2011/08/15 01:00:55 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2011/08/15 01:00:55 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011/08/15 01:00:55 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011/08/15 01:00:55 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011/08/15 00:54:43 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/08/15 00:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/08/15 00:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011/08/15 00:47:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2011/08/15 00:28:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Playdead
[2011/08/15 00:27:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\2055
[2011/08/14 21:22:08 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{49CE979A-8C6C-40C3-AA6C-10F30FE1B7CA}
[2011/08/14 21:21:57 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{6FC99669-7F35-41C7-BAAE-966C02D45A51}
[2011/08/14 01:23:20 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{03F405CF-6C6A-4B1E-B1E2-28A0D0DBF176}
[2011/08/14 01:22:58 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{D16E7F46-4F71-4658-832C-95219EC189DF}
[2011/08/12 23:11:51 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{11688EA5-2B54-4035-BD10-1331FB5232FF}
[2011/08/12 23:11:29 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{598E7C9E-011D-4B97-9F26-02BB023A59D0}
[2011/08/12 22:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop
[2011/08/12 22:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote
[2011/08/12 22:55:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Splashtop
[2011/08/12 22:54:26 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{0A36B131-6523-4C74-8318-740330A367C3}
[2011/08/11 13:09:06 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{AA827ACF-F82F-4096-979F-E9D25704F0EE}
[2011/08/11 13:08:44 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{4E2EB5E3-9CEA-4FC9-BA59-DBF4A27EA6C8}
[2011/08/10 20:47:47 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{89567120-0B79-4B42-9C10-B9281A2A6248}
[2011/08/10 18:09:44 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{E82A2E63-0854-40B0-8DD2-D12DAA867591}
[2011/08/10 04:21:31 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{F1BD2634-74C1-42AA-8108-EE5A29E47A0A}
[2011/08/10 04:21:08 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{46FC2CDA-D9BB-4505-A6E0-C53815340397}
[2011/08/10 01:58:33 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/08/10 01:58:33 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/08/10 01:58:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/08/10 01:58:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/08/10 01:58:33 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/08/10 01:58:33 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/10 01:58:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/08/10 01:58:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/08/10 01:58:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/08/10 01:58:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/08/10 01:58:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 01:58:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 01:58:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 01:58:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/08/10 01:58:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 01:58:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 01:58:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 01:58:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 01:58:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 01:58:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 01:58:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 01:58:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 01:58:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 01:58:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 01:58:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 01:58:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 01:58:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 01:58:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 01:58:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 01:58:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 01:58:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 01:58:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 01:58:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 01:58:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 01:58:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 01:58:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 01:58:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 01:58:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 01:58:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 01:58:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 01:58:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/08/10 01:58:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 01:58:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 01:58:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 01:58:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 01:58:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/08/10 01:58:28 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/08/10 01:58:27 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/10 01:58:26 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/08/10 01:58:03 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/08/10 01:58:02 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/10 01:58:01 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/10 01:58:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/10 01:58:01 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/10 01:58:01 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/10 01:58:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/10 01:57:58 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/08/10 01:57:58 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/08/10 01:57:58 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/08/10 01:57:58 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/08/10 01:57:58 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/08/10 01:57:58 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/08/10 01:57:58 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/08/10 01:57:58 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/08/10 01:57:58 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/08/10 01:57:57 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/09 11:00:39 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{04931877-1609-4C55-BF93-AA480EDD027D}
[2011/08/09 11:00:21 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{7BA0BE5F-70EF-47A6-92D0-3171F5A89A80}
[2011/08/08 12:01:32 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{CE403ADC-5E4C-4F25-BEF3-B5C168EE9BB8}
[2011/08/08 12:01:09 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{832C126D-B519-49B8-822E-ECE25A7BD9F4}
[2011/08/07 18:15:40 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{EA663F02-9170-4D9B-8603-7CB7989CEFE6}
[2011/08/07 18:15:18 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{D2F7EA53-D52F-4D0F-8373-49759B675AD9}
[2011/08/07 15:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest (64-bit)
[2011/08/07 15:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\PerformanceTest
[2011/08/07 15:46:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PerformanceTest
[2011/08/07 12:33:26 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/08/07 12:32:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/08/07 12:29:14 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{8C820F1B-4810-4291-9086-EFF4F380CE17}
[2011/08/07 12:29:03 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{D420D183-2952-429D-9C63-904587046857}
[2011/08/07 12:21:06 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{230FE516-B3A3-424E-9430-745F1F8AAB36}
[2011/08/06 16:17:16 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{76C357F7-0327-4D5C-9570-4E15D345E459}
[2011/08/06 16:16:54 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{14FC96A9-C226-4BDB-BE14-66D57CEC42DA}
[2011/08/06 13:17:47 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{D9766578-5F11-462A-A048-24BBB4F2D4E4}
[2011/08/06 01:58:43 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{B37B39FC-0C1A-4ECE-A16C-D9DC7D9186BD}
[2011/08/05 22:23:18 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\Desktop\Penguins Of Madagascar
[2011/08/05 22:03:25 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{085814F4-EB71-4780-A3E5-96285D918F16}
[2011/08/05 10:55:39 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{169D57AC-55F5-4267-8888-D48126699462}
[2011/08/05 00:27:14 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek
[2011/08/05 00:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\MetaGeek
[2011/08/04 11:46:07 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\LogMeIn
[2011/08/04 11:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2011/08/04 11:37:33 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{97CFA0DC-EA0B-49A1-A5EE-26C3EC79FF13}
[2011/08/04 11:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Processor ID Utility
[2011/08/04 11:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel Corporation
[2011/08/04 10:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/04 10:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/08/04 09:30:39 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\Desktop\ZaggSparq
[2011/08/03 23:36:57 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{5AAF5823-B474-4C8F-8D9C-F322588092B0}
[2011/08/03 00:31:25 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{0104AB94-0D6E-42BF-8CA6-C19AAF841322}
[2011/08/02 10:08:50 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{7818F6AE-8829-406F-A4FC-C127D67D87E8}
[2011/08/01 12:27:08 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{2092C491-2850-41B7-9670-3B58656B84AD}
[2011/08/01 00:54:06 | 000,000,000 | R--D | C] -- C:\Users\Dan Hoffmann\Desktop\Dropbox
[2011/08/01 00:50:18 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/08/01 00:50:06 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Roaming\Dropbox
[2011/07/31 18:48:49 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{4F698A42-4087-4AD0-BF37-7041659E598D}
[2011/07/31 01:35:33 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{9A27DD94-2BCF-4A35-A8B4-375DC983F899}
[2011/07/29 23:39:06 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{51693F98-76A9-426B-908B-A45BB22464AB}
[2011/07/29 10:08:59 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{EA328851-F5F3-4479-8195-72B2C7735635}
[2011/07/28 22:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Gibraltar
[2011/07/28 13:29:54 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{35370353-A973-4466-8273-BE34B29B3793}
[2011/07/28 01:29:19 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{B9246291-4546-4B9A-89DE-804D94C24234}
[2011/07/27 11:51:16 | 000,000,000 | ---D | C] -- C:\Users\Dan Hoffmann\AppData\Local\{C9423EF6-8679-40FA-9396-1B897E202A42}
[2011/07/26 20:40:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2009/10/05 17:25:58 | 000,069,632 | ---- | C] ( ) -- C:\Windows\SysWow64\DVDRead.dll
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Dan Hoffmann\Documents\*.tmp files -> C:\Users\Dan Hoffmann\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/25 12:05:31 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/25 12:05:17 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/08/25 11:57:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/25 00:06:46 | 000,000,644 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/08/24 22:44:44 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/24 22:44:44 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/24 22:43:20 | 000,783,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/24 22:43:20 | 000,664,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/24 22:43:20 | 000,123,276 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/24 22:36:15 | 3193,921,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/24 22:23:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/08/19 13:24:55 | 000,000,214 | ---- | M] () -- C:\Users\Dan Hoffmann\Desktop\2nd Topic.url
[2011/08/19 13:24:17 | 000,000,214 | ---- | M] () -- C:\Users\Dan Hoffmann\Desktop\1st Topic.url
[2011/08/19 03:02:43 | 608,582,950 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/18 11:42:35 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\lpcio.dll
[2011/08/15 12:36:42 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/08/11 12:37:02 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/10 02:10:39 | 000,780,032 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/31 20:51:30 | 000,000,852 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2011/07/27 22:30:17 | 000,000,079 | ---- | M] () -- C:\Users\Dan Hoffmann\AppData\Local\CrystalDiskMark30.ini
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Dan Hoffmann\Documents\*.tmp files -> C:\Users\Dan Hoffmann\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/23 23:11:02 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\cpwmon64.dll
[2011/08/19 13:24:41 | 000,000,214 | ---- | C] () -- C:\Users\Dan Hoffmann\Desktop\2nd Topic.url
[2011/08/19 11:13:14 | 000,000,214 | ---- | C] () -- C:\Users\Dan Hoffmann\Desktop\1st Topic.url
[2011/08/19 03:02:43 | 608,582,950 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/19 02:12:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/19 02:12:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/19 02:12:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/19 02:12:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/19 02:12:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/15 00:29:30 | 000,001,493 | ---- | C] () -- C:\Users\Dan Hoffmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Limbo.lnk
[2011/08/15 00:27:26 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/07/21 15:15:56 | 000,000,644 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/16 20:57:05 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/12/29 18:06:32 | 014,835,712 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/12/29 15:58:37 | 000,000,079 | ---- | C] () -- C:\Users\Dan Hoffmann\AppData\Local\CrystalDiskMark30.ini
[2010/12/05 21:30:27 | 000,780,032 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/22 13:20:14 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/06/18 11:06:30 | 000,399,872 | ---- | C] () -- C:\Windows\SysWow64\faac.exe
[2010/06/08 16:12:46 | 000,157,696 | ---- | C] () -- C:\Windows\SysWow64\OggEnc.exe
[2010/06/08 16:12:42 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\Lame.exe
[2010/04/21 18:14:56 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/04/21 18:14:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/04/21 18:14:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/04/18 14:54:23 | 000,327,168 | ---- | C] () -- C:\Windows\SysWow64\cutil32.dll
[2010/01/31 21:47:19 | 000,086,016 | ---- | C] () -- C:\Windows\stk2135bsrv.exe
[2010/01/31 21:46:51 | 000,055,824 | ---- | C] () -- C:\Windows\CamUnist.exe
[2010/01/31 19:04:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2010/01/18 19:22:16 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/12/13 22:55:39 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/12/13 22:55:38 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/11/16 23:47:52 | 000,007,622 | ---- | C] () -- C:\Users\Dan Hoffmann\AppData\Local\Resmon.ResmonCfg
[2009/11/09 19:46:16 | 000,061,440 | R--- | C] () -- C:\Windows\SysWow64\AABATT.dll
[2009/08/13 22:51:30 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 19:20:06 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\rdrleakdiiag.exe
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/04 15:13:58 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\DEVMAN.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:6DFF1A8A

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:14 PM

Posted 26 August 2011 - 04:03 PM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    O4 - HKU\S-1-5-21-104986063-2620454175-4151223757-1001..\Run: [Power2GoExpress] File not found
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
    @Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:6DFF1A8A
    :files
    C:\windows\tasks\At*.job 
    ipconfig /flushdns /c
    :Commands
    [PURITY] 
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS] 
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 CBR954RR

CBR954RR
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 26 August 2011 - 07:14 PM

It looks as though there is still an issue. I ran OTL again with the info you supplied copied and pasted into the Custom Scans/Fixes section and the log is below. The machine was forced to reboot.

When I tried my search, the first link I tried clicking on was www.gamesradar.com/limbo-hidden-egg-guide/ and the webpage that attmepted to open is what follows with a tab title of Internet Explorer cannot display the webpage.

http://66.246.72.42/c.php?p=9V23ZTfRhDQIUqD3fKvXnorXxx3kYj8_q2CYP-YHC708PKwtO93V39NxdIUJNsMCfbfZ3_oAGvPWcIvgP-oSC3e2sCi144UNOlJw1I5uSRRj4CYcx41N8QNZ1ccS1VqN6aQzUZKOMc_EpmXJ9csJRUu_I0dt4RB8HlYw-7qJCuxV_RFs8ubni9NexmebuVjpS1hjxrcYThNwYXFo3Co3-Esgjw4MX3m92d0A_1CoDu80xJrC2EtC3s8nHQgiOsTMGGeaRM-bWdv_ADKqOgU1ao4DTWlkx6qgoosfampRwO9S_qxF4RxfjEAAIVRink6QNBtdiEjq87-WRkY7UxcQEsf3ec5rrKO8TdDAr8XsxeRWuV8GPDvkdprjCyWrARdhcqGs3hgm4qx0qdRcbO1ytJXxobKqxQEj_b8BLJkzqEe4sNTnIv1GKvvG6BWB9A82arTSTehACSA

The next attempt on the same link produced http://www.google.com/search?hl=en&source=hp&biw=1280&bih=598&q=limbo+hidden+egg+locations&oq=limbo+hidden+egg+locations&aq=f&aqi=&aql=&gs_sm=e&gs_upl=0l0l1l12l0l0l0l0l0l0l0l0ll0l0 with the word connecting in the tab title.

After 1 or 2 more tries, it then seems to work and any link I click on seems to take me where I am supposed to go. If I close all my browser windows and try again, the process seems to repeat itself. I have IE set to clear all cookies, temporary internet files, passwords, form data, history, etc. on close if that makes any difference.

I have also noticed that my email (Windows Live Mail 2011) is not working correctly since the last OTL scan we ran. My messages download OK but any of the HTML messages (new or old ones in my boxes) I open only shows the subject, who it is from and who it is to, but none of the body of the message shows up. I assume this is do to something that was removed from the custom OTL scan?

UPDATE: I ran Windows Live Essentials 2011 repair and it seemed to fix the email issue.

- Dan


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-104986063-2620454175-4151223757-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ not found.
File {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui\ deleted successfully.
C:\Windows\SysNative\igfxdev.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus\ deleted successfully.
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll moved successfully.
ADS C:\ProgramData\Temp:6DFF1A8A deleted successfully.
========== FILES ==========
C:\windows\tasks\At1.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dan Hoffmann\Desktop\HELP\OTL\cmd.bat deleted successfully.
C:\Users\Dan Hoffmann\Desktop\HELP\OTL\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Dan Hoffmann
->Temp folder emptied: 200996 bytes
->Temporary Internet Files folder emptied: 85055957 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 57435 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 9746304 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70801 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 91.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Dan Hoffmann
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.5 log created on 08262011_195314

Files\Folders moved on Reboot...
C:\Users\Dan Hoffmann\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Dan Hoffmann\AppData\Local\Temp\~DF7A8801A2CDD475CA.TMP not found!
File\Folder C:\Users\Dan Hoffmann\AppData\Local\Temp\~DF86A363EFE84D9513.TMP not found!
File\Folder C:\Users\Dan Hoffmann\AppData\Local\Temp\~DFB5F0251648C06FD7.TMP not found!
File\Folder C:\Users\Dan Hoffmann\AppData\Local\Temp\~DFE2B74E8055446B23.TMP not found!
C:\Users\Dan Hoffmann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TDP1JLJL\11964350745@x23[1].htm moved successfully.
C:\Users\Dan Hoffmann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TDP1JLJL\si[1].htm moved successfully.
C:\Users\Dan Hoffmann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QB4607AE\1@x96[1].htm moved successfully.
C:\Users\Dan Hoffmann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QB4607AE\@x94[1].htm moved successfully.
C:\Users\Dan Hoffmann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QB4607AE\ads[1].htm moved successfully.
C:\Users\Dan Hoffmann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQDAEXZH\1[750027]@x90[1].htm moved successfully.
C:\Users\Dan Hoffmann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQDAEXZH\2011Generic@Bottom3[1].htm moved successfully.
C:\Users\Dan Hoffmann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQDAEXZH\ads[1].htm moved successfully.
C:\Users\Dan Hoffmann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1N5I3BP1\1403270_CON_120303_SOHO_NA_BA_AFSB_300x250[1].html moved successfully.
C:\Users\Dan Hoffmann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1N5I3BP1\1@x71[1].htm moved successfully.
C:\Users\Dan Hoffmann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1N5I3BP1\page__gopid__2385157[1].txt moved successfully.
C:\Users\Dan Hoffmann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1N5I3BP1\si[1].htm moved successfully.
C:\Users\Dan Hoffmann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1N5I3BP1\topics;kw=;tile=2;sz=300x250,336x280;ord='%20+%20ord%20+%20'[1].htm moved successfully.
C:\Users\Dan Hoffmann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Windows\temp\vmware-SYSTEM-2592520941\vmware-usbarb-SYSTEM-2900.log moved successfully.

Registry entries deleted on Reboot...

Edited by CBR954RR, 27 August 2011 - 12:15 AM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:14 PM

Posted 27 August 2011 - 09:33 PM

we are going to check the router

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 CBR954RR

CBR954RR
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 27 August 2011 - 09:58 PM

Here is the log from the router.bat execution.

UPDATE: While waiting for your next thing to try, I have been playing around with different search engines and have discovered the following;

Each attempt is done by closing the browsing session and then reopening a new session. Browser is set to clear temp files, passwords, forms, cookies, etc. on each close.

Yahoo.com does not seem to display any problems with search results. Links seem to take me where they are supposed to.
Bing.com does not seem to display any problems with search results. Links seem to take me where they are supposed to.
Google.com shows a problem when search results show up. But, what appears to be consistent is that it does not matter which link I click on, the first 3 attempts to open a link redirects. After the 3rd attempt, the google search results seem to take me where they are supposed to. This can be reproduced each time I close my browser session and then open a new one and try again.

Don't know if this info is helpful or not but thought I would include it.

I do appreciate your willingness to keep helping.

- Dan


Windows IP Configuration

Host Name . . . . . . . . . . . . : LenovoSL500
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-22-FA-F5-78-39
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-1F-E2-E5-B0-CF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-22-FA-F5-78-38
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5b0:38ae:8f3:d56%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.11.13(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, August 27, 2011 9:02:39 AM
Lease Expires . . . . . . . . . . : Sunday, August 28, 2011 9:02:38 PM
Default Gateway . . . . . . . . . : 192.168.11.1
DHCP Server . . . . . . . . . . . : 192.168.11.1
DHCPv6 IAID . . . . . . . . . . . : 218112762
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-8A-7D-0E-00-26-18-24-16-45
DNS Servers . . . . . . . . . . . : 192.168.11.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-26-18-24-16-45
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter VMware Network Adapter VMnet1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c52:b236:6542:1573%1015(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.110.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : -134197162
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-8A-7D-0E-00-26-18-24-16-45
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet8:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5458:2446:5294:dfeb%1016(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.46.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : -100642730
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-8A-7D-0E-00-26-18-24-16-45
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{073F78DD-7EB3-48F8-96F6-59CD38973F0C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 1000:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{EC0C2935-1522-4C7A-91BB-0D58C8AD13B6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{E1F901CC-CF11-4A14-AE7F-5456E1F62A0C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A0B503BF-3018-45C1-AC10-DAF3FDFDFF0D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C39486DD-DFD6-4AAB-8FC5-38A790F82621}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{2CBD4E8A-6217-4D2F-999E-E74DB6ABAF06}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.11.1

Name: google.com
Addresses: 74.125.93.99
74.125.93.103
74.125.93.104
74.125.93.105
74.125.93.106
74.125.93.147

Server: UnKnown
Address: 192.168.11.1

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65


Pinging google.com [74.125.93.99] with 32 bytes of data:
Reply from 74.125.93.99: bytes=32 time=49ms TTL=48
Reply from 74.125.93.99: bytes=32 time=50ms TTL=48

Ping statistics for 74.125.93.99:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 49ms, Maximum = 50ms, Average = 49ms

Pinging yahoo.com [69.147.125.65] with 32 bytes of data:
Reply from 69.147.125.65: bytes=32 time=49ms TTL=50
Reply from 69.147.125.65: bytes=32 time=44ms TTL=50

Ping statistics for 69.147.125.65:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 44ms, Maximum = 49ms, Average = 46ms
===========================================================================
Interface List
16...00 22 fa f5 78 39 ......Microsoft Virtual WiFi Miniport Adapter
14...00 1f e2 e5 b0 cf ......Bluetooth Device (Personal Area Network)
11...00 22 fa f5 78 38 ......Intel® WiFi Link 5100 AGN
10...00 26 18 24 16 45 ......Realtek PCIe GBE Family Controller
1015...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
1016...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
1...........................Software Loopback Interface 1
1020...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
998...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
1019...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
1018...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
1021...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
1022...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
1017...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.11.1 192.168.11.13 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.11.0 255.255.255.0 On-link 192.168.11.13 281
192.168.11.13 255.255.255.255 On-link 192.168.11.13 281
192.168.11.255 255.255.255.255 On-link 192.168.11.13 281
192.168.46.0 255.255.255.0 On-link 192.168.46.1 276
192.168.46.1 255.255.255.255 On-link 192.168.46.1 276
192.168.46.255 255.255.255.255 On-link 192.168.46.1 276
192.168.110.0 255.255.255.0 On-link 192.168.110.1 276
192.168.110.1 255.255.255.255 On-link 192.168.110.1 276
192.168.110.255 255.255.255.255 On-link 192.168.110.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.11.13 281
224.0.0.0 240.0.0.0 On-link 192.168.46.1 276
224.0.0.0 240.0.0.0 On-link 192.168.110.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.11.13 281
255.255.255.255 255.255.255.255 On-link 192.168.46.1 276
255.255.255.255 255.255.255.255 On-link 192.168.110.1 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
1016 276 fe80::/64 On-link
1015 276 fe80::/64 On-link
11 281 fe80::5b0:38ae:8f3:d56/128
On-link
1015 276 fe80::c52:b236:6542:1573/128
On-link
1016 276 fe80::5458:2446:5294:dfeb/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
1016 276 ff00::/8 On-link
1015 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

Edited by CBR954RR, 28 August 2011 - 09:41 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users