Browser Redirects - High System Resource Use - Rootkit Infection ?

View previous topic View next topic Go down

Browser Redirects - High System Resource Use - Rootkit Infection ?

Post by Resto on Thu 22 Mar 2012, 10:17 am

Hopefully, GeekPolice can assist me in repairing my wife's computer from an apparent svchost.exe issue.

She is running W7 64 bit with IE8. Utilizing AVG Free as her antivirus program. MBAM identifies svchost.exe issues in Memory Processes and also in Files Detected. It states that removal will occur on reboot, but the infection simply comes back upon reboot.

Symptoms seem to be very high CPU usage (even with no programs open) and redirects from Google searches. One of the redirect sites is "Ask The Crew".

The scans I ran before posting this indicate that her IE8, Java and Abobe Reader are out of date. Additionally, it looks like there are other antivirus/security programs on her laptop. Whatever is there came pre-installed from the computer manufacturer and has never been activated. As stated above, to my knowledge, the only programs she has utilized are AVG Free for real time protection and MBAM Free as a scanner.

Thank you in advance for your assistance. Requested scan logs are too long for a single post, so will be posted in multiple entries below:

OTL logfile created on: 3/21/2012 9:20:25 AM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Jennifer\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.35 Gb Available Physical Memory | 17.88% Memory free
3.87 Gb Paging File | 1.92 Gb Available in Paging File | 49.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 213.73 Gb Total Space | 165.13 Gb Free Space | 77.26% Space Free | Partition Type: NTFS
Drive D: | 18.86 Gb Total Space | 2.74 Gb Free Space | 14.51% Space Free | Partition Type: NTFS

Computer Name: JENNIFER-HP | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/21 09:17:41 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.com
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/10/01 22:29:41 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/29 03:55:32 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/09/28 21:08:58 | 000,584,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/09/28 21:08:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/09/17 19:45:46 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/11 05:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/04/27 14:30:38 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe
PRC - [2009/04/27 14:30:34 | 000,410,280 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/08/16 17:21:30 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/08/16 17:21:30 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/08/16 17:21:30 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/04/27 14:30:38 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe
MOD - [2009/04/27 14:30:34 | 000,410,280 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe
MOD - [2007/09/06 16:38:30 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldoscw.dll
MOD - [2007/08/01 04:15:52 | 000,077,906 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldocfg.dll
MOD - [2007/05/03 11:39:32 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldodatr.dll
MOD - [2007/04/09 09:16:00 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\DLDOptp.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/05 22:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/21 17:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/24 19:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/05 13:31:20 | 000,034,032 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dldoserv.exe -- (dldoCATSCustConnectService)
SRV:64bit: - [2007/10/05 09:31:08 | 001,044,720 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dldocoms.exe -- (dldo_device)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe -- (NIS)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/28 21:08:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/09/17 19:45:46 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/11 05:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/18 21:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/01 19:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/05 13:31:20 | 000,034,032 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\dldoserv.exe -- (dldoCATSCustConnectService)
SRV - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\dldocoms.exe -- (dldo_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/18 15:23:08 | 000,029,808 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/05/27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/05/11 10:00:37 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 01:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/09/29 03:55:54 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/09/13 14:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/10 22:20:28 | 001,014,624 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/04/13 13:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/22 21:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/21 01:54:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/08/13 05:00:00 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\EX64.SYS -- (NAVEX15)
DRV - [2010/08/13 05:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/08/13 05:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/08/13 05:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\ENG64.SYS -- (NAVENG)
DRV - [2010/08/08 23:11:49 | 000,945,200 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/06/27 00:05:05 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys -- (IDSVia64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/09/28 06:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_6_3 [2012/03/21 09:05:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010/12/01 05:03:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/01 05:03:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/01 05:04:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/02/03 10:50:16 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [dldomon.exe] C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell 968 AIO Printer] C:\Program Files (x86)\Dell 968 AIO Printer\fm3032.exe ()
O4 - HKLM..\Run: [dldomon.exe] C:\Program Files (x86) (x86)\Dell 968 AIO Printer\dldomon.exe ()
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86) (x86)\Dell 968 AIO Printer\memcard.exe ()
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} [You must be registered and logged in to see this link.] (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5234EEB6-9645-4B41-80B9-9D92E56E0DAB}: DhcpNameServer = 40.6.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDAABA9F-3E94-473B-B32B-EC0329553175}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

-CONTINUED-





Last edited by Resto on Thu 22 Mar 2012, 10:49 am; edited 3 times in total

Resto

Rookie Surfer
Rookie Surfer

Posts : 63
Joined : 2009-09-17
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Browser Redirects - High System Resource Use - Rootkit Infection ?

Post by Resto on Thu 22 Mar 2012, 10:21 am

- CONTINUED -

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/21 09:17:40 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.com
[2012/03/21 09:06:01 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/03/18 20:25:07 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jennifer\Desktop\dds.scr
[2012/03/18 19:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/03/18 15:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/18 15:36:06 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/18 15:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/18 12:38:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/03/18 12:38:04 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/03/18 11:23:00 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Malwarebytes
[2012/03/18 11:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/18 10:12:08 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/03/18 09:54:04 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{BC73AE6B-102A-4FBE-926D-EDA6E4CB649B}
[2012/03/18 08:29:00 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{5AD58D76-8F3D-4F97-84B7-35D69B680A41}
[2012/03/18 00:15:52 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{8B4F6C9A-D0D9-45F9-9444-DE370663F4B5}
[2012/03/17 21:53:53 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{0A9EC783-CCC8-4782-AEA7-0CE099C7DFEF}
[2012/03/17 18:54:25 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{71AC4C52-D4E4-4DD5-A055-BBBBF3548959}
[2012/03/17 14:46:50 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{0E091CEB-C263-40BE-846B-012138AF0086}
[2012/03/17 10:51:44 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{3A8CE685-F6FF-42D3-9108-C4A8EE79D4D4}
[2012/03/17 08:47:28 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{10C9AC62-A193-4FA9-B1C1-B65EDB86AE6F}
[2012/03/17 08:12:36 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{20F3FB28-26F3-4A69-B7E2-684E25406B9F}
[2012/03/16 21:30:59 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{EF374546-B79B-4111-ADC4-5D44AF503D82}
[2012/03/16 20:59:09 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{508E31EE-CDF9-4B62-8DE8-453FAB80AA69}
[2012/03/16 18:12:19 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{6DB61B4D-49C4-4F86-8ACF-80EA444000A3}
[2012/03/16 18:09:19 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{535C5E3F-AA71-4FFA-9AF7-5ABB29CE20E9}
[2012/03/16 15:29:07 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{985C4CEB-AD7A-486E-972C-13465A9BC385}
[2012/03/16 15:17:06 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{AF136899-091A-401F-B220-5717DB5FAE49}
[2012/03/16 15:08:34 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{138C5043-F444-46A4-935C-F64BB559B137}
[2012/03/16 14:51:04 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{76DE6FC5-9AE7-4696-93D2-D2257EF58AE3}
[2012/03/16 13:44:24 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{09481A77-FE03-4499-A210-61C7F1DDDD7C}
[2012/03/16 13:27:57 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{D0A59E29-7BA9-4D20-9618-56E7B9B32E5E}
[2012/03/16 13:23:04 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{1A65BE7A-0A04-4269-8ADF-135EADF31686}
[2012/03/16 12:35:50 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{1645E7CD-BA81-4C9C-84BD-F71D20556EAA}
[2012/03/16 11:49:53 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{F505EA2F-AB15-40A8-80A0-F27767B3529C}
[2012/03/16 10:09:36 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{BBF04519-1137-43A6-B49D-095C02C134EC}
[2012/03/16 06:46:41 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{9CFA06EA-E8CF-4F9C-BAA5-1E41F5FAF824}
[2012/03/15 21:26:59 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{062BDF06-E384-4D11-9720-1BDE337138B7}
[2012/03/15 18:31:24 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{7A8610DF-5DB9-4DA1-B931-5A5FF62EE2B1}
[2012/03/15 15:03:05 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{9AA1B352-6410-4D80-B62A-2BBEE3BDE118}
[2012/03/15 11:25:56 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{DACD4E8C-3B5B-4CBD-B4A7-2189E3932369}
[2012/03/15 10:20:20 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{BA8D0682-3B90-4C7D-9702-131398C0A35A}
[2012/03/15 09:58:36 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{6F9FD067-1CD7-470B-A9A8-9CC96CC1909D}
[2012/03/15 09:53:26 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{7251504D-2CBE-4EFF-BD21-CF90B179C9B9}
[2012/03/15 06:57:42 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/15 06:57:42 | 003,957,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/15 06:57:40 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/15 06:50:24 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{CBD7F488-ED5B-4AE1-A0D9-6311E7A3E1FB}
[2012/03/14 23:03:34 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{D5F10481-4BBB-4253-A154-54FC65018818}
[2012/03/14 15:18:51 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{59307606-B93D-425C-B594-363FD9296BE3}
[2012/03/14 14:48:16 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{9F48C6C5-251C-49F9-B2E0-A66D9AC7EA07}
[2012/03/14 09:18:11 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{92AFE909-89C2-419A-B9D6-623E0C991F97}
[2012/03/14 08:26:32 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{1D97AF25-149A-4640-B2B9-BF67CF456918}
[2012/03/14 06:49:03 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/03/14 06:49:03 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 06:49:03 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/03/14 06:49:02 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/03/14 06:49:02 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/03/14 06:46:21 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 06:46:21 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 06:46:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/14 06:46:19 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 06:46:18 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/14 06:40:09 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{29B42C2A-8D6F-4911-9643-FC4A999DDDA6}
[2012/03/13 21:53:24 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{D449A68F-E713-4D74-BDCE-671E0FD084F8}
[2012/03/13 17:46:14 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{0369052C-18DA-4D8B-B1AA-A6AEAADFC2A6}
[2012/03/13 17:11:42 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{7FCCF2D9-F2DF-433B-998B-56327A2C2C74}
[2012/03/13 15:36:03 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{03488905-F456-4194-B39B-E47590981840}
[2012/03/13 14:56:15 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{C1B1FDC5-C57E-4AF4-BAAD-16DAC5D2F641}
[2012/03/13 08:52:59 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{3578EC44-739C-4BF5-9508-8C3D75617033}
[2012/03/13 06:54:20 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{2529937C-D3DB-47A5-9DE6-736D33A8A3D8}
[2012/03/13 06:29:52 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{7B136000-FD5C-485F-8186-6691BFAA56F5}
[2012/03/12 22:39:15 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{BB827DDA-5FD4-4324-AFC5-4DC7E4914F5E}
[2012/03/12 15:23:31 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{6E06FE37-3BFB-4FD0-97F7-3BF4398EE2B8}
[2012/03/12 14:55:13 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{13383DD6-F5BB-4D04-A89B-099E21AF1E1D}
[2012/03/12 12:52:05 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{BC63A167-88D1-4C07-9595-973D8CFD4416}
[2012/03/12 10:07:41 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{A0C62C76-1E62-4869-8647-735C454A2780}
[2012/03/12 08:30:22 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{45BAD66B-618D-43F7-9833-CAEB3D14568C}
[2012/03/11 23:10:13 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{05CB9DB0-35A0-4A92-8373-B61888465D41}
[2012/03/11 22:09:01 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{91928899-B713-40BD-92AB-BD22C742AD6F}
[2012/03/11 16:21:05 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{28DFE6FA-75EE-43AD-86F4-0AA395BB8F5E}
[2012/03/11 15:56:32 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{25BF4287-5839-4263-B96D-39353B749954}
[2012/03/11 12:53:06 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{2DC31AE2-EA08-414B-9DDF-084DF073928C}
[2012/03/11 08:30:46 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{F5AFE58F-E6B5-4F2D-9620-A17BA1802F02}
[2012/03/11 08:13:15 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{957D1B24-CB10-4554-8CE4-80E5548327EB}
[2012/03/10 21:12:40 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{E9964D7E-8EAA-4384-BE48-9E2AE41FA7DC}
[2012/03/10 17:29:08 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{EF49DD67-A4B5-4785-B3D2-5976BC85A6E2}
[2012/03/10 17:24:37 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{D7C3351E-48B5-4EB3-8494-7A50B0821582}
[2012/03/10 16:50:52 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{AC64BA67-2536-4D30-AA53-B49FF9265068}
[2012/03/10 16:44:06 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{12AC64C2-D320-4E60-B221-0C192606472D}
[2012/03/10 09:20:32 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{674ED3C7-2DE3-4FFE-9612-7499D1E9714F}
[2012/03/10 02:53:22 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{749F448B-3708-48DC-9AFE-60856B8C5955}
[2012/03/09 21:44:26 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{C26FD991-58F0-4CE4-AA6A-98F9532CCCDF}
[2012/03/09 21:16:31 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{C460085F-7419-46B0-A74D-DBF28DDC7972}
[2012/03/09 20:59:49 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{0149F7B3-1A17-4060-9098-298E71874FDA}
[2012/03/09 18:39:35 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{C019BA5D-98AF-43D0-A857-60C327973CDC}
[2012/03/09 17:50:56 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{4E6A7EAC-B83D-45C9-B74B-1431EBA2D200}
[2012/03/09 17:24:57 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{8A9A2AE4-D36A-4E4D-9ADB-1209577EFBCC}
[2012/03/09 17:08:19 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{9D8072EC-02E7-4AD5-A650-11DF366D4239}
[2012/03/09 13:12:15 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{AA321BE2-A1A5-4F59-8CD0-B8888BAD5087}
[2012/03/09 11:01:15 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{81D5A4E8-D088-4AAD-B127-58E78C986B6D}
[2012/03/09 10:39:48 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{A5A12E05-582E-4723-938E-DABAA4B31465}
[2012/03/09 10:32:29 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{3E080748-B245-4788-A875-98894A63025C}
[2012/03/09 10:15:00 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{9A50BCED-5C5E-4E6F-BE8F-37399479BFC4}
[2012/03/09 08:01:18 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{E9156E76-D6A5-4E70-B017-A2182CCCCB28}
[2012/03/09 07:49:46 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{07354F7B-CE18-472B-89C4-A7A70E84E7A8}
[2012/03/09 07:27:46 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{5457A6E4-255A-4367-8650-7985FE6CCFE5}
[2012/03/09 07:03:39 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{7A181BB7-91DA-4D0F-A95B-42204D97EBAD}
[2012/03/09 06:46:19 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{580E66F2-A43B-40A9-B25B-1FF655E75B19}
[2012/03/09 06:14:44 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{2728DC3B-CA56-4D72-895F-C8ED67FC2909}
[2012/03/08 22:32:35 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{6DA836D8-77D2-430F-9EE0-E7AB9B2F97C1}
[2012/03/08 21:17:50 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{609CAA6C-FEDE-4576-B870-E4059D781BCB}
[2012/03/08 17:15:21 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{11B76BD9-7A9F-4CF0-94DA-722D1D7F1E7E}
[2012/03/08 16:24:09 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{46C9F726-BF81-422F-BFC1-FCEB270C938C}
[2012/03/08 16:07:58 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{EA371293-9581-4C4D-B314-75F449FB9515}
[2012/03/08 15:44:25 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{F82AA450-E7D0-4056-BD37-7CE9E74C31E1}
[2012/03/08 09:17:02 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{B7DB3A82-BB6A-4F1C-8646-956779B3077C}
[2012/03/08 09:04:42 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{53E9895B-AFEA-4636-8F97-D5ED7EA7E625}
[2012/03/08 08:42:45 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{D9F610FD-01AF-472E-9774-86DD3BD8755C}
[2012/03/08 08:05:04 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{9AFDE300-AB26-4885-9860-43956C9BBABF}
[2012/03/08 06:14:29 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{B37CB89A-30D1-45EC-9791-4636BC655BC2}
[2012/03/08 06:13:53 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Documents\My Weblog Posts
[2012/03/08 05:59:29 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{AAFCA76F-BD8E-42BF-992D-912891794661}
[2012/03/07 21:42:19 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{C6147B26-69EB-4F5B-818F-E524AA557E75}
[2012/03/07 21:05:19 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{43B8ED19-88BE-44A5-8295-D6640EF47C41}
[2012/03/07 13:37:51 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{6CAB28EB-7D81-4A46-9F70-F110F054E1E6}
[2012/03/07 13:13:23 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{018E7432-5ED1-4D2B-A7F4-659601B4C819}
[2012/03/07 11:29:12 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{B548766F-36B1-43F0-82D1-1C239DDE3809}
[2012/03/07 07:06:43 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{86333204-4D47-409A-8264-96E753637E91}
[2012/03/06 23:11:33 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{1730C183-A3C6-46E9-A70B-7286CBEA5DC4}
[2012/03/06 23:04:31 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{063C3976-419E-40E2-B4E8-AA01EAA3F1E4}
[2012/03/06 19:36:20 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{ED0CA563-AA7F-45E2-8BBE-7E6308E5C3FC}
[2012/03/06 17:22:34 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{9C4ED84A-7E64-4423-8088-DD20AD0FDF35}
[2012/03/06 16:46:17 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{F7D0FBAA-DE7A-4048-8431-75EEEDF5474B}
[2012/03/06 15:55:44 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{63B1EB65-289A-4129-A6A6-036AC2C42A6E}
[2012/03/06 15:18:41 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{3B1AA85F-14D1-4B01-B104-9957F7D61941}
[2012/03/06 14:59:22 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{D07E2DDB-25D0-4CB7-8C8C-94CF64B29653}
[2012/03/06 14:55:04 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{DD474528-296B-4204-B193-9F08A1AA014D}
[2012/03/06 14:40:06 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{5007E1DB-1E59-4ADC-B99F-4594A791E2E6}
[2012/03/06 13:42:20 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{5E9B34E0-8C52-400F-8719-28C801BA2DDC}
[2012/03/06 11:45:42 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{C90BD31C-FB84-4F6A-B38F-EBAB40552CA3}
[2012/03/06 11:40:23 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{B4A0C425-6FE1-4602-8947-E88D5EC0E496}
[2012/03/06 11:38:26 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{AB6910F2-FC13-4308-8EC0-4DBA3AE9E1E0}
[2012/03/06 10:55:33 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{A627AF4E-7D28-4D42-9F3A-525B6167627B}
[2012/03/06 06:14:18 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{00CD68AF-6D65-460E-BF58-AB0F460453CC}
[2012/03/05 20:40:10 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{F169C457-A0E7-495B-B79C-C30DD7110708}
[2012/03/05 18:48:54 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{DAEABF2F-D39B-4366-A67B-4789C4710514}
[2012/03/05 16:49:31 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{9AD50E56-6AA2-47D1-BCB6-61746DDABB2D}
[2012/03/05 16:39:41 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{CFACBE5D-28E8-4152-B165-12045F69647B}
[2012/03/05 15:56:31 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{5C4200FF-0103-4F7C-9D49-08D9EBD28568}
[2012/03/05 14:47:34 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{606680B3-3494-4B69-921C-4CBB6EA0E0D2}
[2012/03/05 10:30:42 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{42ED66F8-A697-42D2-AA8D-15EF9E37C943}
[2012/03/05 09:22:57 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{DA137570-9ED4-4C25-99CA-96A9A65928AB}
[2012/03/05 07:56:30 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{22CA2FB4-EFD1-4856-A81D-F9A1FB5963A6}
[2012/03/05 05:10:24 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{476425A7-7C09-497E-A1C4-C231FE005C33}
[2012/03/04 19:33:39 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{728A5A6C-EF1F-4BD0-BC46-D93EF4D21CDC}
[2012/03/04 17:10:46 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{05F428D7-C90F-4E0D-A2DC-01C5CE76B239}
[2012/03/04 15:53:02 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{0CFF500B-863B-4FA6-B17D-5A80C7E6056B}
[2012/03/04 15:44:53 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{5CD2C2D0-1827-4DA7-A563-3F554B731649}
[2012/03/04 12:40:35 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{C39076D0-75DA-426C-8D1D-0F9C1645447E}
[2012/03/04 11:19:24 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{D994D2BE-5FFD-486F-8BD2-A04B537A7F4A}
[2012/03/04 08:58:08 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{697C1B58-18DE-45D9-85B0-EF3ED6DE85A3}
[2012/03/04 07:56:06 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{8AD54855-0A1F-4806-B2C8-D0FBF44551D9}
[2012/03/04 00:49:26 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{DC9A468E-E271-475A-AB67-328578A82243}
[2012/03/03 19:24:36 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{AFF9FD5D-74C4-45EF-AAFB-AE00341B40C2}
[2012/03/03 18:28:33 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{710253AA-CAA6-4FE8-B7E5-90DBF2239D0D}
[2012/03/03 17:39:54 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{A507029D-8C3C-41DC-8C06-F380C4D20207}
[2012/03/03 16:59:35 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{FED1E857-74DA-44DC-BEBD-603EB6181D59}
[2012/03/03 16:55:19 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{8E9B9EF5-745B-4559-A71C-6E17EEBDBA2C}
[2012/03/03 16:36:59 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{E40F6F10-7DE1-4787-BF29-F357A8B9ECBC}
[2012/03/03 16:26:51 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{004BCE73-D63E-42A8-AB37-D89D23AF60E6}
[2012/03/03 11:41:08 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{3F8124B8-4CEE-465F-847C-C22F21EF321F}
[2012/03/03 10:04:13 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{99B0FAAC-E8F8-44CC-97FD-6635DE600322}
[2012/03/03 08:41:06 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{F188C863-B51F-471E-AD37-C3D517A5FDA2}
[2012/03/03 05:13:10 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{4CA5B0F0-3E39-4423-B2A7-21D095BEDDDE}
[2012/03/02 22:16:54 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{E91FD794-D28E-4990-B282-F6BCC453A59A}
[2012/03/02 20:14:00 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{C5C4138B-659B-4DA5-8607-D8CD1716B0BE}
[2012/03/02 16:27:59 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{4D5B6870-1A56-48DF-9EE5-138BFC855D7F}
[2012/03/02 15:57:15 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{A5E10CA2-131B-4670-88F2-534C96D7AB2C}
[2012/03/02 14:54:40 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{E883AEF1-6FE2-4434-8949-169C19EA3BE8}
[2012/03/02 13:25:45 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{EA359266-51A9-4694-AA57-0D1324B39458}
[2012/03/02 11:52:18 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{3DD0CBE2-B2E6-48DD-BF1B-6C05933D51C3}
[2012/03/02 11:02:39 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{380EAB19-E790-469B-A913-242CB930EF6D}
[2012/03/02 10:33:45 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{325E77B3-F2BD-4346-B562-1D181447F8AF}
[2012/03/02 09:51:12 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{1F6FD8DB-A518-4B11-9180-D30B686E99D9}
[2012/03/02 07:34:51 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{3610C28E-FE1F-4BC9-B170-2DFD43010DCC}
[2012/03/02 07:19:29 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{7F95A0C8-6C84-42E0-AE25-D70E3C7D1E76}
[2012/03/02 06:31:42 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{1303E420-4ED7-4A03-ABBD-604628B83A3F}
[2012/03/01 19:21:13 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{F11D0F40-D28D-47C5-AF6D-E9EA1F0959EB}
[2012/03/01 19:13:52 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{6A8D36F9-9D6C-4AC8-8770-EB8AEE088355}
[2012/03/01 17:06:18 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{469260DC-C58A-4DBC-97DA-D5EABA64DD89}
[2012/03/01 16:30:36 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{E5D57C53-3C9F-409E-B2B2-4000D5181AEC}
[2012/03/01 13:14:34 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{31762B6A-12CB-4133-B099-792A26062249}
[2012/03/01 12:28:42 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{EEAB725E-3238-4171-B118-B55D8112A4A9}
[2012/03/01 09:35:20 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{179C3E4C-4522-4394-8925-1B3A5758B539}
[2012/03/01 08:58:47 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{814F4FCD-1963-41FB-8FC5-0B8FAC5ABA24}
[2012/03/01 08:10:37 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{4CDAD6F5-51F3-4AF8-812B-E9C6C4878248}
[2012/03/01 07:22:57 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{7A3B8841-2E44-4C54-BB2A-ECD527CDC3C2}
[2012/02/29 23:37:54 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{4792278E-7193-4A7F-A9C2-B71E086EB8C0}
[2012/02/29 23:14:39 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{5526B07A-3018-467B-8445-F42314D4BC14}
[2012/02/29 21:37:17 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{BDBB8DAC-B13D-4AA7-AF74-687BD650E348}
[2012/02/29 21:17:08 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{599FE18A-045B-402A-A87B-CE2253E9B90A}
[2012/02/29 17:34:19 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{77F555E5-9489-48B2-A28D-4B3DC9E0A1CC}
[2012/02/29 14:59:00 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{ECD728AE-782C-4C11-927D-7CA403323C23}
[2012/02/29 08:20:06 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{39969856-CBBA-49C6-AFBE-797B3FC39D61}
[2012/02/29 06:51:07 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{5CBDAABB-66B0-4754-B8AD-6CCAFFB2011E}
[2012/02/28 17:52:05 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{CD236DFC-9908-4AEF-AD2F-AD5693A4792B}
[2012/02/28 17:14:29 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{0579AF62-803B-4F60-AA46-4663085CF3AC}
[2012/02/28 15:49:11 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{15046EF5-8802-463C-B32E-B6B39EE31286}
[2012/02/28 11:41:01 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{7459DCC2-7588-4C31-98FF-E20B2A63FE9A}
[2012/02/28 10:26:04 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{D2FC25B3-2547-48BE-B5AF-9BB04CABF5B9}
[2012/02/28 08:14:20 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{8F4D90B3-4B38-4543-B614-7846B5E72EDC}
[2012/02/28 06:54:37 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{FA71D718-5E0E-49A2-AF7A-9F717242C0AB}
[2012/02/27 20:01:20 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{3AFC155F-81E9-4C35-BF64-9C6B7B7555EE}
[2012/02/27 19:16:57 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{E2E3CC38-5140-4F2A-A3B9-031E39B35416}
[2012/02/27 17:23:22 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{F79DEB88-0739-4AEF-A1E2-6D1C72DE014B}
[2012/02/27 16:58:49 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{14126B52-ACE6-4224-AC68-B71374F59EB1}
[2012/02/27 15:48:57 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{70B90829-40EE-4D32-9FDD-06A270462351}
[2012/02/27 14:58:32 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{90C15094-B7E4-4274-BC3C-3B0E6E1A4038}
[2012/02/27 12:19:45 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{2A37DB30-7924-47D3-AE85-B882586AB3BB}
[2012/02/27 11:28:25 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{22EFAE22-3495-49BD-8689-4A96978D65D4}
[2012/02/27 10:36:18 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{6395C0E6-8326-44EB-A4C5-D4D6CEE51F2E}
[2012/02/27 09:51:53 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{F45958AD-631F-48D0-9BB5-50C1A6C97820}
[2012/02/27 09:31:46 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{4005E8BE-F172-4190-BA8E-86E928B4402C}
[2012/02/27 09:19:23 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{4E672CAC-13EB-4BF9-9FEB-3D3288D34ED3}
[2012/02/26 21:46:16 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{DE94A3EB-3C08-4510-8A00-EA61C16CFB16}
[2012/02/26 21:42:26 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{B2561356-52D0-4197-8371-EB51F5A1085D}
[2012/02/26 17:50:15 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{43D4E782-38AC-466A-A925-B091871B1C00}
[2012/02/26 16:48:29 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{C1D4E036-F62B-4B17-956B-729E29FFED98}
[2012/02/26 14:19:51 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{5005A8AF-7ECE-438B-B437-EB74D221DE94}
[2012/02/26 14:19:16 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{92F27E4A-8070-43C9-809B-C3308A085E89}
[2012/02/26 13:28:50 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{76B219DC-63DC-4BAF-B60D-822E069A4ED9}
[2012/02/26 13:08:52 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{E179FF20-D587-49DC-B2B4-22C25098D9AF}
[2012/02/26 12:05:12 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{3B67425D-41ED-417A-ABED-A6C0588AAED9}
[2012/02/26 11:54:59 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{46BD3CF8-1328-4F5A-AFD9-609F7CEFCD3D}
[2012/02/26 11:16:46 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{E36E43DB-7DE9-46DF-824E-97402FC66F1B}
[2012/02/26 11:07:11 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{51EB55A9-4328-4379-BA6A-9731CA1095BE}
[2012/02/26 08:47:43 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{CFB3ED07-D690-4BA6-BCA5-4E54D16CC4EE}
[2012/02/26 01:26:33 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{1A50351D-8522-4F7C-A6F2-6D2B0B5D2FCA}
[2012/02/26 00:37:10 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{AF5C0612-E094-46A8-98BD-BC31D7439B79}
[2012/02/25 23:49:32 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{D54A6544-DC85-4D0F-8549-06719621C5FD}
[2012/02/25 17:21:15 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{86B691FF-8B28-4208-BB43-4F39B8579671}
[2012/02/25 17:04:23 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{0301164E-4B49-4F20-80F9-4AD2E64F3984}
[2012/02/25 16:49:55 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{D41FD278-46B4-4581-A1D1-71DEE2E1D0F4}
[2012/02/25 09:58:35 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{2CE1AA39-4B29-44BB-AEFE-D53D246F902F}
[2012/02/25 09:23:08 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{34A07ED5-4399-4C36-BA39-39B0B7336501}
[2012/02/24 23:09:32 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{1B652269-E0E1-48A7-9A4E-39526411C9A5}
[2012/02/24 21:45:35 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{1C509A91-E124-441A-856A-5E16DC8683DB}
[2012/02/24 21:03:05 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{7419E1C2-2D3E-497C-B7BD-E25B6E8C49F5}
[2012/02/24 19:15:23 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{8EED2774-CF99-48BD-BEF7-4D75CFEE9C0D}
[2012/02/24 19:08:16 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{7CCC9551-DBEF-472C-B61C-CA06A978A604}
[2012/02/24 19:00:27 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{FE2BE30D-29A0-4948-B249-8EA01A87EE27}
[2012/02/24 17:37:42 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{FED0A673-537D-409A-B92D-2B9833CBB503}
[2012/02/24 17:16:13 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{BB7EB654-A194-46C4-AE14-52FFFC2EA8BA}
[2012/02/24 13:32:34 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{07CD12BB-51BF-4AFB-875A-FE43E3D7DF3D}
[2012/02/24 13:16:41 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{2855E6DA-99AA-4D8F-9056-C0978653606D}
[2012/02/24 09:06:22 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{B15328BE-8922-4873-805E-FFD9A550DCE0}
[2012/02/24 07:02:04 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{E10FEA2B-63C8-43DB-A18C-792AD7DD09B9}
[2012/02/24 06:51:50 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{D18D0F66-010C-4848-9355-5AC1EC74E257}
[2012/02/23 17:09:38 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{1A1C11F6-9D3B-4684-9940-0F14CD8AD63B}
[2012/02/23 15:55:12 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{5A1F34F5-F2F6-497E-AFD6-FF68D3BF8807}
[2012/02/23 09:26:06 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{EA3FB547-F7DF-44BA-9978-B45B89330575}
[2012/02/22 21:18:22 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{B18E9A91-BB4F-43DA-8DE2-CA6030DEAEB5}
[2012/02/22 16:55:08 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{E1950577-0BB7-4F2C-8B3B-F7EB108EA99A}
[2012/02/22 15:45:52 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{892A11FE-99B3-4F39-8E6E-60B70DE8735A}
[2012/02/22 13:24:09 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{A889FA62-022F-4FB6-B276-C4A00E85FB28}
[2012/02/22 12:45:24 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{59607D0C-90B3-4035-B60F-2C9FBC4E4F84}
[2012/02/22 12:16:38 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{C9244FBC-AE08-43B8-8D62-E107A5B87D0C}
[2012/02/22 12:15:18 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{EDCBA9DA-683D-4055-B3C9-B20A7FDEE0FD}
[2012/02/22 12:09:49 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{06261D1C-49BA-4FC8-AB98-BB4DC1B15EFF}
[2012/02/22 12:06:09 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{0FF80147-2C26-4366-AEC7-6E4EE4322DFB}
[2012/02/22 10:37:13 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{C51E149C-12D7-4DB1-B946-038F06060F2E}
[2012/02/22 09:53:21 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{945CB935-3196-45F9-BDCD-D6908A459912}
[2012/02/22 07:37:36 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{F5EA1760-A8BD-4CD5-8BEA-2C825EE6459E}
[2012/02/21 23:06:39 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{B9D344CD-FEF7-4B28-A24F-4227642713B2}
[2012/02/21 21:35:37 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{8FAA3815-1E49-4D4E-AB52-4985BF05028D}
[2012/02/21 19:21:08 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{60A011A1-067E-4421-9AE4-8EEA0A063369}
[2012/02/21 17:31:53 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{389205F6-79A4-458A-AA17-F86A317F1E27}
[2012/02/21 16:40:30 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{4A856FD4-4307-4645-A290-B3645E823CE7}
[2012/02/21 16:02:35 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{5CC4B150-663E-4A86-B0AA-2BBBBF7F9AAB}
[2012/02/21 15:49:22 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{21523884-ED32-4E02-AFA5-9FB4A550CD1D}
[2012/02/21 12:56:29 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{E5FCD75E-6678-4FD6-A106-F3762AB226D2}
[2012/02/21 11:10:27 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{32856E03-47FE-4D25-BB05-D8C03529BEB2}
[2012/02/21 10:32:27 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{5A1D4087-A551-4CFF-83FF-7CA9638A162B}
[2012/02/21 08:01:24 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{DA88FD8F-0D43-4DEC-93A9-AD12FCAF0B0E}
[2012/02/21 07:35:36 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{89B3689D-38A5-4409-B0AD-3AFF88CE0C2E}
[2012/02/20 21:37:31 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{2EDBE9F5-039B-491C-B881-AC8C58D1897E}
[2012/02/20 18:57:44 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{40A2D924-08CE-4063-A79D-0019E8F3B13B}
[2012/02/20 16:12:01 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{265BA86E-25D5-4A13-A3E9-5DDA97062851}
[2012/02/20 15:14:39 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{A47257DF-DBF0-4196-9B5E-796E9CE056C0}
[2012/02/20 13:04:40 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{496B9F81-1A47-4B8D-B11F-2927723B7BD0}
[2012/02/20 10:54:07 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{E0422E3A-F7BF-4B76-8D73-44E50F9F23AC}
[71 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========

[2012/03/21 09:17:41 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.com
[2012/03/21 09:15:20 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/21 09:15:20 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/21 09:15:20 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/21 09:14:57 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 09:14:56 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 09:04:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/21 09:04:48 | 1556,287,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/18 20:25:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jennifer\Desktop\dds.scr
[2012/03/18 18:59:19 | 092,178,359 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/03/18 15:36:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/18 15:23:08 | 000,029,808 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2012/03/18 12:38:04 | 000,002,991 | ---- | M] () -- C:\Users\Jennifer\Desktop\HiJackThis.lnk
[2012/03/17 17:35:22 | 000,523,811 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/03/16 18:47:05 | 000,001,854 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\GhostObjGAFix.xml
[2012/03/15 07:15:37 | 000,285,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/14 16:10:00 | 000,439,311 | ---- | M] () -- C:\Users\Jennifer\Desktop\Dr. Seuss Retell sheet.JPG
[2012/03/08 17:31:29 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJENNIFER-HP$.job
[2012/02/29 06:44:43 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJennifer.job
[71 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/18 15:36:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/18 12:38:04 | 000,002,991 | ---- | C] () -- C:\Users\Jennifer\Desktop\HiJackThis.lnk
[2012/03/18 11:26:16 | 000,029,808 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2012/03/14 16:10:00 | 000,439,311 | ---- | C] () -- C:\Users\Jennifer\Desktop\Dr. Seuss Retell sheet.JPG
[2012/01/28 01:18:03 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/09/12 17:36:36 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/26 21:17:40 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoserv.dll
[2011/08/26 21:17:40 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\dldousb1.dll
[2011/08/26 21:17:40 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\dldohbn3.dll
[2011/08/26 21:17:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dldopmui.dll
[2011/08/26 21:17:40 | 000,595,184 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocoms.exe
[2011/08/26 21:17:40 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\dldolmpm.dll
[2011/08/26 21:17:40 | 000,503,808 | ---- | C] () -- C:\Windows\SysWow64\dldoutil.dll
[2011/08/26 21:17:40 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\dldocomx.dll
[2011/08/26 21:17:40 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoinpa.dll
[2011/08/26 21:17:40 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\dldoinst.dll
[2011/08/26 21:17:40 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoiesc.dll
[2011/08/26 21:17:40 | 000,320,752 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoih.exe
[2011/08/26 21:17:40 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldoinsb.dll
[2011/08/26 21:17:40 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldoins.dll
[2011/08/26 21:17:40 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dldojswr.dll
[2011/08/26 21:17:40 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dldoinsr.dll
[2011/08/26 21:17:40 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dldocub.dll
[2011/08/26 21:17:40 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\dldocu.dll
[2011/08/26 21:17:40 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoprox.dll
[2011/08/26 21:17:40 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dldocur.dll
[2011/08/26 21:17:39 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocomc.dll
[2011/08/26 21:17:39 | 000,365,808 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocfg.exe
[2011/08/26 21:17:39 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocomm.dll
[2011/08/26 21:17:39 | 000,077,906 | ---- | C] () -- C:\Windows\SysWow64\dldocfg.dll
[2011/08/25 23:09:01 | 000,000,084 | ---- | C] () -- C:\Windows\WinInit.Ini
[2011/04/01 18:27:14 | 000,001,854 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\GhostObjGAFix.xml
[2010/12/01 04:39:07 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/12/01 04:35:05 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/12/01 04:35:05 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/10/16 15:40:15 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/09/21 14:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[71 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/12/01 04:46:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/03/09 20:09:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2010/12/01 05:04:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bing Bar Installer
[2011/09/12 17:36:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/06/12 11:57:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Coupons
[2010/12/01 04:53:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2011/08/26 21:22:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell 968 AIO Printer
[2010/12/01 04:56:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2010/12/01 05:02:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2010/10/16 15:34:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Photo Creations
[2011/12/21 13:47:54 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/12/01 04:37:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2012/02/17 00:33:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2011/08/26 20:34:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/10/16 15:14:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\K-NFB Reading Technology Inc
[2012/03/21 09:05:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/03/18 15:36:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/12/01 05:03:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2012/02/17 00:00:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2011/09/12 17:36:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/02/16 23:59:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/10/16 15:19:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/12/01 04:52:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft WSE
[2011/03/15 08:02:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/12/01 05:03:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSN Toolbar
[2011/03/11 07:30:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010/12/01 04:55:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Norton Internet Security
[2010/12/01 04:55:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NortonInstaller
[2011/03/09 19:36:32 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2010/10/16 15:14:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PlayReady
[2010/12/01 04:38:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/12/01 04:52:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Roxio
[2010/12/01 04:55:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
[2010/12/01 04:37:51 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2010/12/01 04:46:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Times Reader
[2012/03/18 12:38:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Trend Micro
[2009/07/14 00:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2009/07/14 01:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/10/16 15:19:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/03/14 09:54:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/12/01 05:28:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/14 01:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/14 01:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/03/09 19:36:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_06066178c18f60bb\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_0dbde3119acb22ca\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_707b24137e7e1538\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a5210cb0540e395e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_dab2e93700ba2683\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_394a8c733b252fb9\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_39204d0d3b44b8d4\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20545_none_39e1f82254380270\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_39d05b5854449cd5\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_3a006b1e5421763d\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTOR.SYS >
[2010/04/13 13:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/04/13 13:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2010/10/16 15:54:50 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2010/10/16 15:54:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/12/16 04:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/12/16 04:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/12/16 04:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/12/16 04:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation)

< >

< End of report >

- CONTINUED -

Resto

Rookie Surfer
Rookie Surfer

Posts : 63
Joined : 2009-09-17
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Browser Redirects - High System Resource Use - Rootkit Infection ?

Post by Resto on Thu 22 Mar 2012, 10:24 am

- CONTINUED -
OTL Extras logfile created on: 3/21/2012 9:20:25 AM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Jennifer\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.35 Gb Available Physical Memory | 17.88% Memory free
3.87 Gb Paging File | 1.92 Gb Available in Paging File | 49.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 213.73 Gb Total Space | 165.13 Gb Free Space | 77.26% Space Free | Partition Type: NTFS
Drive D: | 18.86 Gb Total Space | 2.74 Gb Free Space | 14.51% Space Free | Partition Type: NTFS

Computer Name: JENNIFER-HP | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BCC0AD-0699-48B6-9900-3C53BBCD4DAC}" = AVG 2011
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{17118574-A5FD-4323-B005-311326F748B3}" = AVG 2011
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2393F144-F88F-4FB3-8B57-9D6F8B4E8F9E}" = AVG 2011
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{34C5BC15-2401-4980-9D95-ABD2CE8DD08A}" = AVG 2011
"{38D1C189-B133-401C-A729-3C47ED984B31}" = AVG 2011
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61A3F855-4587-4187-9D77-2EF8CD825A47}" = AVG 2011
"{78DC83C7-7E9D-4518-8DFE-C8BBF69173D9}" = AVG 2011
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8FE5B227-1506-4CCE-9002-CC26D6B3F7AA}" = AVG 2011
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AA18EE51-24A5-4748-A5E2-4B035C9A4AB2}" = Canon MP780
"{BB4F0BE4-3DCB-4C5C-8B2B-C07CC916A6B5}" = AVG 2011
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EB505EA6-2D5E-4920-A3BD-89C28EEFA5FA}" = AVG 2011
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA109F0F-122E-4D48-9DBF-14DC02EE85E4}" = AVG 2011
"AVG" = AVG 2011
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"Dell 968 AIO Printer" = Dell 968 AIO Printer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AF23A65-F2B5-469C-AA51-DA5FB74CA856}" = HP Documentation
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
"{2C8CC208-965C-48A1-90A8-DFB484358F1C}" = FaxRedist
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B114F59-6732-4EA5-A33E-ACC6DEC49B61}" = HP Software Framework
"{705B639E-FAAF-40D7-AD58-C445321C7C3F}" = LightScribe System Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.4 MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}" = HP Support Assistant
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF682D1C-591D-48B5-9803-628DA622C281}" = HP Quick Launch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"My HP Game Console" = HP Game Console
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089299" = Mystery P.I. - The London Caper
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"YTdetect" = Yahoo! Detect
"ZumoDrive" = HP CloudDrive

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-21 18:00:03
-----------------------------
18:00:03.627 OS Version: Windows x64 6.1.7600
18:00:03.627 Number of processors: 1 586 0x170A
18:00:03.627 ComputerName: JENNIFER-HP UserName: Jennifer
18:00:08.757 Initialize success
18:00:33.939 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:00:33.939 Disk 0 Vendor: WDC_WD25 02.0 Size: 238475MB BusType: 3
18:00:33.939 Device \Driver\iaStor -> MajorFunction fffffa8004f855c4
18:00:33.949 Disk 0 MBR read successfully
18:00:33.949 Disk 0 MBR scan
18:00:33.949 Disk 0 unknown MBR code
18:00:33.989 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:00:34.009 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 218855 MB offset 409600
18:00:34.059 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19316 MB offset 448624640
18:00:34.109 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
18:00:34.199 Disk 0 scanning C:\Windows\system32\drivers
18:01:17.369 Service scanning
18:02:34.119 Modules scanning
18:02:34.119 Disk 0 trace - called modules:
18:02:34.479 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004f855c4]<<
18:02:34.479 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80044a7060]
18:02:34.489 3 CLASSPNP.SYS[fffff8800118443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800228f050]
18:02:34.499 \Driver\iaStor[0xfffffa80044a96b0] -> IRP_MJ_CREATE -> 0xfffffa8004f855c4
18:02:34.499 Scan finished successfully
18:03:19.809 Disk 0 MBR has been saved successfully to "C:\Users\Jennifer\Desktop\MBR.dat"
18:03:19.819 The log file has been saved successfully to "C:\Users\Jennifer\Desktop\aswMBR.txt"


Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 26
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
Symantec Norton Online Backup NOBuAgent.exe
``````````End of Log````````````


Resto

Rookie Surfer
Rookie Surfer

Posts : 63
Joined : 2009-09-17
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Browser Redirects - High System Resource Use - Rootkit Infection ?

Post by Superdave on Fri 23 Mar 2012, 5:23 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
I see you are running Poker Stars. Poker Stars has a history of distributing spyware in their products. However, security experts still question this program as good or bad. I recommend to remove it to prevent spyware, but it is up to you to decide if you want to keep it.

If you would like to uninstall it, do so as follows:

Press Start, and navigate to the Control Panel. When in the control panel enter Add or Remove programs. Search for and locate PokerStars, and either click Change/Remove or Remove.
*************************************************
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Browser Redirects - High System Resource Use - Rootkit Infection ?

Post by Resto on Fri 23 Mar 2012, 11:06 am

Hello, Dave. Thanks for your reply. I have performed the requested scans and will post the logs below.

First, a few comments about symptoms and odd things that have occurred (and are occurring) since the scans I posted yesterday.

After posting yesterday, I shut off the wireless application on this laptop so it would not communicate with my router. I left the computer on so as to hold the settings as I left it from my original post. When I "awakened" the computer, it showed a notice that Windows Updates had made changes to the system. Somehow IE9 was installed during the computer's idle time. When the computer was left running and was disconnected from the router, it was running IE8. This seems odd to me. When I checked to see what Windows Updates had taken place, Windows Update showed the NO updates had occurred, but my wife's laptop had IE8 replaced with IE9 ???

System Resource usage is so high that it is nearly impossible to get this laptop to do anything. It took 2 hours and 21 minutes to run the SUPERAntiSpyware scan.

When connected to the internet via my router, AVG Free gave notice that it had blocked exploit blackhole exploit kit type 2148.

AVG Free continually shows warnings that File Name: c:\windows\sysWOW64\compPING.dll Threat Name: Trojan horse Cryptic.DYS is detected on open. This happens both when the laptop is connected to the internet AND when it is not connected to the internet.

After running the requested scans, I received a BSOD when opening the surreptitiously installed IE9. Nirsof Blue Screen View is not installed on this laptop, so I am not able to provide you with a stop code or any further information.

I finally had to boot into Safe Mode with Networking to even be able to reply to your post.

I have also noticed that it is very slow to shut down this machine. I have to force a shutdown due to background items running and apparently hogging all of the system resources. Before the shutdown, I quickly saw something labeled as Task Host Window open in the background.

Finally, I looked in Control Panel Add/Remove Programs. Poker Superstars III is not a self-standing program on this computer, but is actually a component of a Hewlett-Packard Games Suite by Wild Tangent. This game package came on this computer pre-installed by the OEM. I can tell you that this Games Suite has never been activated and that my wife has never played any of these games on her laptop. When I clicked on the HP Games in the Start Menu, it immediately went to a User Agreement License that was required to be accepted before the Games Suite can be opened. I have not removed HP Games without notifying her, but if you feel that removing the whole HP Games deal is the way to go, I will gladly do so.

Here are the requested scan logs:

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 03/22/2012 at 05:33 PM

Application Version : 5.0.1146

Core Rules Database Version : 8369
Trace Rules Database Version: 6181

Scan type : Complete Scan
Total Scan Time : 02:20:57

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned : 589
Memory threats detected : 0
Registry items scanned : 64592
Registry threats detected : 0
File items scanned : 201998
File threats detected : 116

Adware.Tracking Cookie
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\69J8118U.txt [ Cookie:jennifer@revsci.net/ ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\1JH6PN4M.txt [ Cookie:jennifer@pointroll.com/ ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\AUHGGNTO.txt [ Cookie:jennifer@a1.interclick.com/ ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\O9ZDTNO5.txt [ Cookie:jennifer@tribalfusion.com/ ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\jennifer@collective-media[2].txt [ Cookie:jennifer@collective-media.net/ ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\XCF9EKAZ.txt [ Cookie:jennifer@casalemedia.com/ ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\8IJQJ9NO.txt [ Cookie:jennifer@imrworldwide.com/cgi-bin ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\M5KDV04S.txt [ Cookie:jennifer@ru4.com/ ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\jennifer@bs.serving-sys[1].txt [ Cookie:jennifer@bs.serving-sys.com/ ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\I74SAWEC.txt [ Cookie:jennifer@at.atwola.com/ ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\jennifer@atdmt[1].txt [ Cookie:jennifer@atdmt.com/ ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\jennifer@c.atdmt[2].txt [ Cookie:jennifer@c.atdmt.com/ ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\XDBBTTVV.txt [ Cookie:jennifer@statcounter.com/ ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\LCET7HI6.txt [ Cookie:jennifer@247realmedia.com/ ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\EWPXRUBX.txt [ Cookie:jennifer@apmebf.com/ ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\SEDKAHLF.txt [ Cookie:jennifer@questionmarket.com/ ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\6GQHO5KG.txt [ Cookie:jennifer@pro-market.net/ ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\2QWROQW5.txt [ Cookie:jennifer@media6degrees.com/ ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\AQW7NPN1.txt [ Cookie:jennifer@kontera.com/ ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\jennifer@ad.yieldmanager[2].txt [ Cookie:jennifer@ad.yieldmanager.com/ ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\jennifer@invitemedia[1].txt [ Cookie:jennifer@invitemedia.com/ ]
C:\USERS\JENNIFER\APPDATA\LOCAL\TEMP\LOW\COOKIES\JENNIFER@C.GIGCOUNT[1].TXT [ /C.GIGCOUNT ]
C:\USERS\JENNIFER\APPDATA\LOCAL\TEMP\LOW\COOKIES\JENNIFER@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
C:\USERS\JENNIFER\APPDATA\LOCAL\TEMP\LOW\COOKIES\JENNIFER@MEDIABRANDSWW[1].TXT [ /MEDIABRANDSWW ]
C:\USERS\JENNIFER\APPDATA\LOCAL\TEMP\LOW\COOKIES\JENNIFER@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
C:\USERS\JENNIFER\APPDATA\LOCAL\TEMP\LOW\COOKIES\JENNIFER@SPECIFICCLICK[1].TXT [ /SPECIFICCLICK ]
C:\USERS\JENNIFER\APPDATA\LOCAL\TEMP\LOW\COOKIES\JENNIFER@TIMEINC.122.2O7[1].TXT [ /TIMEINC.122.2O7 ]
ds.serving-sys.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TTL3T37E ]
C:\USERS\JENNIFER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JENNIFER@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
C:\USERS\JENNIFER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JENNIFER@SERVING-SYS[1].TXT [ /SERVING-SYS ]
art.aim4media.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A4UFKEB4 ]
cdn.complexmedianetwork.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A4UFKEB4 ]
cdn2.baronsmedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A4UFKEB4 ]
click.searchnation.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A4UFKEB4 ]
content.yieldmanager.edgesuite.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A4UFKEB4 ]
core.insightexpressai.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A4UFKEB4 ]
crackle.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A4UFKEB4 ]
ds.serving-sys.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A4UFKEB4 ]
media.kyte.tv [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A4UFKEB4 ]
media4.onsugar.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A4UFKEB4 ]
objects.tremormedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A4UFKEB4 ]
secure-us.imrworldwide.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A4UFKEB4 ]
tag.2bluemedia.hiro.tv [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A4UFKEB4 ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@1SADX[1].TXT [ /1SADX ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@247REALMEDIA[2].TXT [ /247REALMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@A1.INTERCLICK[2].TXT [ /A1.INTERCLICK ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@AD.LOOKTRAFFIC[2].TXT [ /AD.LOOKTRAFFIC ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@ADBRITE[2].TXT [ /ADBRITE ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@ADS.ADK2[1].TXT [ /ADS.ADK2 ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@ADS.LYCOS[1].TXT [ /ADS.LYCOS ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@ADS.NETWORLDMEDIA[1].TXT [ /ADS.NETWORLDMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@ADS.PAPERLEAF[2].TXT [ /ADS.PAPERLEAF ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@ADS.POINTROLL[2].TXT [ /ADS.POINTROLL ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@ADS.PUBMATIC[1].TXT [ /ADS.PUBMATIC ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@ADS.UNDERTONE[2].TXT [ /ADS.UNDERTONE ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@ADSERVER.ADTECHUS[1].TXT [ /ADSERVER.ADTECHUS ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@ADTECH[1].TXT [ /ADTECH ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@ADVERTISING.EZANGA[2].TXT [ /ADVERTISING.EZANGA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@ADVERTISING[2].TXT [ /ADVERTISING ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@ADXPOSE[1].TXT [ /ADXPOSE ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@APMEBF[1].TXT [ /APMEBF ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@AT.ATWOLA[1].TXT [ /AT.ATWOLA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@ATDMT[1].TXT [ /ATDMT ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@BIZZCLICK[2].TXT [ /BIZZCLICK ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@BURSTBEACON[1].TXT [ /BURSTBEACON ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@BURSTNET[1].TXT [ /BURSTNET ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@CASALEMEDIA[1].TXT [ /CASALEMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@CLICKSOR[2].TXT [ /CLICKSOR ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@COLLECTIVE-MEDIA[2].TXT [ /COLLECTIVE-MEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@CRACKLE[2].TXT [ /CRACKLE ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@DC.TREMORMEDIA[2].TXT [ /DC.TREMORMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@ENHANCE[1].TXT [ /ENHANCE ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@EYEVIEWADS[1].TXT [ /EYEVIEWADS ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@FASTCLICK[2].TXT [ /FASTCLICK ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@FIND.10TOPSEARCHES[1].TXT [ /FIND.10TOPSEARCHES ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@INSIGHTEXPRESSAI[2].TXT [ /INSIGHTEXPRESSAI ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@INTERCLICK[2].TXT [ /INTERCLICK ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@INVITEMEDIA[2].TXT [ /INVITEMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@LUCIDMEDIA[2].TXT [ /LUCIDMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@MEDIA6DEGREES[2].TXT [ /MEDIA6DEGREES ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@MEDIASERVICES-D.OPENXENTERPRISE[2].TXT [ /MEDIASERVICES-D.OPENXENTERPRISE ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@MIVA.CINOMEDIA[1].TXT [ /MIVA.CINOMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@MM.CHITIKA[1].TXT [ /MM.CHITIKA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@MYROITRACKING[2].TXT [ /MYROITRACKING ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@NETWORK.REALMEDIA[1].TXT [ /NETWORK.REALMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@NETWORLDMEDIA[2].TXT [ /NETWORLDMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@OX-D.FONDNESSMEDIA[1].TXT [ /OX-D.FONDNESSMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@POINTROLL[1].TXT [ /POINTROLL ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@PRO-MARKET[1].TXT [ /PRO-MARKET ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@QUESTIONMARKET[1].TXT [ /QUESTIONMARKET ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@REALMEDIA[1].TXT [ /REALMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@REVSCI[1].TXT [ /REVSCI ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@RU4[2].TXT [ /RU4 ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@SEARCH.CRACKLE[2].TXT [ /SEARCH.CRACKLE ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@SERVER.CPMSTAR[1].TXT [ /SERVER.CPMSTAR ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@SERVING-SYS[2].TXT [ /SERVING-SYS ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@SPECIFICCLICK[1].TXT [ /SPECIFICCLICK ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@STAT.ONESTAT[1].TXT [ /STAT.ONESTAT ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@STATCOUNTER[1].TXT [ /STATCOUNTER ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@T.POINTROLL[1].TXT [ /T.POINTROLL ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@TECHNORATIMEDIA[1].TXT [ /TECHNORATIMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@TRAFFICMP[1].TXT [ /TRAFFICMP ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@TRIBALFUSION[1].TXT [ /TRIBALFUSION ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@VITAMINE.NETWORLDMEDIA[1].TXT [ /VITAMINE.NETWORLDMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@[You must be registered and logged in to see this link.] [ /WWW.BURSTBEACON ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@[You must be registered and logged in to see this link.] [ /WWW.BURSTNET ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@[You must be registered and logged in to see this link.] [ /WWW.CRACKLE ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@XML.TRAFFICENGINE[2].TXT [ /XML.TRAFFICENGINE ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@YIELDMANAGER[1].TXT [ /YIELDMANAGER ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JENNIFER-HP$@ZEDO[1].TXT [ /ZEDO ]

Adware.CouponBar
C:\USERS\JENNIFER\APPDATA\LOCAL\TEMP\LOW\CPNPRT2.CID


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-22 18:38:43
-----------------------------
18:38:43.917 OS Version: Windows x64 6.1.7600
18:38:43.917 Number of processors: 1 586 0x170A
18:38:43.917 ComputerName: JENNIFER-HP UserName: Jennifer
18:38:44.525 Initialize success
18:38:51.255 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:38:51.255 Disk 0 Vendor: WDC_WD25 02.0 Size: 238475MB BusType: 3
18:38:51.255 Device \Driver\iaStor -> MajorFunction fffffa8004f975c4
18:38:51.255 Disk 0 MBR read successfully
18:38:51.255 Disk 0 MBR scan
18:38:51.271 Disk 0 unknown MBR code
18:38:51.302 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:38:51.317 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 218855 MB offset 409600
18:38:51.349 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19316 MB offset 448624640
18:38:51.380 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
18:38:51.427 Disk 0 scanning C:\Windows\system32\drivers
18:39:02.175 Service scanning
18:40:14.388 Modules scanning
18:40:14.388 Disk 0 trace - called modules:
18:40:14.902 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004f975c4]<<
18:40:14.902 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002404060]
18:40:14.902 3 CLASSPNP.SYS[fffff88001c8243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80021da050]
18:40:14.918 \Driver\iaStor[0xfffffa8004a1d7d0] -> IRP_MJ_CREATE -> 0xfffffa8004f975c4
18:40:14.918 Scan finished successfully
18:40:36.961 Disk 0 MBR has been saved successfully to "C:\Users\Jennifer\Desktop\MBR.dat"
18:40:36.976 The log file has been saved successfully to "C:\Users\Jennifer\Desktop\aswMBR.txt"



Resto

Rookie Surfer
Rookie Surfer

Posts : 63
Joined : 2009-09-17
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Browser Redirects - High System Resource Use - Rootkit Infection ?

Post by Superdave on Fri 23 Mar 2012, 12:53 pm

Download BlueScreenView to your desktop.
BlueScreenView
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply.
***************************************************
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Browser Redirects - High System Resource Use - Rootkit Infection ?

Post by Resto on Sat 24 Mar 2012, 3:45 am

Still having to operate in Safe Mode with Networking. In normal mode, AVG Free constantly flashes the same thing that I menioned on previous post. File Name: c:\windows\sysWOW64\compPING.dll Threat Name: Trojan horse Cryptic.DYS is detected on open. Further details from this warning show Process ID 4236 C:\Program Files\ Hewlett-Packard\HP Wireless Assistant\Delayed App Starter.exe



MBRCheck.exe will not run. I successfully downloaded it....it will initialize and shows a black window with a white cursor....but after 10 seconds or so, it disappears. Can this be run in Safe Mode....or is that the reason for its failure to run ?


BluescreenView was run and here is the log.
==================================================
Dump File : 032212-51745-01.dmp
Crash Time : 3/22/2012 6:28:03 PM
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : ffffffff`c0000005
Parameter 2 : fffff800`02c6d677
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`7ef80000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70540
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16917 (win7_gdr.111118-2330)
Processor : x64
Crash Address : ntoskrnl.exe+70540
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\032212-51745-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 7600
Dump File Size : 277,056
==================================================


Resto

Rookie Surfer
Rookie Surfer

Posts : 63
Joined : 2009-09-17
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Browser Redirects - High System Resource Use - Rootkit Infection ?

Post by Resto on Sat 24 Mar 2012, 4:09 am

OK....I managed to run MBRCheck.exe in normal mode. Log is posted below.

I am also online, now, in normal mode. AVG Free warnings have occurred two more times with the same message, but futher details are now showing AVG and MBAM as affected. I am just clicking "ignore" when this happens so as to not further complicate things for you.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Presario CQ56 Notebook PC
Logical Drives Mask: 0x0001001c

Kernel Drivers (total 164):
0x02C5B000 \SystemRoot\system32\ntoskrnl.exe
0x02C12000 \SystemRoot\system32\hal.dll
0x00BA8000 \SystemRoot\system32\kdcom.dll
0x00CB2000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CF6000 \SystemRoot\system32\PSHED.dll
0x00D0A000 \SystemRoot\system32\CLFS.SYS
0x00E99000 \SystemRoot\system32\CI.dll
0x00F59000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00E00000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E0F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E66000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E6F000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00D68000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E79000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00D9B000 \SystemRoot\System32\drivers\partmgr.sys
0x00E86000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00DB0000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00DBC000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys
0x0109D000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x012A7000 \SystemRoot\system32\DRIVERS\atapi.sys
0x012B0000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x012DA000 \SystemRoot\system32\DRIVERS\msahci.sys
0x012E5000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x012F5000 \SystemRoot\system32\drivers\amdxata.sys
0x01300000 \SystemRoot\system32\drivers\fltmgr.sys
0x0134C000 \SystemRoot\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS
0x013BD000 \SystemRoot\system32\drivers\fileinfo.sys
0x0147C000 \SystemRoot\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS
0x01636000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01560000 \SystemRoot\System32\Drivers\msrpc.sys
0x017D8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01400000 \SystemRoot\System32\Drivers\cng.sys
0x01600000 \SystemRoot\System32\drivers\pcw.sys
0x01611000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x018AE000 \SystemRoot\system32\drivers\ndis.sys
0x019A0000 \SystemRoot\system32\drivers\NETIO.SYS
0x01800000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A00000 \SystemRoot\System32\drivers\tcpip.sys
0x0182B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01000000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01875000 \SystemRoot\System32\Drivers\spldr.sys
0x015BE000 \SystemRoot\System32\drivers\rdyboost.sys
0x0187D000 \SystemRoot\System32\Drivers\mup.sys
0x0188F000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0104C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01898000 \SystemRoot\system32\DRIVERS\disk.sys
0x00C76000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0161B000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x01627000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x03E40000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03E6A000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x03E79000 \SystemRoot\System32\Drivers\Null.SYS
0x03E82000 \SystemRoot\System32\Drivers\Beep.SYS
0x03E89000 \SystemRoot\System32\drivers\vga.sys
0x03E97000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03EBC000 \SystemRoot\System32\drivers\watchdog.sys
0x03ECC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03ED5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03EDE000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03EE7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03EF2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03F03000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03F21000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03F2E000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x03F8E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03811000 \SystemRoot\system32\drivers\afd.sys
0x0389A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x038A3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x038C9000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x038DF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x038EE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03909000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0391D000 \SystemRoot\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS
0x03984000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x039BA000 \SystemRoot\system32\drivers\NISx64\1207000.00D\Ironx64.SYS
0x039E7000 \SystemRoot\system32\drivers\NISx64\1207000.00D\SRTSPX64.SYS
0x03800000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x03FD3000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x02E41000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02E92000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02E9E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02EA9000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys
0x02F1F000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x02F95000 \SystemRoot\System32\drivers\discache.sys
0x02FA4000 \SystemRoot\System32\Drivers\dfsc.sys
0x02FC2000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04026000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys
0x04111000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x04160000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04186000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0419C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04A26000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04279000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0436D000 \SystemRoot\System32\drivers\dxgmms1.sys
0x043B3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04256000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x043C0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04430000 \SystemRoot\system32\DRIVERS\netr28x.sys
0x0452E000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0453B000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04592000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x045B0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04611000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0476C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0476E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0477D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04786000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04796000 \SystemRoot\system32\DRIVERS\clwvd.sys
0x0479C000 \SystemRoot\system32\DRIVERS\ks.sys
0x047DF000 \SystemRoot\system32\drivers\ksthunk.sys
0x047E5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x045BF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04600000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04400000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x045E3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04A00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x043E4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0460C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04267000 \SystemRoot\system32\DRIVERS\umbus.sys
0x041A1000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04000000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x060EC000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0634C000 \SystemRoot\system32\drivers\portcls.sys
0x06389000 \SystemRoot\system32\drivers\drmk.sys
0x063AB000 \SystemRoot\System32\Drivers\fastfat.SYS
0x063E1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03C00000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x06000000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00030000 \SystemRoot\System32\win32k.sys
0x06013000 \SystemRoot\System32\drivers\Dxapi.sys
0x0601F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005D0000 \SystemRoot\System32\TSDDD.dll
0x00640000 \SystemRoot\System32\cdd.dll
0x008C0000 \SystemRoot\System32\ATMFD.DLL
0x0602D000 \SystemRoot\system32\drivers\luafv.sys
0x06050000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x0605B000 \SystemRoot\system32\drivers\WudfPf.sys
0x0607C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06091000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02FD3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02FE6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02CD2000 \SystemRoot\system32\drivers\HTTP.sys
0x02D9A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02DB8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02DD0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02C00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02C4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02C71000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x056AD000 \SystemRoot\system32\drivers\peauth.sys
0x05753000 \SystemRoot\System32\Drivers\secdrv.SYS
0x05EC9000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0x05F8A000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0x05E00000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05E2D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05E3F000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x0575E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05E6A000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x05600000 \SystemRoot\System32\DRIVERS\srv.sys
0x77510000 \Windows\System32\ntdll.dll
0x47C00000 \Windows\System32\smss.exe
0xFF830000 \Windows\System32\apisetschema.dll

Processes (total 82):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
396 C:\PROGRA~2\AVG\AVG10\avgchsva.exe
440 C:\PROGRA~2\AVG\AVG10\avgrsa.exe
596 csrss.exe
640 C:\Windows\System32\wininit.exe
648 csrss.exe
692 C:\Windows\System32\winlogon.exe
728 C:\Windows\System32\services.exe
744 C:\Windows\System32\lsass.exe
752 C:\Windows\System32\lsm.exe
880 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
580 C:\Windows\System32\svchost.exe
532 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\audiodg.exe
1084 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\spoolsv.exe
1424 C:\Windows\System32\svchost.exe
1568 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1652 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
1680 C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
1768 C:\Windows\System32\dldocoms.exe
1816 C:\Windows\System32\svchost.exe
1876 C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
1940 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
2020 C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
2040 C:\Program Files (x86)\AVG\AVG10\avgemca.exe
1136 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
1080 C:\Windows\System32\conhost.exe
1744 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2072 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe
2088 C:\Windows\System32\taskhost.exe
2164 C:\Windows\System32\dwm.exe
2232 C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
2296 C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
2344 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2592 C:\Windows\explorer.exe
2632 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
2704 C:\Windows\System32\svchost.exe
2752 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2848 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
2952 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3028 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
1512 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe
3280 WmiPrvSE.exe
3332 C:\Windows\svchost.exe
3340 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
3452 C:\Windows\System32\taskeng.exe
3468 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3888 C:\Windows\System32\SearchIndexer.exe
4028 C:\Windows\System32\igfxtray.exe
952 C:\Windows\System32\svchost.exe
3420 C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
1640 C:\Windows\System32\hkcmd.exe
5000 C:\Windows\System32\SearchProtocolHost.exe
5068 C:\Windows\System32\conhost.exe
992 C:\Windows\System32\igfxpers.exe
4272 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4304 C:\Windows\System32\SearchFilterHost.exe
4472 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
4620 C:\Windows\System32\svchost.exe
4828 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
5028 C:\Program Files\Windows Media Player\wmpnetwk.exe
4208 C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe
4552 C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe
4652 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
872 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
940 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3068 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
2524 C:\Program Files (x86)\AVG\AVG10\avgtray.exe
3800 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2896 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
3404 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
3848 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
3112 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1476 C:\Users\Jennifer\Desktop\MBRCheck.exe
4200 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
5148 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000035`7af00000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: WDCWD2500BEVT-60A23T0, Rev: 02.01A02

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: D507A6106023D83A0AF8CDEC23657D403A1F6512


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

Resto

Rookie Surfer
Rookie Surfer

Posts : 63
Joined : 2009-09-17
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Browser Redirects - High System Resource Use - Rootkit Infection ?

Post by Superdave on Sat 24 Mar 2012, 6:15 am

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Please try this for me? Download, install and activate MicroSoft Security Essentials(below). De-activate AVG and see if you're still receiving those warnings.

Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
***************************************************
Please Boot to the System Recovery Options
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...
NOTE. If none of the above apply you can create System Repair Disc (link in "Option two") and boot from it.

On the System Recovery Options menu you will get the following options:


  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt


Choose Command Prompt
You should see X:\SOURCES>...

Execute the following commands in bold.
Press Enter after every one of them.

bootrec /fixmbr (<--- there is a "space" after "bootrec")

bootrec /fixboot (<--- there is a "space" after "bootrec")

exit

Restart computer.
Please run MBRCheck.exe again after doing the above.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Browser Redirects - High System Resource Use - Rootkit Infection ?

Post by Resto on Sat 24 Mar 2012, 9:31 am

I am posting from my clean computer. Issues with my wife's laptop seem to go from bad to worse.

Something caused her computer to have an unexpected shut down at about 47 % completion (slightly over 3 hrs of run time) of Kapersky scan. Turned it back on and Windows began loading normally - quickly followed by a BSOD. I re-started the laptop in Safe mode and ran BluescreenView and it shows no record of the event.

My wife says that she has nothing of any particular value on this laptop and in order to get her up-and-running quicker, she has asked if it might be easier (for both you and me) to reformat and reload her operating system.

The problem is that I do not really know how to perform that procedure, but would be glad to do it with your guidance.

Additonally, I am pretty certain that the laptop did not come with any reinstallation disks. Is there a recovery option somewhere on her existing hard drive ?

Awaiting your advice before proceeding. Thank you !

Resto

Rookie Surfer
Rookie Surfer

Posts : 63
Joined : 2009-09-17
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Browser Redirects - High System Resource Use - Rootkit Infection ?

Post by Superdave on Sat 24 Mar 2012, 10:23 am

Yes, Windows 7 comes with a Recovery Console. This will take the computer back to the day it was purchased. This is for Vista but it's almost identical to Windows 7

Run the Vista Recovery Console.

1. Eject and remove any discs or memory cards from your computer.

2. Click the "Start" button on the desktop to open the Start menu, click the small arrow icon to the right of the lock icon and select "Restart".

3. Hold the "F8" key on your computer's keyboard as Windows Vista reboots.

4. Highlight and select "Repair your computer" choose your keyboard type and click "Next".

5. Choose your user name, type your password if prompted and click "OK" to access the System Recovery Options menu.

Here's a link that will help.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Browser Redirects - High System Resource Use - Rootkit Infection ?

Post by Resto on Sat 24 Mar 2012, 4:35 pm

Thanks, Dave.

I appreciate your analysis of the logs that I sent you and for giving me the confidence to proceed with this repair

I took the path of least resistance on this one. My wife said she had back-up copies of anything on her HDD that mattered....and that losing anything else made no difference to her. So, I simply formatted and reinstalled the OS. She is back in business with a fresh computer.

BTW, are you guys still offering the GeekPolice Academy ? GP has helped me several times over the years and if your team is willing to adequately train me to fight and remove malware, it would be my pleasure to begin my studies...so that one day I can help others on your site - the way that GP has helped me.

Again, many thanks for your assistance.

Resto

Rookie Surfer
Rookie Surfer

Posts : 63
Joined : 2009-09-17
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Browser Redirects - High System Resource Use - Rootkit Infection ?

Post by Superdave on Sun 25 Mar 2012, 10:20 am

BTW, are you guys still offering the GeekPolice Academy ? GP has helped me several times over the years and if your team is willing to adequately train me to fight and remove malware, it would be my pleasure to begin my studies...so that one day I can help others on your site - the way that GP has helped me.
Again, many thanks for your assistance.
Make sure you scan the saved data with at least two updated AV's before putting them back on the computer.

[You must be registered and logged in to see this link.] the link for GPA.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Browser Redirects - High System Resource Use - Rootkit Infection ?

Post by Resto on Mon 26 Mar 2012, 5:42 am

Thanks, again. Her laptop is out-of-the-box fresh and working great.

There were no documents on her computer, so no worries about that. The only items that will be put back on it are the photos she had. Rather than replace them from her back-ups on her USB-drive, I am going to replace them from the original source - which is her camera's SD card. I am also going to format the USB-drive before it is used again. Do I need to hold "Shift" key for a few seconds when I place it in a USB port on the computer ? How does holding the "Shift" key help during this process ?

I will follow the link to the GPA and put in my application to be considered for admission !

Thank you.

Resto

Rookie Surfer
Rookie Surfer

Posts : 63
Joined : 2009-09-17
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Browser Redirects - High System Resource Use - Rootkit Infection ?

Post by Superdave on Mon 26 Mar 2012, 11:43 am

I am also going to format the USB-drive before it is used again. Do I need to hold "Shift" key for a few seconds when I place it in a USB port on the computer ? How does holding the "Shift" key help during this process ?
That's another good idea. Holding the shift key down while inserting the memory device prevents the autoruns from running. Here's a good little utility for USB devices.

Download Panda USB and AutoRun Vaccine and save it to your desktop.

* Extract (unzip) the file to your desktop and a folder named USBVaccine will be created.
* Open that folder and double-click on USBVaccine.exe to start the program.
* Click Run
* Click the button to Vaccinate computer.
* Insert your USB flash drive.
* When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
* Exit Panda USB and AutoRun Vaccine when done.

Note: Computer AutoRun Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced by malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.
Good luck.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Browser Redirects - High System Resource Use - Rootkit Infection ?

Post by Sponsored content Today at 2:30 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum