Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not Smart Fortress 2012


  • This topic is locked This topic is locked
23 replies to this topic

#1 Louie22

Louie22

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tooele,UT
  • Local time:10:35 PM

Posted 08 March 2012 - 11:30 PM

Acer , Aspire 5250-0810 ,AMD Radeon HD 6310 ,sGB DDR3 memory 320GB HHD ,Laptop PC. Windows 7 Home Premium, has a similar,very similar similar !! . Infection of some kind .
I checked the registry for the examples ,as in the article. Re; Fortress Removal. No entrys close to examples .
I have used HJK this before . A current log will be with this post .
I downlodedn Secunia . ran it . Results coming too.
Downloaded and ran Malwarebytes . Cookies came up .
The bug on this PC controls all functions also.
It allows me to run , regedit, msconfig, cmd.exe .No changes allowed .Most sites I try to log on , the bug changes the password before I log on.
Caan not reason out why it let me on here . Happy I am here .

I'm with all the ones that deleted Fortress . Thank you for being here and the knowledge you all have , Louie22



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:36:09, on 3/8/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\DesktopUnHackMe\hackmon.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\DesktopUnHackMe\gwebupdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\RAXC\Desktop\PSI\psi_tray.exe
C:\Users\RAXC\Desktop\PSI\psi.exe
C:\Desktop\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Global Startup: Secunia PSI Tray.lnk = RAXC\Desktop\PSI\psi_tray.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Users\RAXC\Desktop\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Users\RAXC\Desktop\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9098 bytes

Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Louie22

Louie22
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tooele,UT
  • Local time:10:35 PM

Posted 10 March 2012 - 11:05 AM

what kinds of files may I sent with my message? Here is a copy and paste Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy 2
Secunia PSI (2.0.0.4003)
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (10.0.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Spybot Teatimer.exe is disabled!
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
Symantec Norton Online Backup NOBuAgent.exe
Trend Micro HiJackThis HiJackThis.exe
``````````End of Log````````````

#3 Louie22

Louie22
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tooele,UT
  • Local time:10:35 PM

Posted 10 March 2012 - 01:34 PM

Attached File  sualog.zip   8.01KB   0 downloadsMore results from advice form . I hope I dont lose these atachmentsAttached File  DDS.zip   6.56KB   1 downloads

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,773 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:35 AM

Posted 13 March 2012 - 08:48 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Louie22

Louie22
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tooele,UT
  • Local time:10:35 PM

Posted 15 March 2012 - 09:45 PM

Thanks for the reply . My PC could not get on the net for hours last evening and into this A.M.Had to control F through the registry to delete a McAfee infection .I ran the OTL.exe and will paste it here .I just restored the PC from restore partition As soon as i went WIFI the trouble started all over .I still can not get into my gmail account. Interference from the bug .I have used emisoft , emercency male ware searh and remove . It pulled up mostly tracking cookies , and minor errors in some files .Before the restore I ran a TDSS killer , it found and deleted a trojan crypt win 32 baddy. I still have some ind of virus bug . I am hoping you can help me out .How do i know there is still an infection on PC ?Don't really have proof butLocked out of any thig that causes probs for the "IT".Thanking you again for the aid .

.OTL logfile created on: 3/15/2012 5:17:14 PM - Run 1
OTL by OldTimer - Version 3.2.37.1 Folder = C:\Users\DEWEY\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.60 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 44.77% Memory free
3.21 Gb Paging File | 1.63 Gb Available in Paging File | 50.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 235.86 Gb Free Space | 92.81% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 24.45 Gb Free Space | 84.33% Space Free | Partition Type: NTFS

Computer Name: DEWEY-PC | User Name: DEWEY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\DEWEY\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
PRC - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (vm2uvcflt) -- C:\Windows\SysNative\drivers\vm2uvcflt.sys (Vimicro Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\DEWEY\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [bdinstaller] "C:\Program Files (x86)\Common Files\Bitdefender\setupinformation\setuplauncher.exe" /run:"C:\Program Files (x86)\Common Files\Bitdefender\setupinformation\setupdownloader.exe" /args:"/after_restart" File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55DB513C-1A0A-402A-8BCF-878D9206068F}: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{850FECB8-4957-480C-86A8-C99B0A8E8FA3}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\DEWEY\DESKTOP\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\DEWEY\DESKTOP\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/15 17:16:33 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\DEWEY\Desktop\OTL.exe
[2012/03/15 15:25:18 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Local\Diagnostics
[2012/03/15 14:54:49 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2012/03/15 14:54:49 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2012/03/15 14:30:47 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/03/15 14:30:45 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/03/15 14:30:43 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/03/15 14:05:11 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/03/15 14:05:11 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/03/15 14:05:07 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/03/15 14:05:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/03/15 14:05:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/03/15 14:05:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/03/15 14:05:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/03/15 14:05:03 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/03/15 14:05:03 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/03/15 14:05:01 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/03/15 14:05:00 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/03/15 13:55:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/03/15 13:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/15 12:31:14 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\DEWEY\aswMBR.exe
[2012/03/15 09:16:15 | 000,000,000 | --SD | C] -- C:\windows\SysWow64\Microsoft
[2012/03/15 08:54:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\New folder
[2012/03/15 03:32:59 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xmllite.dll
[2012/03/15 03:32:54 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2012/03/15 03:32:53 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2012/03/15 03:32:21 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntshrui.dll
[2012/03/15 03:32:14 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccu32.dll
[2012/03/15 03:32:14 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccr32.dll
[2012/03/15 03:32:13 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbcjt32.dll
[2012/03/15 03:32:13 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbctrac.dll
[2012/03/15 03:32:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccp32.dll
[2012/03/15 03:32:12 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccu32.dll
[2012/03/15 03:32:12 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccr32.dll
[2012/03/15 03:32:11 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccp32.dll
[2012/03/15 03:32:10 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbctrac.dll
[2012/03/15 03:31:42 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\poqexec.exe
[2012/03/15 03:31:42 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\poqexec.exe
[2012/03/15 03:31:37 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\quartz.dll
[2012/03/15 03:31:36 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\quartz.dll
[2012/03/15 03:31:35 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2012/03/15 03:31:35 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2012/03/15 03:31:31 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2012/03/15 03:31:22 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tquery.dll
[2012/03/15 03:31:22 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssrch.dll
[2012/03/15 03:31:21 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssrch.dll
[2012/03/15 03:31:20 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchProtocolHost.exe
[2012/03/15 03:31:19 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll
[2012/03/15 03:31:17 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssph.dll
[2012/03/15 03:31:17 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssph.dll
[2012/03/15 03:31:17 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchFilterHost.exe
[2012/03/15 03:31:16 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssvp.dll
[2012/03/15 03:31:16 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssphtb.dll
[2012/03/15 03:31:15 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssvp.dll
[2012/03/15 03:31:14 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msscntrs.dll
[2012/03/15 03:31:13 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msscntrs.dll
[2012/03/15 03:30:59 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2012/03/15 03:30:58 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll
[2012/03/15 03:30:57 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll
[2012/03/15 03:30:57 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2012/03/15 03:30:57 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2012/03/15 03:30:56 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2012/03/15 03:30:41 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\timedate.cpl
[2012/03/15 03:30:40 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\timedate.cpl
[2012/03/15 03:30:24 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012/03/15 03:30:15 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDec.dll
[2012/03/15 03:30:14 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\EncDec.dll
[2012/03/15 03:24:01 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012/03/15 03:24:01 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012/03/15 03:24:00 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012/03/15 03:24:00 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012/03/15 03:24:00 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012/03/15 03:23:58 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012/03/15 03:23:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012/03/15 03:23:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012/03/15 03:23:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012/03/15 03:23:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/03/15 03:23:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/03/15 03:23:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012/03/15 03:23:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012/03/15 03:23:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/03/15 03:23:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012/03/15 03:23:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/03/15 03:23:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/03/15 03:23:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/03/15 03:23:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/03/15 03:23:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/03/15 03:23:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/03/15 03:23:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/03/15 03:23:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/03/15 03:23:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/03/15 03:23:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/03/15 03:23:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/03/15 03:23:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/03/15 03:23:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/03/15 03:23:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/03/15 03:23:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/03/15 03:23:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/03/15 03:23:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/03/15 03:23:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/03/15 03:23:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/03/15 03:23:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/03/15 03:23:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/03/15 03:23:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/03/15 03:23:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/03/15 03:23:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/03/15 03:23:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/03/15 03:23:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/03/15 03:23:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/03/15 03:23:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/03/15 03:23:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/03/15 03:23:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/03/15 03:23:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/03/15 03:23:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/03/15 03:23:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/03/15 03:23:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/03/15 03:23:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/03/15 03:23:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/03/15 03:23:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/03/15 03:23:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/03/15 03:23:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/03/15 03:23:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/03/15 03:23:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/03/15 03:23:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/03/15 03:23:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/03/15 03:23:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/03/15 03:23:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/03/15 03:23:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/03/15 03:23:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/03/15 03:23:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/03/15 03:23:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/03/15 03:23:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/03/15 03:23:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/03/15 03:23:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/03/15 03:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/03/15 03:23:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012/03/15 03:23:20 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisdecd.dll
[2012/03/15 03:23:20 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisrndr.ax
[2012/03/15 03:23:19 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisdecd.dll
[2012/03/15 03:23:18 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisrndr.ax
[2012/03/15 03:22:52 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2012/03/15 03:20:09 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\drvinst.exe
[2012/03/15 03:20:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\devrtl.dll
[2012/03/15 03:19:54 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvcrt.dll
[2012/03/15 03:19:42 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleacc.dll
[2012/03/15 03:19:41 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2012/03/15 03:19:24 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll
[2012/03/15 03:19:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll
[2012/03/15 03:04:38 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\Macromedia
[2012/03/15 03:03:25 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\Adobe
[2012/03/15 02:43:15 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Local\Google
[2012/03/15 02:42:07 | 001,079,112 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\DEWEY\Desktop\procexp64.exe
[2012/03/15 02:38:34 | 004,777,280 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\DEWEY\Desktop\procexp.exe
[2012/03/15 02:31:16 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2012/03/15 02:31:15 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012/03/15 02:31:15 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012/03/15 02:31:09 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2012/03/15 02:31:09 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll
[2012/03/15 02:23:01 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/03/15 02:22:59 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Local\AMD
[2012/03/15 02:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Energy Management
[2012/03/15 02:22:32 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\ATI
[2012/03/15 02:22:32 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Local\ATI
[2012/03/15 02:22:07 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/03/15 02:22:07 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Searches
[2012/03/15 02:22:07 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/03/15 02:22:07 | 000,000,000 | -H-D | C] -- C:\Users\DEWEY\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/03/15 02:21:55 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\Identities
[2012/03/15 02:21:51 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Contacts
[2012/03/15 02:21:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/15 02:21:48 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Local\VirtualStore
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\AppData\Local\Temporary Internet Files
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\Templates
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\Start Menu
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\SendTo
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\Recent
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\PrintHood
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\NetHood
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\Documents\My Videos
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\Documents\My Pictures
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\Local Settings
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\AppData\Local\History
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\Cookies
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\Application Data
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\AppData\Local\Application Data
[2012/03/15 02:21:36 | 000,000,000 | --SD | C] -- C:\Users\DEWEY\AppData\Roaming\Microsoft
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Videos
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Saved Games
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Pictures
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Music
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Links
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Favorites
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Downloads
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Documents
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Desktop
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/03/15 02:21:36 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\Documents\My Music
[2012/03/15 02:21:36 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\My Documents
[2012/03/15 02:21:36 | 000,000,000 | -H-D | C] -- C:\Users\DEWEY\AppData
[2012/03/15 02:21:36 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Local\Temp
[2012/03/15 02:21:36 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Local\Microsoft
[2012/03/15 02:21:36 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\Media Center Programs
[2012/03/15 02:21:36 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
[2012/03/15 02:21:25 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/03/14 20:12:45 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012/03/15 17:22:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/15 17:16:44 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\DEWEY\Desktop\OTL.exe
[2012/03/15 16:03:50 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2012/03/15 16:03:37 | 000,472,782 | ---- | M] () -- C:\Users\DEWEY\Documents\internetDocument.rtf
[2012/03/15 15:05:16 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/15 15:05:16 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/15 15:03:36 | 000,717,260 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/03/15 15:03:36 | 000,617,460 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/03/15 15:03:36 | 000,104,702 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/03/15 14:58:58 | 000,439,315 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012/03/15 14:58:39 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/15 14:57:15 | 000,282,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/03/15 14:57:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/15 14:56:42 | 1292,029,952 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/15 13:55:25 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/03/15 13:55:14 | 000,731,106 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/03/15 12:33:12 | 000,000,512 | ---- | M] () -- C:\Users\DEWEY\Documents\MBR.dat
[2012/03/15 12:31:20 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\DEWEY\aswMBR.exe
[2012/03/15 09:54:23 | 000,000,000 | ---- | M] () -- C:\Users\DEWEY\defogger_reenable
[2012/03/15 03:01:15 | 000,001,441 | ---- | M] () -- C:\Users\DEWEY\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/15 02:42:07 | 001,079,112 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\DEWEY\Desktop\procexp64.exe
[2012/03/15 02:22:31 | 000,002,086 | ---- | M] () -- C:\Users\DEWEY\Desktop\OneKey Recovery.lnk
[2012/03/15 02:22:29 | 000,001,122 | ---- | M] () -- C:\Users\DEWEY\Desktop\Cyberlink Power2Go.lnk
[2012/03/14 20:15:13 | 000,108,227 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2012/03/14 20:15:13 | 000,108,227 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2012/03/14 02:51:00 | 000,000,060 | ---- | M] () -- C:\Users\DEWEY\Desktop\CommandlineScanner (2).bat
[2012/03/11 07:04:56 | 004,777,280 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\DEWEY\Desktop\procexp.exe
[2012/03/07 09:51:30 | 000,000,056 | ---- | M] () -- C:\Users\DEWEY\Desktop\EmergencyKitScanner.bat
[2012/02/17 00:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2012/02/16 23:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll

========== Files Created - No Company Name ==========

[2012/03/15 16:03:50 | 000,065,536 | ---- | C] () -- C:\windows\SysNative\Ikeext.etl
[2012/03/15 16:03:37 | 000,472,782 | ---- | C] () -- C:\Users\DEWEY\Documents\internetDocument.rtf
[2012/03/15 13:55:25 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2012/03/15 13:55:14 | 000,731,106 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/03/15 13:55:03 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/15 12:33:12 | 000,000,512 | ---- | C] () -- C:\Users\DEWEY\Documents\MBR.dat
[2012/03/15 09:54:23 | 000,000,000 | ---- | C] () -- C:\Users\DEWEY\defogger_reenable
[2012/03/15 03:01:15 | 000,001,441 | ---- | C] () -- C:\Users\DEWEY\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/15 02:38:25 | 000,000,056 | ---- | C] () -- C:\Users\DEWEY\Desktop\EmergencyKitScanner.bat
[2012/03/15 02:38:11 | 000,000,060 | ---- | C] () -- C:\Users\DEWEY\Desktop\CommandlineScanner (2).bat
[2012/03/15 02:22:18 | 000,001,413 | ---- | C] () -- C:\Users\DEWEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/03/15 02:22:09 | 000,001,447 | ---- | C] () -- C:\Users\DEWEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/03/15 02:21:36 | 000,002,239 | ---- | C] () -- C:\Users\DEWEY\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/15 02:21:36 | 000,002,086 | ---- | C] () -- C:\Users\DEWEY\Desktop\OneKey Recovery.lnk
[2012/03/15 02:21:36 | 000,001,122 | ---- | C] () -- C:\Users\DEWEY\Desktop\Cyberlink Power2Go.lnk
[2012/03/15 02:21:36 | 000,000,290 | ---- | C] () -- C:\Users\DEWEY\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/03/15 02:21:36 | 000,000,272 | ---- | C] () -- C:\Users\DEWEY\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/03/15 02:21:36 | 000,000,189 | ---- | C] () -- C:\Users\DEWEY\Desktop\Lenovo Telephony Start Now.url
[2012/03/14 20:12:40 | 1292,029,952 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/16 09:59:30 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011/10/16 09:59:30 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2011/10/16 09:35:58 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011/10/16 09:35:57 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/10/16 09:35:56 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011/10/16 09:35:56 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/10/16 09:35:30 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/10/16 09:08:15 | 000,001,823 | ---- | C] () -- C:\windows\vm332Rmv.ini
[2011/10/16 09:08:15 | 000,001,823 | ---- | C] () -- C:\windows\SysWow64\vm332Rmv.ini
[2011/10/16 08:53:34 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/10/16 08:49:04 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/08/09 23:56:20 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll

========== LOP Check ==========

[2009/07/13 23:08:49 | 000,006,148 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

OTL Extras logfile created on: 3/15/2012 5:17:14 PM - Run 1
OTL by OldTimer - Version 3.2.37.1 Folder = C:\Users\DEWEY\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.60 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 44.77% Memory free
3.21 Gb Paging File | 1.63 Gb Available in Paging File | 50.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 235.86 Gb Free Space | 92.81% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 24.45 Gb Free Space | 84.33% Space Free | Partition Type: NTFS

Computer Name: DEWEY-PC | User Name: DEWEY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{188080EF-C0B5-FBCC-3CD1-074C917E0DBB}" = ccc-utility64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{42C76910-6CD4-EC68-FB78-0D3DE411AD63}" = ATI Catalyst Install Manager
"{4485075E-F429-5E8D-452E-E7C0BDA12A19}" = ATI AVIVO64 Codecs
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{9423DCA0-FC4A-DD5C-1285-651E161B4EE3}" = AMD Media Foundation Decoders
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AE3857CE-9EAC-5077-9EBC-F9587D633224}" = AMD Fuel
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{092E59AB-28A8-75E5-BB0B-B9C6ED8748E9}" = CCC Help Swedish
"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2C663DDE-2534-DA14-1E2B-DFA50E8967A4}" = CCC Help Dutch
"{2F686923-3566-1B63-0414-68804A2D5127}" = CCC Help Finnish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{31211E28-2740-ED67-B93A-9ABAD6E67F6F}" = CCC Help Portuguese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D1C429-D8F0-6CE9-186B-6B9C3EF7BB8D}" = Catalyst Control Center Graphics Previews Common
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3F3A0CDA-F5F1-7259-4CF9-D879E800EA2A}" = CCC Help Chinese Standard
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{426FA60E-1A36-5D4C-9240-A7809B8B5E38}" = CCC Help Norwegian
"{4E396741-EAF9-4E21-9B4F-B16DEFA531A6}" = Catalyst Control Center - Branding
"{514272C3-F7DD-A659-7956-D39D0C6A12B1}" = Catalyst Control Center Profiles Mobile
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59042421-E167-9211-2E99-192BCB6D170B}" = CCC Help Turkish
"{5964B563-30BF-4F15-2844-5BD267609D0B}" = CCC Help Russian
"{5E32E456-BE4B-9865-6579-AF24339862C6}" = CCC Help English
"{6162F499-DBD2-8B3A-9CB8-CC0CE9D1E9D2}" = CCC Help Chinese Traditional
"{673A9A60-C409-A6D1-0327-9CFE08B31B9C}" = CCC Help Spanish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C50974F-2605-0F92-E226-6B701471CBDE}" = CCC Help Czech
"{70CC1270-E6C7-E78A-D1F0-9A981A46DC2F}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7565761B-ED80-C32B-0EF9-403125465C52}" = CCC Help French
"{75BA6802-2766-FED3-85D8-60A7AA4346E7}" = CCC Help Greek
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9CA92548-B5C5-36D6-D70F-C4D3332F02F0}" = CCC Help Japanese
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{BEEDECC5-F0AE-734B-91BB-63516AA4A5B7}" = Catalyst Control Center InstallProxy
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D50A70C4-BFB8-E45C-1E57-CA282161B91A}" = AMD VISION Engine Control Center
"{DAC69BCB-0C47-B2A1-66F8-C9FDBDA48682}" = CCC Help German
"{DBF6CD69-FADE-2016-EF15-5362D8FC214B}" = CCC Help Hungarian
"{DDBCDF95-9958-7A8F-F655-90E2FF1C27B5}" = CCC Help Thai
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0AD689C-EDC0-1914-AE55-F8207B20E489}" = Catalyst Control Center Localization All
"{E946FE9C-B883-BD46-9CB9-CC4BA737E53F}" = CCC Help Italian
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6143CF8-93D8-3A6F-FFB4-3D957642E194}" = CCC Help Korean
"{F8E78851-82D8-BBEC-9EBA-DB6D55E3520C}" = CCC Help Danish
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Lenovo Games Console" = Lenovo Games Console
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/15/2012 6:31:28 AM | Computer Name = DEWEY-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program a2cmd.exe because of this error. Program: a2cmd.exe File: The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000098 Disk
type: 0

Error - 3/15/2012 6:39:35 AM | Computer Name = DEWEY-PC | Source = Application Error | ID = 1000
Description = Faulting application name: start.exe_unknown, version: 0.0.0.0, time
stamp: 0x4ea8e18e Faulting module name: start.exe, version: 0.0.0.0, time stamp:
0x4ea8e18e Exception code: 0xc0000005 Fault offset: 0x00004e42 Faulting process id:
0xa98 Faulting application start time: 0x01cd028efd8165ec Faulting application path:
E:\start.exe Faulting module path: E:\start.exe Report Id: 280fb1b3-6e8b-11e1-9bbb-dc0ea15dad4d

Error - 3/15/2012 9:30:05 AM | Computer Name = DEWEY-PC | Source = McLogEvent | ID = 5051
Description =

Error - 3/15/2012 9:46:40 AM | Computer Name = DEWEY-PC | Source = Application Error | ID = 1000
Description = Faulting application name: a2emergencykit.exe, version: 0.0.0.0, time
stamp: 0x4d0ed17f Faulting module name: T3.dll, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000006 Fault offset: 0x00164dfd Faulting process id: 0xab8 Faulting application
start time: 0x01cd028f03d66f05 Faulting application path: E:\Run\a2emergencykit.exe
Faulting
module path: E:\RUN\T3.dll Report Id: 4a6d70b4-6ea5-11e1-9bbb-dc0ea15dad4d

Error - 3/15/2012 9:46:40 AM | Computer Name = DEWEY-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program a2emergencykit.exe because of this error. Program: a2emergencykit.exe
File:
The error value is listed in the Additional Data section. User Action 1. Open the
file again. This situation might be a temporary problem that corrects itself when
the program runs again. 2. If the file still cannot be accessed and - It is on the
network, your network administrator should verify that there is not a problem with
the network and that the server can be contacted. - It is on a removable disk, for
example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the
computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK,
click Start, click Run, type CMD, and then click OK. At the command prompt, type
CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from
a backup copy. 5. Determine whether other files on the same disk can be opened.
If not, the disk might be damaged. If it is a hard disk, contact your administrator
or computer hardware vendor for further assistance. Additional Data Error value: C0000098
Disk
type: 0

Error - 3/15/2012 11:24:35 AM | Computer Name = DEWEY-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/15/2012 3:19:28 PM | Computer Name = DEWEY-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/15/2012 4:58:25 PM | Computer Name = DEWEY-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/15/2012 5:44:30 PM | Computer Name = DEWEY-PC | Source = RasClient | ID = 20227
Description =

Error - 3/15/2012 5:55:28 PM | Computer Name = DEWEY-PC | Source = RasClient | ID = 20227
Description =

[ System Events ]
Error - 10/16/2011 11:59:54 AM | Computer Name = WIN-4JKASJAH1A4 | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\bcmihvsrv64.dll


Error - 10/16/2011 11:59:54 AM | Computer Name = WIN-4JKASJAH1A4 | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\bcmihvsrv64.dll


Error - 3/15/2012 4:23:58 AM | Computer Name = DEWEY-PC | Source = DCOM | ID = 10010
Description =

Error - 3/15/2012 5:11:48 AM | Computer Name = DEWEY-PC | Source = DCOM | ID = 10010
Description =


< End of report >




< End of report >

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,773 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:35 AM

Posted 16 March 2012 - 03:59 AM

Hi,

can you please download TDSSQlook to your desktop and run it. It will create a log file on the Desktop called TDSSQ.txt. Post the content of the file in your next reply.
This will show us what TDSSKiller deleted.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Louie22

Louie22
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tooele,UT
  • Local time:10:35 PM

Posted 16 March 2012 - 09:26 AM

I did a system restore 2,3 days a go .I do not know how or if the info can be recovered .
Sorry , you are handycaped by my inability to wait for things to get rid of my infection.
I have learned a lesson , and will only follow your instructions .
many thank you to for putting up with users such as I .Louie22

TDSSKiller Quarantine Information log
Version 1.0.0.4
***** START SCAN Fri 03/16/2012 8:06:01.58 *****

---------- Warning! ----------

TDSSKiller Quarantine folder not found

---------- TDSSKiller logs ----------

TDSSKiller.2.7.20.0_15.03.2012_23.32.14_log.txt

---------- TDSSStarter logs ----------


***** END SCAN Fri 03/16/2012 8:06:02.06 *****
- EOF -

#8 Louie22

Louie22
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tooele,UT
  • Local time:10:35 PM

Posted 16 March 2012 - 03:23 PM

The trojan removed by TDSSK was , "Trojan.Crypt!K" Recards Louie22

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,773 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:35 AM

Posted 17 March 2012 - 05:26 AM

Hi,

yes, unfortunately that doesn't give me much to go on? Do you remember in what file it was found?

There should be a file called TDSSKiller.2.7.20.0_15.03.2012_23.32.14_log.txt in your C:\ drive. Can you please post the contents?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 Louie22

Louie22
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tooele,UT
  • Local time:10:35 PM

Posted 17 March 2012 - 08:18 AM

I'm living bad 4 time to pot this ,never kest regads Louie22now what went wrong with other attemots . Best regards Louie22

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-15 12:31:25
-----------------------------
12:31:25.836 OS Version: Windows x64 6.1.7601 Service Pack 1
12:31:25.836 Number of processors: 2 586 0x100
12:31:25.836 ComputerName: DEWEY-PC UserName: DEWEY
12:31:28.893 Initialize success
12:32:07.297 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
12:32:07.312 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 11
12:32:07.328 Disk 0 MBR read successfully
12:32:07.343 Disk 0 MBR scan
12:32:07.343 Disk 0 Windows 7 default MBR code
12:32:07.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
12:32:07.390 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 260243 MB offset 411648
12:32:07.406 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 533389312
12:32:07.437 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 594198528
12:32:07.468 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 533391360
12:32:07.515 Disk 0 scanning C:\windows\system32\drivers
12:32:12.523 Service scanning
12:32:26.672 Modules scanning
12:32:26.688 Disk 0 trace - called modules:
12:32:26.766 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys
12:32:26.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80023c6060]
12:32:26.797 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80022b2b80]
12:32:26.812 5 amd_xata.sys[fffff880011237a8] -> nt!IofCallDriver -> [0xfffffa8001418960]
12:32:26.828 7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\00000064[0xfffffa8002186160]
12:32:26.844 Scan finished successfully
12:33:12.832 Disk 0 MBR has been saved successfully to "C:\Users\DEWEY\Documents\MBR.dat"
12:33:12.848 The log file has been saved successfully to "C:\Users\DEWEY\Documents\aswMBR.txt"

#11 Louie22

Louie22
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tooele,UT
  • Local time:10:35 PM

Posted 20 March 2012 - 11:24 AM

I want to thank you for the attention payed to my posts .Your help over welmd me . Such kindness .By the way the Kasperski 2012 , foun and rid me of two trojans . The PC seems to be clean now . Tell the old Queen I said Hey . TU much LOUIE XXll

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,773 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:35 AM

Posted 21 March 2012 - 04:36 AM

Hi,

sorry for the delay, I thought I had replied to this days ago. :wacko:

The log you posted is from aswmbr, not tdsskiller. Are you sure that it was saved as TDSSKiller.2.7.20.0_15.03.2012_23.32.14_log.txt
Do you remember running aswmbr on March 15th?

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Louie22

Louie22
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tooele,UT
  • Local time:10:35 PM

Posted 21 March 2012 - 03:16 PM

No,I will check . I still have the TDSSQlook item .I will read it and see what I can find . With help of Kasperski 2012 download and , help from other anti virus programs , I may have this over with soon . PDM Jojan , PDML Trojan have been erased from PC . There were two others too . As soon as I plow thr' my notes ,I will let you know re; them . I have taken ownership of programs tto help keep baddys off my back for a while . I have not taccken over C:\ rdv. Was told noot to.HJK This was a spy .Deleted same . Looking at port safety . My modem and PC had been used as a router to pass on malware all over the globe . Here is otl log.



OTL logfile created on: 3/20/2012 2:11:05 PM - Run 5
OTL by OldTimer - Version 3.2.37.1 Folder = C:\Users\DEWEY\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.60 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 36.93% Memory free
3.21 Gb Paging File | 1.10 Gb Available in Paging File | 34.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 223.43 Gb Free Space | 87.91% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 24.45 Gb Free Space | 84.33% Space Free | Partition Type: NTFS

Computer Name: DEWEY-PC | User Name: DEWEY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\DEWEY\Desktop\OTL.exe (OldTimer Tools)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (24x7HelpSvc) -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe (PCRx.com, LLC)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\drivers\Motousbnet.sys (Motorola Mobility Inc)
DRV:64bit: - (motport) -- C:\Windows\SysNative\drivers\motport.sys (Motorola Mobility Inc)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola Mobility Inc)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (vm2uvcflt) -- C:\Windows\SysNative\drivers\vm2uvcflt.sys (Vimicro Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (motandroidusb) -- C:\Windows\SysNative\drivers\motoandroid.sys (Motorola)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\drivers\motfilt.sys (Motorola Inc)
DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=421&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=421&sr=0&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://msn.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.us.msn.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=110014&babsrc=SP_ss&mntrId=ccf832c00000000000009439e54eae13
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=421&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{BD07EAAA-6284-46FB-9B68-5BB5979482E9}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120311,17118,0,18,0
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80085&lng=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/03/19 23:09:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/03/19 23:09:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/03/19 23:07:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WordWeb\WCaptureMoz [2012/03/17 18:17:04 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\desktop\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe File not found
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\desktop\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\desktop\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55DB513C-1A0A-402A-8BCF-878D9206068F}: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{850FECB8-4957-480C-86A8-C99B0A8E8FA3}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\windows\4953016.exe \??\C:\windows\4953016.dat)
O34 - HKLM BootExecute: (xplorer\MountPoints2\{a49e39c4-6fd4-11e1-814a-dc0ea15dad4d}\Shell\Au)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/20 05:52:38 | 001,079,112 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\DEWEY\Desktop\procexp64.exe
[2012/03/20 02:10:12 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\InfraRecorder
[2012/03/20 02:07:52 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Local\WeatherBug
[2012/03/20 02:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Setup Support for Weatherbug
[2012/03/20 02:07:47 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\WeatherBug
[2012/03/20 02:07:38 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeatherBug
[2012/03/20 02:07:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AWS
[2012/03/20 02:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfraRecorder
[2012/03/20 02:06:45 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\Desktop\InfraRecorder
[2012/03/20 02:05:23 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Local\Babylon
[2012/03/20 02:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/03/20 02:05:21 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\Babylon
[2012/03/20 01:15:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/20 01:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Searchqu Toolbar
[2012/03/20 00:18:52 | 000,200,704 | ---- | C] (vbAccelerator) -- C:\windows\SysWow64\vbalExpBar6.ocx
[2012/03/20 00:18:31 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msinet.OCX
[2012/03/20 00:18:31 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetfr.DLL
[2012/03/20 00:18:30 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\windows\SysWow64\SSubTmr6.dll
[2012/03/20 00:18:28 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\VB6STKIT.DLL
[2012/03/20 00:18:27 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\VB6FR.DLL
[2012/03/20 00:18:25 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mscomctl.ocx
[2012/03/20 00:18:25 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCMCFR.DLL
[2012/03/20 00:18:23 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\COMDLG32.OCX
[2012/03/20 00:18:22 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CMDLGFR.DLL
[2012/03/20 00:18:19 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\FreeBurner
[2012/03/20 00:18:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Easy CD DVD Burner
[2012/03/20 00:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO Image Burner
[2012/03/19 23:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012/03/19 23:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/03/19 23:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/03/19 23:06:53 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klif.sys
[2012/03/19 17:14:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012/03/19 17:14:40 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\Documents\Anti-Malware
[2012/03/19 15:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/19 10:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/03/19 10:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/03/19 10:28:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/03/19 02:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2012/03/19 02:34:19 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gdiplus.dll
[2012/03/18 22:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012/03/18 22:38:15 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\CyberLink
[2012/03/18 20:36:02 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/18 20:35:20 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2012/03/18 20:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/03/18 18:27:07 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/03/18 09:43:38 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Local\Apps
[2012/03/18 09:43:37 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Local\Deployment
[2012/03/18 05:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/18 05:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/18 05:05:06 | 000,000,000 | ---D | C] -- C:\desktop
[2012/03/18 05:02:10 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\DEWEY\Desktop\spybotsd162.exe
[2012/03/17 19:47:24 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\Mobile Action
[2012/03/17 19:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Sync Manager WiFi
[2012/03/17 19:47:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Action
[2012/03/17 18:17:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WordWeb
[2012/03/17 17:13:36 | 000,186,880 | ---- | C] (CEXX.ORG) -- C:\Users\DEWEY\Desktop\LSPFix.exe
[2012/03/17 16:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012/03/17 16:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Freely
[2012/03/17 16:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Open Freely
[2012/03/17 16:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/03/17 16:34:37 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Local\I Want This
[2012/03/17 16:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/03/17 16:34:29 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\Yahoo!
[2012/03/17 16:34:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/03/17 16:15:17 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/03/17 16:15:12 | 000,000,000 | ---D | C] -- C:\desktop (x86)
[2012/03/17 15:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012/03/17 15:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/03/17 15:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/03/17 13:36:18 | 000,000,000 | ---D | C] -- C:\Temp
[2012/03/17 13:36:18 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\Motorola
[2012/03/17 13:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012/03/17 13:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012/03/17 13:34:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2012/03/17 12:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2012/03/17 11:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Utilities
[2012/03/17 11:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Utilities
[2012/03/17 11:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Utilities
[2012/03/17 09:07:25 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\licenses
[2012/03/17 09:07:13 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\PCMM2011
[2012/03/16 23:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
[2012/03/16 23:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\24x7Help
[2012/03/16 19:50:02 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Local\Zoom_Downloader
[2012/03/16 10:53:02 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\SpeedyPC Software
[2012/03/16 10:53:02 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\DriverCure
[2012/03/16 10:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/03/16 10:41:15 | 004,785,536 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\DEWEY\Desktop\227570ed-ff97-4a0e-8558-b8d38ba06923.com
[2012/03/16 10:20:25 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/16 08:32:57 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\61884623.sys
[2012/03/15 23:32:15 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\11566782.sys
[2012/03/15 23:31:24 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\Desktop\tdsskiller
[2012/03/15 18:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/03/15 17:59:39 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Local\Secunia PSI
[2012/03/15 17:59:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012/03/15 17:16:33 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\DEWEY\Desktop\OTL.exe
[2012/03/15 15:25:18 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Local\Diagnostics
[2012/03/15 14:54:49 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2012/03/15 14:54:49 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2012/03/15 14:30:47 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/03/15 14:30:45 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/03/15 14:30:43 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/03/15 14:05:11 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/03/15 14:05:11 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/03/15 14:05:07 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/03/15 14:05:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/03/15 14:05:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/03/15 14:05:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/03/15 14:05:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/03/15 14:05:03 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/03/15 14:05:03 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/03/15 14:05:01 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/03/15 14:05:00 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/03/15 12:31:14 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\DEWEY\aswMBR.exe
[2012/03/15 09:16:15 | 000,000,000 | --SD | C] -- C:\windows\SysWow64\Microsoft
[2012/03/15 03:32:59 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xmllite.dll
[2012/03/15 03:32:54 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2012/03/15 03:32:53 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2012/03/15 03:32:21 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntshrui.dll
[2012/03/15 03:32:14 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccu32.dll
[2012/03/15 03:32:14 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccr32.dll
[2012/03/15 03:32:13 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbcjt32.dll
[2012/03/15 03:32:13 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbctrac.dll
[2012/03/15 03:32:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccp32.dll
[2012/03/15 03:32:12 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccu32.dll
[2012/03/15 03:32:12 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccr32.dll
[2012/03/15 03:32:11 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccp32.dll
[2012/03/15 03:32:10 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbctrac.dll
[2012/03/15 03:31:42 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\poqexec.exe
[2012/03/15 03:31:42 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\poqexec.exe
[2012/03/15 03:31:37 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\quartz.dll
[2012/03/15 03:31:36 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\quartz.dll
[2012/03/15 03:31:35 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2012/03/15 03:31:35 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2012/03/15 03:31:31 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2012/03/15 03:31:22 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tquery.dll
[2012/03/15 03:31:22 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssrch.dll
[2012/03/15 03:31:21 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssrch.dll
[2012/03/15 03:31:20 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchProtocolHost.exe
[2012/03/15 03:31:19 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll
[2012/03/15 03:31:17 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssph.dll
[2012/03/15 03:31:17 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssph.dll
[2012/03/15 03:31:17 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchFilterHost.exe
[2012/03/15 03:31:16 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssvp.dll
[2012/03/15 03:31:16 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssphtb.dll
[2012/03/15 03:31:15 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssvp.dll
[2012/03/15 03:31:14 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msscntrs.dll
[2012/03/15 03:31:13 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msscntrs.dll
[2012/03/15 03:30:59 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2012/03/15 03:30:58 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll
[2012/03/15 03:30:57 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll
[2012/03/15 03:30:57 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2012/03/15 03:30:57 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2012/03/15 03:30:56 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2012/03/15 03:30:41 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\timedate.cpl
[2012/03/15 03:30:40 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\timedate.cpl
[2012/03/15 03:30:24 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012/03/15 03:30:15 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDec.dll
[2012/03/15 03:30:14 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\EncDec.dll
[2012/03/15 03:24:01 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012/03/15 03:24:01 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012/03/15 03:24:00 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012/03/15 03:24:00 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012/03/15 03:24:00 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012/03/15 03:23:58 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012/03/15 03:23:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012/03/15 03:23:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012/03/15 03:23:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012/03/15 03:23:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/03/15 03:23:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/03/15 03:23:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012/03/15 03:23:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012/03/15 03:23:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/03/15 03:23:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012/03/15 03:23:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/03/15 03:23:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/03/15 03:23:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/03/15 03:23:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/03/15 03:23:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/03/15 03:23:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/03/15 03:23:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/03/15 03:23:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/03/15 03:23:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/03/15 03:23:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/03/15 03:23:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/03/15 03:23:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/03/15 03:23:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/03/15 03:23:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/03/15 03:23:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/03/15 03:23:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/03/15 03:23:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/03/15 03:23:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/03/15 03:23:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/03/15 03:23:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/03/15 03:23:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/03/15 03:23:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/03/15 03:23:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/03/15 03:23:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/03/15 03:23:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/03/15 03:23:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/03/15 03:23:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/03/15 03:23:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/03/15 03:23:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/03/15 03:23:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/03/15 03:23:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/03/15 03:23:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/03/15 03:23:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/03/15 03:23:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/03/15 03:23:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/03/15 03:23:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/03/15 03:23:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/03/15 03:23:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/03/15 03:23:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/03/15 03:23:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/03/15 03:23:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/03/15 03:23:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/03/15 03:23:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/03/15 03:23:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/03/15 03:23:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/03/15 03:23:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/03/15 03:23:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/03/15 03:23:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/03/15 03:23:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/03/15 03:23:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/03/15 03:23:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/03/15 03:23:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/03/15 03:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/03/15 03:23:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012/03/15 03:23:20 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisdecd.dll
[2012/03/15 03:23:20 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisrndr.ax
[2012/03/15 03:23:19 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisdecd.dll
[2012/03/15 03:23:18 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisrndr.ax
[2012/03/15 03:22:52 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2012/03/15 03:20:09 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\drvinst.exe
[2012/03/15 03:20:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\devrtl.dll
[2012/03/15 03:19:54 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvcrt.dll
[2012/03/15 03:19:42 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleacc.dll
[2012/03/15 03:19:41 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2012/03/15 03:19:24 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll
[2012/03/15 03:19:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll
[2012/03/15 03:04:38 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\Macromedia
[2012/03/15 03:03:25 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\Adobe
[2012/03/15 02:43:15 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Local\Google
[2012/03/15 02:38:34 | 004,777,280 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\DEWEY\Desktop\procexp.exe
[2012/03/15 02:31:16 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2012/03/15 02:31:15 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012/03/15 02:31:15 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012/03/15 02:31:09 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2012/03/15 02:31:09 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll
[2012/03/15 02:23:01 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/03/15 02:22:59 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Local\AMD
[2012/03/15 02:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Energy Management
[2012/03/15 02:22:32 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\ATI
[2012/03/15 02:22:32 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Local\ATI
[2012/03/15 02:22:07 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/03/15 02:22:07 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Searches
[2012/03/15 02:22:07 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/03/15 02:22:07 | 000,000,000 | -H-D | C] -- C:\Users\DEWEY\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/03/15 02:21:55 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\Identities
[2012/03/15 02:21:51 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Contacts
[2012/03/15 02:21:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/15 02:21:48 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Local\VirtualStore
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\AppData\Local\Temporary Internet Files
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\Templates
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\Start Menu
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\SendTo
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\Recent
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\PrintHood
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\NetHood
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\Documents\My Videos
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\Documents\My Pictures
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\Local Settings
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\AppData\Local\History
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\Cookies
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\Application Data
[2012/03/15 02:21:37 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\AppData\Local\Application Data
[2012/03/15 02:21:36 | 000,000,000 | --SD | C] -- C:\Users\DEWEY\AppData\Roaming\Microsoft
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Videos
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Saved Games
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Pictures
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Music
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Links
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Favorites
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Downloads
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Documents
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\Desktop
[2012/03/15 02:21:36 | 000,000,000 | R--D | C] -- C:\Users\DEWEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/03/15 02:21:36 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\Documents\My Music
[2012/03/15 02:21:36 | 000,000,000 | -HSD | C] -- C:\Users\DEWEY\My Documents
[2012/03/15 02:21:36 | 000,000,000 | -H-D | C] -- C:\Users\DEWEY\AppData
[2012/03/15 02:21:36 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Local\Temp
[2012/03/15 02:21:36 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Local\Microsoft
[2012/03/15 02:21:36 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\Media Center Programs
[2012/03/15 02:21:36 | 000,000,000 | ---D | C] -- C:\Users\DEWEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
[2012/03/15 02:21:25 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/03/14 20:12:45 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012/03/20 11:18:12 | 000,000,486 | ---- | M] () -- C:\Users\DEWEY\Desktop\Google.website
[2012/03/20 10:25:30 | 000,000,514 | ---- | M] () -- C:\Users\DEWEY\Desktop\Bleeping Computer - Computer Help and Discussion.website
[2012/03/20 05:52:38 | 001,079,112 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\DEWEY\Desktop\procexp64.exe
[2012/03/20 02:06:47 | 000,000,747 | ---- | M] () -- C:\Users\DEWEY\Application Data\Microsoft\Internet Explorer\Quick Launch\InfraRecorder.lnk
[2012/03/20 02:06:47 | 000,000,741 | ---- | M] () -- C:\Users\Public\Desktop\InfraRecorder.lnk
[2012/03/20 01:12:03 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 01:12:03 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 01:09:16 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/03/20 01:09:16 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/03/20 01:09:16 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/03/20 01:04:50 | 000,253,943 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012/03/20 01:04:24 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2012/03/20 01:04:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/20 01:04:02 | 1292,029,952 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/20 01:01:57 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
[2012/03/20 00:58:39 | 000,102,400 | ---- | M] () -- C:\Users\DEWEY\Documents\kasperski rescue disk.iso
[2012/03/20 00:54:25 | 000,001,122 | ---- | M] () -- C:\Users\DEWEY\Desktop\Cyberlink Power2Go.lnk
[2012/03/20 00:03:45 | 000,000,758 | ---- | M] () -- C:\Users\Public\Desktop\ISO Image Burner.lnk
[2012/03/19 23:15:58 | 000,017,408 | ---- | M] () -- C:\Users\DEWEY\AppData\Local\WebpageIcons.db
[2012/03/19 23:12:22 | 000,152,233 | ---- | M] () -- C:\windows\SysNative\drivers\klin.dat
[2012/03/19 23:12:22 | 000,107,177 | ---- | M] () -- C:\windows\SysNative\drivers\klick.dat
[2012/03/19 23:11:04 | 000,001,130 | ---- | M] () -- C:\Users\DEWEY\Desktop\Kaspersky Internet Security 2012.lnk
[2012/03/19 23:06:54 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klif.sys
[2012/03/19 22:58:24 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/03/19 17:08:48 | 000,001,019 | ---- | M] () -- C:\Users\DEWEY\Desktop\CommandlineScanner (2).bat - Shortcut.lnk
[2012/03/19 10:27:06 | 001,474,832 | ---- | M] () -- C:\windows\SysNative\drivers\sfi.dat
[2012/03/19 06:13:43 | 000,001,003 | ---- | M] () -- C:\Users\DEWEY\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/19 06:13:43 | 000,000,979 | ---- | M] () -- C:\Users\DEWEY\Desktop\Spybot - Search & Destroy.lnk
[2012/03/19 02:34:27 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2012/03/19 02:34:19 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\gdiplus.dll
[2012/03/19 02:06:45 | 000,000,096 | ---- | M] () -- C:\index.ini
[2012/03/18 22:59:26 | 000,001,908 | ---- | M] () -- C:\windows\diagwrn.xml
[2012/03/18 22:59:26 | 000,001,908 | ---- | M] () -- C:\windows\diagerr.xml
[2012/03/18 20:36:02 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/18 20:19:32 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\del
[2012/03/18 20:19:31 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\delete
[2012/03/18 17:38:33 | 000,001,254 | ---- | M] () -- C:\Users\DEWEY\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/18 05:45:09 | 000,000,000 | ---- | M] () -- C:\windows\EngineExe.INI
[2012/03/18 05:02:55 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\DEWEY\Desktop\spybotsd162.exe
[2012/03/17 21:34:10 | 000,000,000 | ---- | M] () -- C:\windows\PanelExe.INI
[2012/03/17 19:47:42 | 000,001,222 | ---- | M] () -- C:\Users\Public\Desktop\Android Sync Manager WiFi.lnk
[2012/03/17 19:45:46 | 000,186,880 | ---- | M] (CEXX.ORG) -- C:\Users\DEWEY\Desktop\LSPFix.exe
[2012/03/17 16:15:17 | 000,002,963 | ---- | M] () -- C:\Users\DEWEY\Desktop\HiJackThis.lnk
[2012/03/17 13:36:11 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2012/03/17 13:36:08 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2012/03/17 13:35:51 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2012/03/17 13:35:46 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2012/03/17 13:35:36 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_motport_01007.Wdf
[2012/03/17 11:20:37 | 000,002,339 | ---- | M] () -- C:\Users\Public\Desktop\Driver Utilities.lnk
[2012/03/17 10:56:34 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/03/16 23:01:19 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\24x7 Help.lnk
[2012/03/16 19:56:08 | 000,001,492 | ---- | M] () -- C:\user.js
[2012/03/16 19:03:53 | 011,197,942 | ---- | M] () -- C:\windows\SysNative\AclFile
[2012/03/16 10:41:16 | 004,785,536 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\DEWEY\Desktop\227570ed-ff97-4a0e-8558-b8d38ba06923.com
[2012/03/16 08:32:57 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\61884623.sys
[2012/03/16 08:05:33 | 000,154,624 | ---- | M] () -- C:\Users\DEWEY\Desktop\TDSSQlook.exe
[2012/03/15 23:32:15 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\11566782.sys
[2012/03/15 23:31:00 | 002,044,822 | ---- | M] () -- C:\Users\DEWEY\Desktop\tdsskiller.zip
[2012/03/15 19:38:27 | 124,743,294 | ---- | M] () -- C:\Users\DEWEY\Desktop\EmsisoftEmergencyKit.zip
[2012/03/15 18:35:08 | 000,000,170 | ---- | M] () -- C:\Users\DEWEY\Desktop\Yahoo.url
[2012/03/15 17:16:44 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\DEWEY\Desktop\OTL.exe
[2012/03/15 14:57:15 | 000,282,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/03/15 13:55:14 | 000,731,106 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/03/15 13:55:03 | 000,001,897 | ---- | M] () -- C:\Users\DEWEY\Desktop\Microsoft Security Essentials.lnk
[2012/03/15 12:31:20 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\DEWEY\aswMBR.exe
[2012/03/15 09:54:23 | 000,000,000 | ---- | M] () -- C:\Users\DEWEY\defogger_reenable
[2012/03/15 02:22:31 | 000,002,086 | ---- | M] () -- C:\Users\DEWEY\Desktop\OneKey Recovery.lnk
[2012/03/14 20:15:13 | 000,108,227 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2012/03/14 20:15:13 | 000,108,227 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2012/03/14 02:51:00 | 000,000,060 | ---- | M] () -- C:\Users\DEWEY\Desktop\CommandlineScanner (2).bat
[2012/03/11 07:04:56 | 004,777,280 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\DEWEY\Desktop\procexp.exe

========== Files Created - No Company Name ==========

[2012/03/20 02:06:47 | 000,000,747 | ---- | C] () -- C:\Users\DEWEY\Application Data\Microsoft\Internet Explorer\Quick Launch\InfraRecorder.lnk
[2012/03/20 02:06:47 | 000,000,741 | ---- | C] () -- C:\Users\Public\Desktop\InfraRecorder.lnk
[2012/03/20 01:01:57 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
[2012/03/20 00:47:25 | 000,102,400 | ---- | C] () -- C:\Users\DEWEY\Documents\kasperski rescue disk.iso
[2012/03/20 00:03:45 | 000,000,758 | ---- | C] () -- C:\Users\Public\Desktop\ISO Image Burner.lnk
[2012/03/19 23:15:53 | 000,017,408 | ---- | C] () -- C:\Users\DEWEY\AppData\Local\WebpageIcons.db
[2012/03/19 23:12:22 | 000,152,233 | ---- | C] () -- C:\windows\SysNative\drivers\klin.dat
[2012/03/19 23:12:22 | 000,107,177 | ---- | C] () -- C:\windows\SysNative\drivers\klick.dat
[2012/03/19 23:12:10 | 000,001,130 | ---- | C] () -- C:\Users\DEWEY\Desktop\Kaspersky Internet Security 2012.lnk
[2012/03/19 17:08:48 | 000,001,019 | ---- | C] () -- C:\Users\DEWEY\Desktop\CommandlineScanner (2).bat - Shortcut.lnk
[2012/03/19 02:36:49 | 001,474,832 | ---- | C] () -- C:\windows\SysNative\drivers\sfi.dat
[2012/03/19 02:34:27 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2012/03/19 02:06:45 | 000,000,096 | ---- | C] () -- C:\index.ini
[2012/03/18 22:59:06 | 000,001,908 | ---- | C] () -- C:\windows\diagwrn.xml
[2012/03/18 22:59:06 | 000,001,908 | ---- | C] () -- C:\windows\diagerr.xml
[2012/03/18 20:19:32 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\del
[2012/03/18 20:19:31 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\delete
[2012/03/18 05:45:09 | 000,000,000 | ---- | C] () -- C:\windows\EngineExe.INI
[2012/03/18 05:06:10 | 000,001,003 | ---- | C] () -- C:\Users\DEWEY\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/18 05:06:10 | 000,000,979 | ---- | C] () -- C:\Users\DEWEY\Desktop\Spybot - Search & Destroy.lnk
[2012/03/18 04:32:16 | 000,000,486 | ---- | C] () -- C:\Users\DEWEY\Desktop\Google.website
[2012/03/17 21:34:10 | 000,000,000 | ---- | C] () -- C:\windows\PanelExe.INI
[2012/03/17 19:47:42 | 000,001,222 | ---- | C] () -- C:\Users\Public\Desktop\Android Sync Manager WiFi.lnk
[2012/03/17 18:17:05 | 000,001,952 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordWeb.lnk
[2012/03/17 18:17:04 | 002,213,120 | ---- | C] () -- C:\windows\wweb32.dll
[2012/03/17 16:36:46 | 000,165,376 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2012/03/17 16:15:17 | 000,002,963 | ---- | C] () -- C:\Users\DEWEY\Desktop\HiJackThis.lnk
[2012/03/17 13:36:11 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2012/03/17 13:36:08 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2012/03/17 13:35:51 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2012/03/17 13:35:46 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2012/03/17 13:35:36 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_motport_01007.Wdf
[2012/03/17 11:20:37 | 000,002,339 | ---- | C] () -- C:\Users\Public\Desktop\Driver Utilities.lnk
[2012/03/17 10:56:34 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/03/16 23:01:19 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\24x7 Help.lnk
[2012/03/16 19:55:58 | 000,001,492 | ---- | C] () -- C:\user.js
[2012/03/16 19:01:05 | 011,197,942 | ---- | C] () -- C:\windows\SysNative\AclFile
[2012/03/16 11:30:08 | 000,000,514 | ---- | C] () -- C:\Users\DEWEY\Desktop\Bleeping Computer - Computer Help and Discussion.website
[2012/03/16 08:05:08 | 000,154,624 | ---- | C] () -- C:\Users\DEWEY\Desktop\TDSSQlook.exe
[2012/03/15 23:29:59 | 002,044,822 | ---- | C] () -- C:\Users\DEWEY\Desktop\tdsskiller.zip
[2012/03/15 19:26:30 | 124,743,294 | ---- | C] () -- C:\Users\DEWEY\Desktop\EmsisoftEmergencyKit.zip
[2012/03/15 18:33:47 | 000,000,170 | ---- | C] () -- C:\Users\DEWEY\Desktop\Yahoo.url
[2012/03/15 17:59:25 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012/03/15 16:03:50 | 000,065,536 | ---- | C] () -- C:\windows\SysNative\Ikeext.etl
[2012/03/15 13:55:25 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2012/03/15 13:55:14 | 000,731,106 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/03/15 13:55:03 | 000,001,897 | ---- | C] () -- C:\Users\DEWEY\Desktop\Microsoft Security Essentials.lnk
[2012/03/15 09:54:23 | 000,000,000 | ---- | C] () -- C:\Users\DEWEY\defogger_reenable
[2012/03/15 03:01:15 | 000,001,254 | ---- | C] () -- C:\Users\DEWEY\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/15 02:38:11 | 000,000,060 | ---- | C] () -- C:\Users\DEWEY\Desktop\CommandlineScanner (2).bat
[2012/03/15 02:22:18 | 000,001,413 | ---- | C] () -- C:\Users\DEWEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/03/15 02:22:09 | 000,001,260 | ---- | C] () -- C:\Users\DEWEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/03/15 02:21:36 | 000,002,086 | ---- | C] () -- C:\Users\DEWEY\Desktop\OneKey Recovery.lnk
[2012/03/15 02:21:36 | 000,001,122 | ---- | C] () -- C:\Users\DEWEY\Desktop\Cyberlink Power2Go.lnk
[2012/03/15 02:21:36 | 000,000,290 | ---- | C] () -- C:\Users\DEWEY\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/03/15 02:21:36 | 000,000,272 | ---- | C] () -- C:\Users\DEWEY\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/03/15 02:21:36 | 000,000,189 | ---- | C] () -- C:\Users\DEWEY\Desktop\Lenovo Telephony Start Now.url
[2012/03/14 20:12:40 | 1292,029,952 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/16 09:59:30 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011/10/16 09:59:30 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2011/10/16 09:35:58 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011/10/16 09:35:57 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/10/16 09:35:56 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011/10/16 09:35:56 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/10/16 09:35:30 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/10/16 09:08:15 | 000,001,823 | ---- | C] () -- C:\windows\vm332Rmv.ini
[2011/10/16 09:08:15 | 000,001,823 | ---- | C] () -- C:\windows\SysWow64\vm332Rmv.ini
[2011/10/16 08:53:34 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/10/16 08:49:04 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/08/09 23:56:20 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll

< End of report >
I will send extra on anothe post You and crew are the best Loiue22



#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,773 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:35 AM

Posted 22 March 2012 - 04:21 AM

Heya Louie,

can you please expand on this:

I have taken ownership of programs tto help keep baddys off my back for a while . I have not taccken over C:\ rdv. Was told noot to.HJK This was a spy .Deleted same . Looking at port safety . My modem and PC had been used as a router to pass on malware all over the globe .

I'm sorry I don't understand what you're telling me.

What did you delete, what did you take ownership off? Who told you Hijackthis was a spy? Who told you not to take over C:\ and what does rdv stay for?

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 Louie22

Louie22
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tooele,UT
  • Local time:10:35 PM

Posted 22 March 2012 - 06:05 AM

I paniced at the HFJ this notice . did not reason it could be fake from malware on computer I started a program to take ownership of folders and files to gain an advantage over the bug . The malware kept not allowing me to use my emails . Was also cutting down on programs ,folders and files needed to use PC for some thing other than a doorstop. BIG warning not . to take ownership of C"\ dvr . No reson given . this from instructions re; taking ownership of folders and files . All was going well until the trojan virus took over HKEY CURRENT CONFIG . . Did so in a way nothing would open . Not being a total idiot I had no reason to delete it . I tried to get help from modem provider to get some protection or mask the ports being used by dozens of IPs to comunicate globaly . My modem had become oa router for many unhealthy IPs. .



rdv was drv. . my sloppy typing and editing . I am sorrrythat I go wild catting , but whe the trojan virus starts to shut me down .I have to do some thhing to help my self . I hope this helps clear the air a little . As good as you are you can not baby sit me every minute . I marvel at what you and staff do for users that need help



Thanks again for the help Louie

I hop that post went thru' louie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users