Google Redirecting Malware

Re: Google Redirecting Malware1st July 2010, 4:39 pm

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

Double-click on drweb-cureit.exe to start the program.
An Express Scan of your PC notice will appear.
Under Start the Express Scan Now, Click OK to start the scan.
This is a short scan that will scan the files currently running in memory.
If something is found, click the Yes button when it asks you if you want to cure it.
Once the short scan has finished, Click Options > Change settings
Choose the Scan tab and UNcheck Heuristic analysis
Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
When finished, a message will be displayed at the bottom advising if any viruses were found.
Click Yes to all if it asks if you want to cure/move the file.
When the scan has finished, look if you can see the icon next to the files found.
If so, click it, then click the next icon right below and select Move incurable.
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
Save the DrWeb.csv report to your Desktop.
Exit Dr.Web Cureit when you have finished.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Re: Google Redirecting Malware5th July 2010, 2:16 am

A0001058.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1;Tool.ProcessKill;Incurable.Moved.;
A0001065.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1;Adware.SaveNow;Incurable.Moved.;
A0024689.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP9;Trojan.DownLoad.336;Deleted.;
A0024690.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP9;Trojan.DownLoader.53869;Deleted.;
A0024691.dll;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP9;Trojan.Starter.585;Deleted.;
A0024692.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP9;BackDoor.Infum.2;Deleted.;
A0024693.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP9;Trojan.Click.2093;Deleted.;
cabal[1].exe;C:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\UFP4Y7J1;Trojan.DownLoad.336;Deleted.;
Cheat Engine.exe;C:\Program Files\Cheat Engine;Trojan.DownLoader.53869;Deleted.;
dk2web.dll;C:\Documents and Settings\HP_Administrator\Desktop\DarkEden\DarkEden;Adware.Maxsys;Incurable.Moved.;
HPI_Exit.exe;C:\Program Files\Hewlett-Packard\PhotoSmart\Update;BackDoor.Infum.2;Deleted.;
inetchk.exe;C:\Program Files\music_now;Trojan.Click.2093;Deleted.;
mirc.chm;C:\Program Files\mIRC;Container contains infected objects;Moved.;
mirc.chm\ctcp_events.htm;C:\Program Files\mIRC\mirc.chm;IRC.Generic.32;;
pscan.dll;C:\Program Files\Cheat Engine;Trojan.Starter.585;Deleted.;

Re: Google Redirecting Malware5th July 2010, 5:13 am

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
Accept the License agreement and click on next.
It will, by default, install it to your desktop folder. Click Next.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.

Hidden Startup Objects

System Memory

Disk Boot Sectors.

My Computer.

Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

Then click on Scan at the to right hand Corner.
It will automatically Neutralize any objects found.
If some objects are left un-neutralized then click the button that says Neutralize all
If it says it cannot be neutralized then choose the delete option when prompted.
After that is done click on the reports button at the bottom and save it to file name it Kas.
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Re: Google Redirecting Malware9th July 2010, 6:26 am

7/8/2010 4:23:53 AM C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\44\1f28756c-1c83d1db/javax/AServers.class
7/8/2010 4:30:07 AM C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\53\68e558f5-49836bcd/Email.class
7/8/2010 5:09:30 AM C:\Documents and Settings\HP_Administrator\Desktop\Lineage II\chat.exe/mIRC 6.16 for isoGames IRC Network.msi/Data1.cab/mirc.exe Information
7/8/2010 5:14:26 AM C:\Documents and Settings\HP_Administrator\DoctorWeb\Quarantine\A0001065.exe/CryptFF Information
7/8/2010 5:50:56 AM C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\11\51bd4ccb-2355dcf0/AppleT.class
7/8/2010 2:44:41 PM C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\44\1f28756c-1c83d1db/javax/Server1.class
7/8/2010 2:44:41 PM C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\21\418417d5-57cb4718/dev/s/AdgredY.class
7/8/2010 2:44:41 PM C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\53\68e558f5-49836bcd/ExecService.class
7/8/2010 2:44:46 PM C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\44\1f28756c-1c83d1db/javax/Server2.class
7/8/2010 2:44:46 PM C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\21\418417d5-57cb4718/dev/s/DyesyasZ.class
7/8/2010 2:44:57 PM C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\21\418417d5-57cb4718/dev/s/LoaderX.class
7/8/2010 3:39:08 PM C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0001057.exe Information
7/8/2010 4:02:31 PM C:\WINDOWS\Temp\Acr43A5.tmp/data0000
7/8/2010 5:02:45 PM C:\Documents and Settings\HP_Administrator\Desktop\Lineage II\chat.exe/mIRC 6.16 for isoGames IRC Network.msi/Data1.cab/mirc.exe Information
7/8/2010 5:10:01 PM C:\Documents and Settings\HP_Administrator\DoctorWeb\Quarantine\A0001065.exe/CryptFF Information
7/8/2010 6:05:33 PM C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0001057.exe Information

Re: Google Redirecting Malware9th July 2010, 8:30 pm

Excellent.

Please download RootRepeal from GooglePages.com.

Extract the program file to your Desktop.
Run the program RootRepeal.exe.
Click Settings > Options. Drag the slider to High Level. Then, click the Red X.
Go to the Report tab and click on the Scan button.
Select ALL of the checkboxes and then click OK and it will start scanning your system.
If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
When done, click on Save Report
Save it to the Desktop.
Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).

Re: Google Redirecting Malware10th July 2010, 4:47 am

I'm getting error messages when I try using RootRepeal.

Re: Google Redirecting Malware10th July 2010, 6:28 pm

What error messages are you receiving?

Re: Google Redirecting Malware12th July 2010, 4:20 am

Uh oh....I somehow got a new infection.....

Can't start any applications and get a message that says that the application is "not a valid win32 application". What should I do?

Re: Google Redirecting Malware12th July 2010, 4:48 am

Download Win32kDiag from any of the following locations and save it to your Desktop.

Double-click Win32kDiag.exe to run Win32kDiag and let it finish.

When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.

Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

Re: Google Redirecting Malware12th July 2010, 4:50 am

I can't start it up once I download it.

Re: Google Redirecting Malware12th July 2010, 4:51 am

We are going to be using a Windows Recovery Environment to help disinfect the system.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

Place a blank CD-R disc in to your CD burning drive.
Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here
Your system should now display a REATOGO-X-PE desktop.
Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings
- Change Drivers to Non-Microsoft
- Press Run Scan to start the scan.
- When finished, the file will be saved in drive C:\_OTL\MovedFiles
- Copy this file to your USB drive if you do not have internet connection on this system
- Please post the contents of the OTL.txt file in your reply.

Re: Google Redirecting Malware12th July 2010, 5:04 am

Do I have to download ISO burner?

Re: Google Redirecting Malware12th July 2010, 5:07 am

No. ISOBurner is packaged with OTLPEStd.exe.

Re: Google Redirecting Malware12th July 2010, 5:27 am

What's supposed to happen? Because I open the download without getting an "invalid win32 application" error.

Re: Google Redirecting Malware12th July 2010, 5:28 am

If you cannot get it to run on the current computer, try it from a different computer.

Re: Google Redirecting Malware12th July 2010, 5:31 am

Okay I'll try that.

I really appreciate your patience and your help by the way. Thank you very much.

Re: Google Redirecting Malware12th July 2010, 8:07 am

Sorry didn't see anything that skipped non-Microsoft drivers.

OTL logfile created on: 7/12/2010 1:46:49 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.07 Gb Total Space | 38.29 Gb Free Space | 17.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 8.79 Gb Total Space | 0.44 Gb Free Space | 5.05% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - [2010/06/25 19:22:13 | 000,006,656 | ---- | M] () [On_Demand] -- C:\WINDOWS\system32\3D1AB9A9.exe -- (3D1AB9A9)
SRV - [2010/06/25 19:22:12 | 000,006,656 | ---- | M] () [On_Demand] -- C:\WINDOWS\system32\441CC720.exe -- (441CC720)
SRV - [2010/06/25 19:22:09 | 000,006,656 | ---- | M] () [On_Demand] -- C:\WINDOWS\system32\F6E68549.exe -- (F6E68549)
SRV - [2010/06/25 19:22:08 | 000,006,656 | ---- | M] () [On_Demand] -- C:\WINDOWS\system32\9258704E.exe -- (9258704E)
SRV - [2010/06/11 00:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/13 14:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) [Disabled] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/10/30 21:29:56 | 000,136,448 | ---- | M] (Panda Security, S.L.) [Auto] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2009/04/02 15:47:04 | 000,234,888 | ---- | M] () [Auto] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 15:47:02 | 000,464,264 | ---- | M] () [Auto] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/07/23 16:54:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/07/25 21:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [Disabled] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 21:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2005/03/14 22:05:02 | 000,069,632 | ---- | M] (HP) [Disabled] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\RkPavproc1.sys -- (RkPavproc1)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (Normandy)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- C:\WINDOWS\System32\DRIVERS\cdrom.sys -- (Cdrom)
DRV - [2010/07/08 05:10:46 | 000,278,984 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/07/08 05:10:46 | 000,025,416 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/04/03 18:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/10/30 20:18:01 | 000,146,952 | ---- | M] (Panda Security, S.L.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2009/10/13 19:50:55 | 000,101,512 | ---- | M] (Panda Security, S.L.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2009/10/13 19:50:54 | 000,114,312 | ---- | M] (Panda Security, S.L.) [Kernel | System] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2009/10/13 19:50:54 | 000,095,880 | ---- | M] (Panda Security, S.L.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2009/05/09 04:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/02/18 03:05:03 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/02/11 15:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/18 22:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/04/29 19:04:33 | 000,023,217 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- C:\Documents and Settings\HP_Administrator\Desktop\Lineage II\system\npkcrypt.sys -- (npkcrypt)
DRV - [2008/04/17 14:54:54 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 16:49:00 | 000,003,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2006/04/13 19:47:38 | 000,168,064 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2006/03/03 17:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 17:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 20:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 14:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 14:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 14:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/06/29 20:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2)
DRV - [2005/06/17 09:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 10:45:12 | 000,017,408 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest.ERIC_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\Guest.ERIC_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\Guest.ERIC_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Guest.ERIC_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\Guest.ERIC_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Guest.ERIC_ON_C\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\Guest.ERIC_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\Guest.ERIC_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\HP_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\HP_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\HP_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\HP_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\HP_Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\HP_Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\HP_Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\{30A770C9-F875-44F8-AF80-3147BCCFD89A}: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{30A770C9-F875-44F8-AF80-3147BCCFD89A} [2010/06/30 06:37:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/28 02:49:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/28 02:42:09 | 000,000,000 | ---D | M]

[2008/12/01 23:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2008/08/09 16:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\8ht0b132.default\extensions
[2010/07/10 20:45:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/10/10 16:57:38 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/04/24 05:57:44 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/19 08:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/07/31 21:44:28 | 000,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[2006/09/24 02:36:57 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/06/17 22:00:12 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll

O1 HOSTS File: ([2010/06/23 01:34:46 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: )
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Guest.ERIC_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Guest.ERIC_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKU\HP_Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\HP_Administrator_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPSUreset] c:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Mqoganapiqifep] C:\WINDOWS\iwufazeqeq.DLL (MainConcept GmbH)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PMLreset] c:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [RBreset] c:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SetDefaultPrinter] c:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\Guest.ERIC_ON_C..\Run: [Mqoganapiqifep] C:\WINDOWS\iwufazeqeq.DLL (MainConcept GmbH)
O4 - HKU\Guest.ERIC_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKU\HP_Administrator_ON_C..\Run: [Kmozafeyutezezuq] C:\WINDOWS\wroFrne.DLL ()
O4 - HKU\HP_Administrator_ON_C..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\HP_Administrator_ON_C..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Jhjxm = rundll32 "C:\WINDOWS\system32\12520437Z.dll",NZOHMSFAFN File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest.ERIC_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HP_Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HP_Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\HP_Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208586709312 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/18 00:59:03 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - H:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1"

========== Files/Folders - Created Within 30 Days ==========

[2010/07/12 00:42:30 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/07/09 04:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2010/07/09 04:56:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\TuneUpMedia
[2010/07/08 06:17:19 | 074,117,032 | ---- | C] ( ) -- C:\Documents and Settings\HP_Administrator\Desktop\setup_9.0.0.722_08.07.2010_11-53.exe
[2010/07/03 23:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/03 02:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mozilla
[2010/07/03 02:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2010/07/02 02:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\DoctorWeb
[2010/07/01 03:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\SpiderKill
[2010/06/30 06:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{30A770C9-F875-44F8-AF80-3147BCCFD89A}
[2010/06/30 01:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/06/29 18:29:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\GooredFix Backups
[2010/06/28 03:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/06/26 09:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/26 09:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/25 05:14:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\UserData
[2010/06/23 19:11:54 | 000,719,574 | ---- | C] (UG North ) -- C:\Documents and Settings\HP_Administrator\Desktop\RkU3.8.388.590.exe
[2010/06/23 16:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/06/23 00:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/06/23 00:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/23 00:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/22 23:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest.ERIC\Local Settings\Application Data\{C94FCD73-2E12-4932-97BF-3BE7F2183017}
[2010/06/22 17:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2010/06/22 16:24:07 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2010/06/22 16:24:05 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2010/06/22 16:23:49 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2010/06/22 16:23:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2010/06/22 16:23:43 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2010/06/22 16:23:26 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2010/06/22 16:23:22 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2010/06/22 16:23:20 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2010/06/22 16:23:18 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
[2010/06/22 16:23:02 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
[2010/06/22 16:22:59 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2010/06/22 16:22:39 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
[2010/06/22 16:22:35 | 000,161,020 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys
[2010/06/22 16:22:32 | 000,702,845 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2010/06/22 16:22:29 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
[2010/06/22 16:22:13 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
[2010/06/22 16:22:11 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2010/06/22 16:22:08 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010/06/22 16:21:42 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys
[2010/06/22 16:21:38 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys
[2010/06/22 16:21:36 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2010/06/22 16:21:34 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys
[2010/06/22 16:21:18 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys
[2010/06/22 16:21:14 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys
[2010/06/22 16:21:12 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2010/06/22 16:21:10 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll
[2010/06/22 16:20:54 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2010/06/22 16:20:50 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2010/06/22 16:20:48 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys
[2010/06/22 16:20:46 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2010/06/22 16:20:31 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys
[2010/06/22 16:20:26 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2010/06/22 16:20:24 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2010/06/22 16:20:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2010/06/22 16:20:04 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2010/06/22 16:20:03 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys
[2010/06/22 16:20:01 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2010/06/22 16:19:45 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2010/06/22 16:19:39 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2010/06/22 16:19:22 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2010/06/22 16:19:16 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2010/06/22 16:18:58 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2010/06/22 16:18:52 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2010/06/22 16:18:49 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2010/06/22 16:18:34 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2010/06/22 16:18:28 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2010/06/22 16:18:09 | 000,907,456 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys
[2010/06/22 16:18:04 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2010/06/22 16:18:01 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2010/06/22 16:17:44 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2010/06/22 16:17:39 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2010/06/22 16:17:36 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2010/06/22 16:17:33 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
[2010/06/22 16:17:31 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
[2010/06/22 16:17:29 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
[2010/06/22 16:17:14 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
[2010/06/22 16:17:10 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2010/06/22 16:17:06 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2010/06/22 16:16:50 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2010/06/22 16:16:46 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2010/06/22 16:16:43 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2010/06/22 16:16:41 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2010/06/22 16:16:26 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2010/06/22 16:16:21 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2010/06/22 16:16:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2010/06/22 16:16:14 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2010/06/22 16:15:54 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
[2010/06/22 16:15:51 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2010/06/22 16:15:49 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
[2010/06/22 16:15:34 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2010/06/22 16:15:30 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2010/06/22 16:15:28 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2010/06/22 16:15:11 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
[2010/06/22 16:15:06 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2010/06/22 16:15:04 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2010/06/22 16:15:03 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2010/06/22 16:14:47 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2010/06/22 16:14:43 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
[2010/06/22 16:14:39 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
[2010/06/22 16:14:23 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys
[2010/06/22 16:14:19 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys
[2010/06/22 16:14:18 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys
[2010/06/22 16:14:16 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
[2010/06/22 16:14:15 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2010/06/22 16:13:59 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2010/06/22 16:13:56 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
[2010/06/22 16:13:54 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe
[2010/06/22 16:13:53 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe
[2010/06/22 16:13:51 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe
[2010/06/22 16:13:36 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys
[2010/06/22 16:13:32 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2010/06/22 16:13:31 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
[2010/06/22 16:13:30 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2010/06/22 16:13:28 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
[2010/06/22 16:13:09 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
[2010/06/22 16:13:08 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
[2010/06/22 16:13:06 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2010/06/22 16:13:05 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
[2010/06/22 16:13:04 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
[2010/06/22 16:12:49 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys
[2010/06/22 16:12:46 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2010/06/22 16:12:45 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
[2010/06/22 16:12:44 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys
[2010/06/22 16:12:43 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
[2010/06/22 16:12:42 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys
[2010/06/22 16:12:41 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
[2010/06/22 16:12:26 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
[2010/06/22 16:12:23 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
[2010/06/22 16:12:22 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
[2010/06/22 16:12:21 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
[2010/06/22 16:12:20 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
[2010/06/22 16:12:18 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
[2010/06/22 16:12:03 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys
[2010/06/22 16:12:00 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
[2010/06/22 16:11:40 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2010/06/22 16:11:35 | 000,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
[2010/06/22 16:11:33 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2010/06/22 16:11:32 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2010/06/22 16:11:31 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2010/06/22 16:11:16 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2010/06/22 16:11:12 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2010/06/22 16:10:52 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010/06/22 16:10:48 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2010/06/22 16:10:45 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2010/06/22 16:10:44 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2010/06/22 16:10:24 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2010/06/22 16:10:24 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2010/06/22 16:10:23 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2010/06/22 16:10:22 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2010/06/22 16:10:14 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2010/06/22 16:10:13 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe
[2010/06/22 16:10:04 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys
[2010/06/22 16:10:01 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll
[2010/06/22 16:10:00 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys
[2010/06/22 16:09:59 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll
[2010/06/22 16:09:59 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll
[2010/06/22 16:09:58 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll
[2010/06/22 16:09:57 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll
[2010/06/22 16:09:56 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys
[2010/06/22 16:09:41 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys
[2010/06/22 16:09:38 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll
[2010/06/22 16:09:37 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys
[2010/06/22 16:09:36 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll
[2010/06/22 16:09:34 | 000,419,357 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll
[2010/06/22 16:09:18 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys
[2010/06/22 16:09:15 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2010/06/22 16:09:14 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2010/06/22 16:09:13 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
[2010/06/22 16:09:12 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2010/06/22 16:09:11 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2010/06/22 16:09:10 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2010/06/22 16:08:55 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2010/06/22 16:08:52 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2010/06/22 16:08:51 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2010/06/22 16:08:50 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2010/06/22 16:08:49 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2010/06/22 16:08:47 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2010/06/22 16:08:32 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys
[2010/06/22 16:08:27 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2010/06/22 16:08:26 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2010/06/22 16:08:25 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2010/06/22 16:08:25 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2010/06/22 16:08:24 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2010/06/22 16:08:09 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2010/06/22 16:08:06 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2010/06/22 16:08:01 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2010/06/22 16:07:46 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2010/06/22 16:07:42 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2010/06/22 16:07:39 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2010/06/22 16:07:38 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2010/06/22 16:07:37 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2010/06/22 16:07:36 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2010/06/22 16:07:35 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2010/06/22 16:07:35 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2010/06/22 16:07:20 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
[2010/06/22 16:07:16 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2010/06/22 16:07:13 | 000,096,256 | ---- | C] (Copyright (C) Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2010/06/22 16:07:12 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2010/06/22 16:06:57 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2010/06/22 16:06:53 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2010/06/22 16:06:51 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2010/06/22 16:06:50 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2010/06/22 16:06:49 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2010/06/22 16:06:49 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2010/06/22 16:06:33 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2010/06/22 16:06:24 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2010/06/22 16:06:21 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2010/06/22 16:06:20 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2010/06/22 16:06:17 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys
[2010/06/22 16:06:03 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2010/06/22 16:05:59 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2010/06/22 16:05:56 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2010/06/22 16:05:55 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2010/06/22 16:05:54 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2010/06/22 16:05:54 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2010/06/22 16:05:53 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2010/06/22 16:05:51 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2010/06/22 16:05:36 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2010/06/22 16:05:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/06/22 16:05:21 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2010/06/22 16:05:21 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2010/06/22 16:05:20 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2010/06/22 16:05:20 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2010/06/22 16:05:05 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2010/06/22 16:04:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2010/06/22 16:04:50 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2010/06/22 16:04:49 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2010/06/22 16:04:49 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2010/06/22 16:04:48 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2010/06/22 16:04:33 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2010/06/22 16:04:30 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2010/06/22 16:04:27 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2010/06/22 16:04:25 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2010/06/22 16:04:24 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2010/06/22 16:04:10 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2010/06/22 16:04:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2010/06/22 16:04:07 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2010/06/22 16:04:06 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2010/06/22 16:04:05 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2010/06/22 16:03:47 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2010/06/22 16:03:09 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2010/06/22 16:03:06 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2010/06/22 16:02:52 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2010/06/22 16:02:49 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2010/06/22 16:02:49 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2010/06/22 16:02:48 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2010/06/22 16:02:47 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2010/06/22 16:02:47 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2010/06/22 16:02:29 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2010/06/22 16:02:25 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2010/06/22 16:02:25 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2010/06/22 16:02:24 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2010/06/22 16:02:24 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2010/06/22 16:02:23 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2010/06/22 16:02:23 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2010/06/22 16:02:22 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2010/06/22 16:02:22 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2010/06/22 16:02:21 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2010/06/22 16:02:21 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2010/06/22 16:02:20 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2010/06/22 16:02:05 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2010/06/22 16:02:02 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2010/06/22 16:02:00 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010/06/22 16:01:58 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2010/06/22 16:01:57 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2010/06/22 16:01:57 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2010/06/22 16:01:39 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2010/06/22 16:01:34 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2010/06/22 16:01:31 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2010/06/22 16:01:31 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2010/06/22 16:01:30 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2010/06/22 16:01:30 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010/06/22 16:01:29 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010/06/22 16:01:29 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010/06/22 16:01:28 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010/06/22 16:01:28 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010/06/22 16:01:26 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2010/06/22 16:01:11 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2010/06/22 16:01:07 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2010/06/22 16:00:56 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2010/06/22 16:00:55 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2010/06/22 16:00:38 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2010/06/22 16:00:37 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2010/06/22 16:00:37 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2010/06/22 16:00:37 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2010/06/22 16:00:36 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2010/06/22 16:00:36 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2010/06/22 16:00:35 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2010/06/22 16:00:18 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2010/06/22 16:00:15 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2010/06/22 16:00:14 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010/06/22 16:00:12 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2010/06/22 16:00:12 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2010/06/22 16:00:11 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2010/06/22 15:59:55 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2010/06/22 15:59:50 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2010/06/22 15:59:48 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2010/06/22 15:59:47 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010/06/22 15:59:47 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2010/06/22 15:59:46 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2010/06/22 15:59:46 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2010/06/22 15:59:45 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2010/06/22 15:59:45 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2010/06/22 15:59:28 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2010/06/22 15:59:23 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2010/06/22 15:59:18 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2010/06/22 15:59:03 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010/06/22 15:58:58 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010/06/22 15:58:56 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010/06/22 15:58:55 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010/06/22 15:58:55 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010/06/22 15:58:54 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010/06/22 15:58:54 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2010/06/22 15:58:39 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010/06/22 15:58:33 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2010/06/22 15:58:32 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2010/06/22 15:58:14 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2010/06/22 15:58:11 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2010/06/22 15:58:11 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2010/06/22 15:58:10 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010/06/22 15:58:10 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2010/06/22 15:58:09 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2010/06/22 15:58:09 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2010/06/22 15:58:09 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2010/06/22 15:58:07 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/06/22 15:58:07 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010/06/22 15:58:07 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010/06/22 15:57:51 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2010/06/22 15:53:36 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll

Last edited by crucifix676 on 12th July 2010, 8:10 am; edited 1 time in total

Re: Google Redirecting Malware12th July 2010, 8:09 am

[2010/06/22 14:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Simply Super Software
[2010/06/22 14:20:18 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010/06/22 06:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Loaris
[2010/06/22 03:29:57 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/06/21 07:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\RegRun2
[2010/06/21 07:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/06/21 07:23:21 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/06/20 02:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/20 02:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/12 16:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\PCHealth
[2010/06/12 14:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\NeopleLauncherDFO
[2010/06/12 14:26:10 | 000,000,000 | ---D | C] -- C:\Nexon
[2010/06/12 03:30:26 | 1189,285,496 | ---- | C] (Nexon) -- C:\Documents and Settings\HP_Administrator\Desktop\DFOSetup21.exe
[2009/11/08 22:08:08 | 692,554,778 | ---- | C] (Macrovision Corporation) -- C:\Documents and Settings\HP_Administrator\MTGOIII.exe
[2006/02/19 13:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/12 03:34:51 | 016,252,928 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/07/12 03:34:51 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/07/12 03:34:51 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/07/12 03:34:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/12 03:34:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/12 03:34:39 | 007,014,500 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2010/07/12 03:33:59 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/07/12 03:26:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2239381086-1206112939-3159093799-1008UA.job
[2010/07/12 02:26:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2239381086-1206112939-3159093799-1008Core.job
[2010/07/12 01:45:10 | 001,048,576 | ---- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010/07/12 00:46:58 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Win32kDiag.exe
[2010/07/12 00:43:54 | 3219,705,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/12 00:40:46 | 001,048,576 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/07/12 00:40:46 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/12 00:40:44 | 001,600,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/07/12 00:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/07/12 00:10:45 | 000,000,018 | -H-- | M] () -- C:\SYSREST
[2010/07/11 23:50:53 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/07/11 21:55:41 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/07/11 18:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/07/11 17:26:19 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Gbuxuq.dat
[2010/07/11 17:26:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Pkexevihep.bin
[2010/07/11 17:26:17 | 000,272,161 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/07/11 06:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/07/10 12:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/07/10 03:01:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/09 04:42:19 | 000,001,516 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/07/08 06:26:07 | 074,117,032 | ---- | M] ( ) -- C:\Documents and Settings\HP_Administrator\Desktop\setup_9.0.0.722_08.07.2010_11-53.exe
[2010/07/08 05:10:46 | 000,278,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/07/08 05:10:46 | 000,025,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/07/06 00:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/04 21:23:35 | 000,001,585 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\DrWeb.csv
[2010/07/03 23:16:41 | 003,193,659 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HD Trance - Focus.mp3
[2010/07/03 23:11:32 | 006,658,424 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\328239_LANCEFINALFUCK.mp3
[2010/07/03 23:04:34 | 004,912,787 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Boys Like Girls-Heart Heartbreak.mp3
[2010/07/02 05:34:23 | 000,002,378 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk
[2010/07/02 05:34:23 | 000,002,356 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/01 03:59:01 | 000,113,664 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SpiderKill.zip
[2010/06/29 17:52:37 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/06/25 19:22:13 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\3D1AB9A9.exe
[2010/06/25 19:22:12 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\441CC720.exe
[2010/06/25 19:22:09 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\F6E68549.exe
[2010/06/25 19:22:08 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\9258704E.exe
[2010/06/24 00:12:15 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\D59DD1EF.exe
[2010/06/23 18:56:59 | 000,000,097 | ---- | M] () -- C:\WINDOWS\wroFrne.dll
[2010/06/23 16:20:01 | 000,939,956 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\7z465.exe
[2010/06/23 04:28:55 | 000,284,915 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2010/06/23 01:08:07 | 000,001,778 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/06/22 23:53:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\wupd.dat
[2010/06/22 23:39:34 | 001,835,008 | ---- | M] () -- C:\Documents and Settings\Guest.ERIC\NTUSER.DAT
[2010/06/22 23:39:18 | 003,228,950 | -H-- | M] () -- C:\Documents and Settings\Guest.ERIC\Local Settings\Application Data\IconCache.db
[2010/06/22 20:42:09 | 000,007,680 | ---- | M] () -- C:\WINDOWS\14359296.exe
[2010/06/22 20:42:09 | 000,000,076 | ---- | M] () -- C:\WINDOWS\14359296.dat
[2010/06/22 16:46:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/22 14:30:29 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/06/22 14:13:40 | 000,000,010 | ---- | M] () -- C:\WINDOWS\System32\kr_done1
[2010/06/22 05:37:55 | 000,002,524 | ---- | M] () -- C:\WINDOWS\udulupav.dll
[2010/06/22 05:19:29 | 000,002,524 | ---- | M] () -- C:\WINDOWS\ihovokom.dll
[2010/06/22 03:18:25 | 000,002,524 | ---- | M] () -- C:\WINDOWS\ocahowobozeyes.dll
[2010/06/21 07:32:43 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/21 07:32:43 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/06/21 07:32:43 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/06/12 16:25:32 | 000,325,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 15:35:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/12 15:15:43 | 000,507,922 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/12 15:15:43 | 000,445,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/12 15:15:43 | 000,072,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/12 05:42:59 | 1189,285,496 | ---- | M] (Nexon) -- C:\Documents and Settings\HP_Administrator\Desktop\DFOSetup21.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/12 00:46:51 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Win32kDiag.exe
[2010/07/12 00:43:54 | 3219,705,856 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/12 00:10:45 | 000,000,018 | -H-- | C] () -- C:\SYSREST
[2010/07/08 05:10:46 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/07/08 05:10:46 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/07/04 21:23:35 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\DrWeb.csv
[2010/07/03 23:16:06 | 003,193,659 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HD Trance - Focus.mp3
[2010/07/03 23:10:27 | 006,658,424 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\328239_LANCEFINALFUCK.mp3
[2010/07/03 23:04:06 | 004,912,787 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Boys Like Girls-Heart Heartbreak.mp3
[2010/07/01 03:59:03 | 000,113,664 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SpiderKill.zip
[2010/06/25 19:22:09 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\F6E68549.exe
[2010/06/25 19:22:09 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\441CC720.exe
[2010/06/25 19:22:08 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\9258704E.exe
[2010/06/24 00:12:15 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\D59DD1EF.exe
[2010/06/23 16:28:20 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\3D1AB9A9.exe
[2010/06/23 16:19:58 | 000,939,956 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\7z465.exe
[2010/06/23 04:28:55 | 000,284,915 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2010/06/23 01:08:07 | 000,001,778 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/06/23 00:43:10 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/06/22 20:42:09 | 000,007,680 | ---- | C] () -- C:\WINDOWS\14359296.exe
[2010/06/22 20:42:09 | 000,000,076 | ---- | C] () -- C:\WINDOWS\14359296.dat
[2010/06/22 16:44:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\wupd.dat
[2010/06/22 16:19:41 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2010/06/22 16:19:37 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2010/06/22 16:19:18 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2010/06/22 16:19:14 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2010/06/22 16:18:54 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2010/06/22 16:10:43 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2010/06/22 16:10:42 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2010/06/22 16:10:27 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2010/06/22 16:01:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010/06/22 16:00:59 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010/06/22 16:00:59 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010/06/22 16:00:58 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010/06/22 16:00:57 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010/06/22 16:00:57 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010/06/22 16:00:57 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010/06/22 16:00:56 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010/06/22 16:00:41 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010/06/22 16:00:35 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/06/22 14:30:29 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/06/22 14:20:18 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/06/22 14:20:18 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/06/22 14:20:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/06/22 14:20:18 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/06/22 14:11:48 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\kr_done1
[2010/06/22 05:37:55 | 000,002,524 | ---- | C] () -- C:\WINDOWS\udulupav.dll
[2010/06/22 05:19:29 | 000,002,524 | ---- | C] () -- C:\WINDOWS\ihovokom.dll
[2010/06/22 03:18:25 | 000,002,524 | ---- | C] () -- C:\WINDOWS\ocahowobozeyes.dll
[2010/06/22 02:55:59 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Gbuxuq.dat
[2010/06/22 02:55:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pkexevihep.bin
[2010/06/21 07:32:43 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/06/12 15:28:10 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/12/23 13:53:30 | 001,683,612 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\prvlcl.dat
[2009/12/18 04:14:15 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL
[2009/12/12 04:44:50 | 000,001,062 | ---- | C] () -- C:\WINDOWS\TLMSTUDENT.INI
[2009/12/12 04:44:48 | 000,000,826 | ---- | C] () -- C:\WINDOWS\SSCE.INI
[2009/12/03 22:58:48 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\xobni_installer_updater.log
[2009/11/05 22:14:42 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/08/07 22:51:34 | 000,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/05/31 00:10:00 | 005,117,087 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\data.pck
[2009/05/31 00:09:59 | 002,936,832 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\CabalMain.exe
[2009/05/02 17:16:45 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\CommandDispatchers.xml
[2009/05/02 17:16:39 | 000,001,372 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\cleaner-config.xml
[2009/01/24 18:41:17 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/12/21 23:58:39 | 000,014,705 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\hs_err_pid3580.log
[2008/08/09 16:35:20 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat
[2008/08/09 16:35:17 | 000,057,344 | -H-- | C] () -- C:\Documents and Settings\Admin\ntuser.dat.LOG
[2008/08/09 16:35:17 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Admin\ntuser.ini
[2008/08/09 16:35:16 | 001,048,576 | ---- | C] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2008/07/10 21:42:41 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2008/05/21 17:24:08 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Guest.ERIC\Local Settings\Application Data\fusioncache.dat
[2008/05/21 17:24:05 | 001,835,008 | ---- | C] () -- C:\Documents and Settings\Guest.ERIC\NTUSER.DAT
[2008/05/21 17:24:05 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Guest.ERIC\ntuser.dat.LOG
[2008/05/21 17:24:05 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Guest.ERIC\ntuser.ini
[2008/04/17 18:58:50 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2008/04/17 18:58:45 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2008/04/17 18:58:44 | 016,252,928 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2008/04/17 18:58:44 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG
[2007/07/22 16:54:22 | 000,001,816 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2007/05/03 22:51:02 | 000,000,052 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2006/12/19 16:19:12 | 000,000,027 | ---- | C] () -- C:\WINDOWS\9DSetup.ini
[2006/11/19 22:21:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/11/18 16:12:44 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/09 16:04:56 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/17 10:32:01 | 000,003,050 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM1.DLL
[2006/08/27 04:49:13 | 000,043,004 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/08/27 04:49:13 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/08/27 04:38:17 | 000,006,633 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/08/27 04:38:17 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/18 01:28:21 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/18 01:28:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/18 01:07:30 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/18 01:02:11 | 000,014,315 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/18 01:02:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/18 00:59:20 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/18 00:56:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/18 00:45:53 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/18 00:45:15 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/18 00:30:33 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/18 00:28:18 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/06/18 00:27:01 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/06/18 00:27:01 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/18 00:25:32 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/18 00:08:13 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/06/18 00:05:31 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/18 00:05:31 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/18 00:05:13 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/18 00:02:12 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2006/06/18 00:02:11 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2006/06/18 00:02:11 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2006/06/18 00:02:10 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2006/06/18 00:02:10 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2006/06/18 00:02:10 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2006/03/17 20:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 00:17:36 | 001,048,576 | ---- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2005/08/31 00:17:36 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2005/08/31 00:17:36 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 02:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/10 00:00:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\wroFrne.dll
[2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/11/05 10:45:12 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\bb-run.sys
[2001/07/07 01:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2008/08/09 16:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Lightning Download
[2008/07/19 15:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest.ERIC\Application Data\Lightning Download
[2010/05/30 20:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest.ERIC\Application Data\Opera
[2010/07/12 00:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/07/11 06:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/07/10 12:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/07/11 18:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/07/06 00:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/07/12 03:33:59 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========

< End of report >

Re: Google Redirecting Malware13th July 2010, 3:38 am

Please run OTLPE

Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

:otl
DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\EagleNT.sys -- (EagleNT)
O4 - HKU\Guest.ERIC_ON_C..\Run: [Mqoganapiqifep] C:\WINDOWS\iwufazeqeq.DLL (MainConcept GmbH)
O4 - HKU\HP_Administrator_ON_C..\Run: [Kmozafeyutezezuq] C:\WINDOWS\wroFrne.DLL ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Jhjxm = rundll32 "C:\WINDOWS\system32\12520437Z.dll",NZOHMSFAFN File not found
O7 - HKU\HP_Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
[2010/06/30 06:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{30A770C9-F875-44F8-AF80-3147BCCFD89A}
[2010/07/11 17:26:19 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Gbuxuq.dat
[2010/07/11 17:26:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Pkexevihep.bin
[2010/06/25 19:22:13 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\3D1AB9A9.exe
[2010/06/25 19:22:12 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\441CC720.exe
[2010/06/25 19:22:09 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\F6E68549.exe
[2010/06/25 19:22:08 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\9258704E.exe
[2010/06/24 00:12:15 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\D59DD1EF.exe
[2010/06/23 18:56:59 | 000,000,097 | ---- | M] () -- C:\WINDOWS\wroFrne.dll
[2010/06/22 20:42:09 | 000,007,680 | ---- | M] () -- C:\WINDOWS\14359296.exe
[2010/06/22 20:42:09 | 000,000,076 | ---- | M] () -- C:\WINDOWS\14359296.dat
[2010/06/22 14:30:29 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/06/22 05:37:55 | 000,002,524 | ---- | M] () -- C:\WINDOWS\udulupav.dll
[2010/06/22 05:19:29 | 000,002,524 | ---- | M] () -- C:\WINDOWS\ihovokom.dll
[2010/06/22 03:18:25 | 000,002,524 | ---- | M] () -- C:\WINDOWS\ocahowobozeyes.dll

:commands
[emptytemp]
[reboot]
Then click the Run Fix button at the top.
Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

Re: Google Redirecting Malware15th July 2010, 8:06 am

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\EagleNT deleted successfully.
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\EagleNT.sys not found.
Registry value HKEY_USERS\Guest.ERIC_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Mqoganapiqifep deleted successfully.
C:\WINDOWS\iwufazeqeq.dll moved successfully.
Registry value HKEY_USERS\HP_Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Kmozafeyutezezuq deleted successfully.
C:\WINDOWS\wroFrne.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Jhjxm deleted successfully.
Registry value HKEY_USERS\HP_Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{30A770C9-F875-44F8-AF80-3147BCCFD89A}\chrome\content folder moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{30A770C9-F875-44F8-AF80-3147BCCFD89A}\chrome folder moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{30A770C9-F875-44F8-AF80-3147BCCFD89A} folder moved successfully.
C:\WINDOWS\Gbuxuq.dat moved successfully.
C:\WINDOWS\Pkexevihep.bin moved successfully.
C:\WINDOWS\system32\3D1AB9A9.exe moved successfully.
C:\WINDOWS\system32\441CC720.exe moved successfully.
C:\WINDOWS\system32\F6E68549.exe moved successfully.
C:\WINDOWS\system32\9258704E.exe moved successfully.
C:\WINDOWS\system32\D59DD1EF.exe moved successfully.
File C:\WINDOWS\wroFrne.dll not found.
C:\WINDOWS\14359296.exe moved successfully.
C:\WINDOWS\14359296.dat moved successfully.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd moved successfully.
C:\WINDOWS\udulupav.dll moved successfully.
C:\WINDOWS\ihovokom.dll moved successfully.
C:\WINDOWS\ocahowobozeyes.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 1694205 bytes
->Temporary Internet Files folder emptied: 3825760 bytes
->FireFox cache emptied: 47202092 bytes
->Flash cache emptied: 2040 bytes

User: Administrator
->Temp folder emptied: 31612 bytes
->Temporary Internet Files folder emptied: 107242 bytes

User: All Users

User: asdf
->Temp folder emptied: 62869 bytes
->Temporary Internet Files folder emptied: 117730 bytes

User: Default User
->Temp folder emptied: 31612 bytes
->Temporary Internet Files folder emptied: 107242 bytes
->Flash cache emptied: 41620 bytes

User: Eric
->Temp folder emptied: 1697449091 bytes
->Temporary Internet Files folder emptied: 1039595342 bytes
->Java cache emptied: 11488526 bytes
->FireFox cache emptied: 56799523 bytes
->Flash cache emptied: 162823 bytes

User: Guest
->Temp folder emptied: 2197195 bytes
->Temporary Internet Files folder emptied: 16037480 bytes
->Java cache emptied: 2343343 bytes
->FireFox cache emptied: 25629645 bytes
->Flash cache emptied: 942 bytes

User: Guest.ERIC
->Temp folder emptied: 746745 bytes
->Temporary Internet Files folder emptied: 232228197 bytes
->Java cache emptied: 424064 bytes
->FireFox cache emptied: 52118352 bytes
->Flash cache emptied: 3998 bytes

User: HP_Administrator
->Temp folder emptied: 741997325 bytes
->Temporary Internet Files folder emptied: 2031755 bytes
->Java cache emptied: 423450 bytes
->FireFox cache emptied: 102783808 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 86841 bytes

User: LocalService
->Temp folder emptied: 66252 bytes
->Temporary Internet Files folder emptied: 18409579 bytes
->Flash cache emptied: 5561 bytes

User: NetworkService
->Temp folder emptied: 792828 bytes
->Temporary Internet Files folder emptied: 34340344 bytes
->Java cache emptied: 28614 bytes
->FireFox cache emptied: 2278961 bytes
->Flash cache emptied: 52822 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 498655 bytes
%systemroot%\System32 .tmp files removed: 14723985 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 117780558 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 49519276 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 127561 bytes

Total Files Cleaned = 4,078.00 mb

Re: Google Redirecting Malware15th July 2010, 6:58 pm

Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.

Double-click mbr.exe to start the program.
When done scanning, it will save a log on the Desktop called mbr.log.
Please post the contents of that log in your next reply.

Re: Google Redirecting Malware15th July 2010, 10:26 pm

Seems all my programs are being seen as a file that I have to open with some other program, including this one. So I tried right clicking and starting it and it seemed to work at first, but this all the log file gave back.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Re: Google Redirecting Malware17th July 2010, 6:06 pm

The redirects still continue?

Re: Google Redirecting Malware18th July 2010, 6:28 am

Yes, the redirects are still continuing along with random tab openings.

Re: Google Redirecting Malware18th July 2010, 6:57 pm

Let's look at something.

Please download Rooter and Save it to your desktop

Double click it to start the tool.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

Re: Google Redirecting Malware19th July 2010, 1:48 am

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 39 Stepping 1, AuthenticAMD
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 6.0.2900.5512
Mozilla Firefox 3.6.6 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:224 Go - Free:41 Go )
D:\ [Fixed-FAT32] .. ( Total:8 Go - Free:0 Go )
E:\ [Removable]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
.
Scan : 21:43.50
Path : C:\Documents and Settings\HP_Administrator\Desktop\Rooter.exe
User : HP_Administrator ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (588)
______ \??\C:\WINDOWS\system32\csrss.exe (852)
______ \??\C:\WINDOWS\system32\winlogon.exe (880)
______ C:\WINDOWS\system32\services.exe (924)
______ C:\WINDOWS\system32\lsass.exe (936)
______ C:\WINDOWS\system32\nvsvc32.exe (1116)
______ C:\WINDOWS\system32\svchost.exe (1148)
______ C:\WINDOWS\system32\svchost.exe (1228)
______ C:\WINDOWS\System32\svchost.exe (1320)
______ C:\WINDOWS\system32\svchost.exe (1404)
______ C:\WINDOWS\system32\spoolsv.exe (1620)
______ C:\WINDOWS\system32\svchost.exe (1768)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1796)
______ C:\WINDOWS\arservice.exe (1808)
______ C:\Program Files\AskBarDis\bar\bin\AskService.exe (1876)
______ C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe (1900)
______ C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (1920)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1952)
______ C:\WINDOWS\eHome\ehRecvr.exe (2028)
______ C:\WINDOWS\eHome\ehSched.exe (628)
______ C:\Program Files\Java\jre6\bin\jqs.exe (688)
______ C:\Program Files\Common Files\LightScribe\LSSrvc.exe (752)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (1040)
______ C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (1296)
______ C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (1364)
______ C:\WINDOWS\system32\svchost.exe (1432)
______ C:\WINDOWS\system32\wuauclt.exe (1640)
______ C:\WINDOWS\system32\dllhost.exe (2352)
______ C:\WINDOWS\Explorer.EXE (3084)
______ C:\WINDOWS\System32\alg.exe (3160)
______ C:\Program Files\Mozilla Firefox\firefox.exe (3016)
______ C:\Program Files\Mozilla Firefox\plugin-container.exe (3800)
______ C:\Documents and Settings\HP_Administrator\Desktop\Rooter.exe (304)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:240596181504)
\Device\Harddisk0\Partition2 (Start_Offset:240603955200 | Length:9452298240)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2239381086-1206112939-3159093799-1008Core.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2239381086-1206112939-3159093799-1008UA.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\SmartDefrag.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 21:44.06

Re: Google Redirecting Malware19th July 2010, 6:02 am

Download MBRCheck to your desktop.

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

Re: Google Redirecting Malware20th July 2010, 10:03 am

Eh this is all I got.

MBRCheck, version 1.1.1

(c) 2010, AD

\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Error reading raw MBR!

Re: Google Redirecting Malware20th July 2010, 6:54 pm

Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.

Double-click mbr.exe to start the program.
When done scanning, it will save a log on the Desktop called mbr.log.
Please post the contents of that log in your next reply.

Re: Google Redirecting Malware21st July 2010, 2:32 am

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Re: Google Redirecting Malware21st July 2010, 3:37 am

Please open Command Prompt (Start > Run and type CMD and press OK [Vista/7: Start search: CMD and press enter])
Enter the following in to the black box, pressing enter after each line:

Code:

mbr -t

exit

Post a log (MBR.log).

Re: Google Redirecting Malware21st July 2010, 8:44 am

I get back that it doesn't recognize what I put in as a recognizable external or internal command.

Re: Google Redirecting Malware21st July 2010, 9:04 am

Ok. Make sure mbr.exe is on your Desktop then try this:

Please open Command Prompt (Start > Run and type CMD and press OK [Vista/7: Start search: CMD and press enter])
Enter the following in to the black box, pressing enter after each line:

Code:

cd %userprofile%\desktop

mbr.exe -t

exit

Post a log (MBR.log).

Re: Google Redirecting Malware22nd July 2010, 6:46 am

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8B307EC5]<<
kernel: MBR read successfully
user & kernel MBR OK

Re: Google Redirecting Malware22nd July 2010, 7:21 am

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL C
Open a Notepad and press CTRL V
Post the output back here.

Re: Google Redirecting Malware22nd July 2010, 7:45 am

I get back "Unknown boot code has been found on some of your physical disks"

Re: Google Redirecting Malware22nd July 2010, 6:56 pm

Please post the log from it, so I may see which ones are infected.

Re: Google Redirecting Malware23rd July 2010, 1:08 am

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 53b87386f68c4cb2306da5ba771dbe8b
\\.\D: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix

Re: Google Redirecting Malware23rd July 2010, 6:06 am

Please open Notepad and enter in the following:

@echo off
start remover.exe fix \.\PhysicalDrive0
exit

Then, click File > Save as...
Save as remove.bat to the same location as remover.exe.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on remove.bat.

Please re-run remover.exe and post a new log in your next reply.

Re: Google Redirecting Malware23rd July 2010, 6:42 am

I got this from remove.bat:

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

CreateFile() ERROR 2
ERROR: Can't open physical disk device.

And I'm still getting this from remover.exe:

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 53b87386f68c4cb2306da5ba771dbe8b
\\.\D: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix

Re: Google Redirecting Malware23rd July 2010, 6:48 am

Do you have an XP cd?

Re: Google Redirecting Malware23rd July 2010, 6:49 am

Yes I do.

Re: Google Redirecting Malware23rd July 2010, 6:51 am

Reboot your computer.

Boot from the windows XP CD, press the "R" key in the setup in order to start the Recovery Console.

Select your windows XP installation from the list (usually 1). It will prompt for an administrator password. The password is probably blank, so just hit enter.

Enter the command: fixmbr at the input prompt and confirm the next question with a Y.

It should then reboot the computer. If it does not, then type exit.

Boot back in to the Normal XP.

=================

After that, post a new Bootkit Remover log.

Re: Google Redirecting Malware23rd July 2010, 7:09 am

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd
\\.\D: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Re: Google Redirecting Malware23rd July 2010, 7:10 am

Good. Anymore redirects?

Re: Google Redirecting Malware23rd July 2010, 7:26 am

Yes, actually. I'm still getting redirects.

Re: Google Redirecting Malware23rd July 2010, 6:35 pm

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Re: Google Redirecting Malware24th July 2010, 7:55 am

GooredFix by jpshortstuff (03.07.10.1)
Log created at 00:54 on 24/07/2010 (HP_Administrator)
Firefox version 3.6.7 (en-US)

========== GooredScan ==========

Removing Orphan:
"{30A770C9-F875-44F8-AF80-3147BCCFD89A}"="C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{30A770C9-F875-44F8-AF80-3147BCCFD89A}" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:50 07/12/2009]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [22:59 23/07/2007]

C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7x8fv31u.default\extensions\
personas@christopher.beard [03:57 14/05/2010]
{20a82645-c095-46ed-80e3-08825760534b} [20:53 27/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [22:38 07/02/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [09:57 24/04/2010]

---------- Old Logs ----------
GooredFix[22.29.29_29-06-2010].txt

-=E.O.F=-

Re: Google Redirecting Malware25th July 2010, 10:14 am

1. Click Start, click Run, type sigverif, and then click OK.

2. Click Advanced, click Look for other files that are not digitally signed, navigate to the Winnt\System32\Drivers folder, and then click OK.

3. Click Start.

4. After it has finished running, navigate to C:\Windows\Sigverify.txt, open it and post the contents of the log here.

Re: Google Redirecting Malware25th July 2010, 11:34 am

********************************

Microsoft Signature Verification

Log file generated on 7/25/2010 at 4:33 AM
OS Platform: Windows 2000 (x86), Version: 5.1, Build: 2600, CSDVersion: Service Pack 3
Scan Results: Total Files: 336, Signed: 323, Unsigned: 10, Not Scanned: 3

User-specified search path: *.*
User-specified search pattern: C:\WINDOWS\system32\drivers

File Modified Version Status Catalog Signed By
------------------ ------------ ----------- ------------ ----------- -------------------
[c:\windows\system32\drivers]
103c_hp_cpc_rb103aa- 4/17/2008 None Not Signed N/A
1394bus.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
acpi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
acpiec.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
adv01nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv02nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv05nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv07nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv08nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv09nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv11nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
aec.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
afd.sys 8/14/2008 2:5.1 Signed KB956803.cat Microsoft Windows Component Publisher
agp440.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
agpcpq.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
alim1541.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
amdagp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
amdk6.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
amdk7.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
amdk8.sys 3/9/2005 2:5.1,2:5.2 Signed oem9.CAT Microsoft Windows Publisher
aracpi.sys 8/2/2005 2:5.0,2:5.1,2:5.2 Signed AwayMode160.cat Microsoft Windows Publisher
arhidfltr.sys 8/2/2005 2:5.0,2:5.1,2:5.2 Signed AwayMode160.cat Microsoft Windows Publisher
arkbcfltr.sys 8/2/2005 2:5.0,2:5.1,2:5.2 Signed AwayMode160.cat Microsoft Windows Publisher
armoucfltr.sys 8/2/2005 2:5.0,2:5.1,2:5.2 Signed AwayMode160.cat Microsoft Windows Publisher
arp1394.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
arpolicy.sys 8/2/2005 2:5.0,2:5.1,2:5.2 Signed AwayMode160.cat Microsoft Windows Publisher
asyncmac.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atapi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1btxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1mdxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1pdxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1raxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1rvxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1snxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1ttxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1tuxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1xbxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1xsxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati2mtaa.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati2mtag.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinbtxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinmdxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinpdxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinraxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinrvxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinsnxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinttxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atintuxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinxbxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinxsxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ativmc20.cod 7/17/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atksgt.sys 7/8/2010 None Signed N/A Tages SA
atmarpc.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atmepvc.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
atmlane.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atmuni.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
atv01nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atv02nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atv04nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atv06nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atv10nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
audstub.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
bantext.sys 2/27/2008 None Not Signed N/A
bb-run.sys 11/5/2003 2:5.1 Signed oem0.CAT Microsoft Windows Hardware Compatibility Publisher
beep.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
bridge.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthenum.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthmodem.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthpan.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthport.sys 6/13/2008 2:5.1 Signed KB951376-v2.cat Microsoft Windows Component Publisher
bthprint.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthusb.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cbidf2k.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ccdecode.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cdaudio.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
cdfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cdr4_xp.sys 8/19/2005 8.0.0.212 Not Signed N/A
cdralw2k.sys 8/19/2005 8.0.0.212 Not Signed N/A
ch7xxnt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cinemst2.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
classpnp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cpqdap01.sys 8/10/2004 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
crusoe.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cxthsfs2.cty 7/17/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
diag69xp.sys 1/20/2006 1.142.524.2004 Not Signed N/A
disk.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
diskdump.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dmboot.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dmio.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dmload.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
dmusic.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
drmk.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
drmkaud.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dxapi.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
dxg.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dxgthk.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
enum1394.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
fastfat.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
fdc.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
fips.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
flpydisk.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
fltmgr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
fsvga.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
fs_rec.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ftdisk.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ftsata2.sys 6/29/2005 2:5.1 Signed oem0.CAT Microsoft Windows Hardware Compatibility Publisher
gagp30kx.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
gearaspiwdm.sys 5/18/2009 2:5.00,2:5.1,2:5.2,2Signed oem141.CAT Microsoft Windows Hardware Compatibility Publisher
gm.dls 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
gmreadme.txt 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
hcwfalcn.rom 1/17/2005 2:5.1 Signed oem10.CAT Microsoft Windows Hardware Compatibility Publisher
hcwmakob.rom 4/20/2005 2:5.1 Signed oem10.CAT Microsoft Windows Hardware Compatibility Publisher
hcwmakoc.rom 2/9/2006 2:5.1 Signed oem10.CAT Microsoft Windows Hardware Compatibility Publisher
hcwpp2.sys 4/13/2006 2:5.1 Signed oem10.CAT Microsoft Windows Hardware Compatibility Publisher
hdaudbus.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hdaudio.sys 1/8/2005 2:5.1 Signed KB888111WXPSP2.cat Microsoft Windows XP Publisher
hidbth.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidclass.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidir.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidparse.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidserv.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidusb.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hitmanpro35.sys 6/29/2010 None Signed N/A SurfRight B.V.
hsfbs2s2.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hsfcxts2.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hsfdpsp2.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hsfprof.cty 12/6/2005 2:5.1 Signed oem8.CAT Microsoft Windows Hardware Compatibility Publisher
hsxhwbs2.sys 12/6/2005 2:5.1 Signed oem8.CAT Microsoft Windows Hardware Compatibility Publisher
hsx_cnxt.sys 12/6/2005 2:5.1 Signed oem8.CAT Microsoft Windows Hardware Compatibility Publisher
hsx_dp.sys 12/6/2005 2:5.1 Signed oem8.CAT Microsoft Windows Hardware Compatibility Publisher
http.sys 10/20/2009 2:5.1 Signed KB970430.cat Microsoft Windows Component Publisher
i8042prt.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
iastor.sys 6/17/2005 2:5.00,2:5.1,2:5.2 Signed oem1.CAT Microsoft Windows Hardware Compatibility Publisher
imapi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
intelide.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
intelppm.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ip6fw.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ipfltdrv.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ipinip.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ipnat.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ipsec.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
irbus.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
irenum.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
isapnp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
kbdclass.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
kbdhid.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
kmixer.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ks.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ksecdd.sys 6/24/2009 2:5.1 Signed KB968389.cat Microsoft Windows Component Publisher
lirsgt.sys 7/8/2010 None Signed N/A Tages SA
mbam.sys 4/29/2010 None Signed N/A Malwarebytes Corporation
mbamswissarmy.sys 4/29/2010 None Signed N/A Malwarebytes Corporation
mcd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
mdmxsdk.sys 10/5/2005 2:5.1 Signed oem8.CAT Microsoft Windows Hardware Compatibility Publisher
mf.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mhndrv.sys 8/10/2004 5.1.2600.2180 Not Signed N/A
mnmdd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
modem.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mouclass.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mouhid.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
mountmgr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mqac.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mrxdav.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mrxsmb.sys 2/24/2010 2:5.1 Signed KB980232.cat Microsoft Windows Component Publisher
msfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
msgpc.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mskssrv.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mspclock.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mspqm.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mssmbios.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mstee.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mtlmnt5.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mtlstrm.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mtxparhm.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mup.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mutohpen.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nabtsfec.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndis.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndisip.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndistapi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndisuio.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndiswan.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndproxy.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
netbios.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
netbt.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
netwlan5.img 7/17/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nic1394.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nikedrv.sys 8/10/2004 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
nmnt.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
npfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ntfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ntmtlfax.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nuidfltr.sys 5/9/2009 2:5.1,2:6.0,2:6.1 Signed oem142.CAT Microsoft Windows Hardware Compatibility Publisher
null.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nv4_mini.sys 4/3/2010 2:5.00,2:5.1 Signed oem143.CAT Microsoft Windows Hardware Compatibility Publisher
nvenetfd.sys 3/3/2006 2:5.00,2:5.1 Signed oem134.CAT Microsoft Windows Hardware Compatibility Publisher
nvgts.sys 8/18/2008 2:5.00,2:5.1 Signed oem138.CAT Microsoft Windows Hardware Compatibility Publisher
nvnetbus.sys 3/3/2006 2:5.00,2:5.1 Signed oem133.CAT Microsoft Windows Hardware Compatibility Publisher
nvnrm.sys 3/3/2006 2:5.00,2:5.1 Signed oem133.CAT Microsoft Windows Hardware Compatibility Publisher
nvsnpu.sys 3/3/2006 2:5.00,2:5.1 Signed oem133.CAT Microsoft Windows Hardware Compatibility Publisher
nvtcp.sys 3/3/2006 1.0.0.5024 Not Signed N/A
nwlnkflt.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nwlnkfwd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nwlnkipx.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nwlnknb.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nwlnkspx.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nwrdr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ohci1394.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
oprghdlr.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
p3.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
parport.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
partmgr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
parvdm.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
pcdrndisuio.sys 2/2/2006 5.1.2600.2180 Not Signed N/A
pci.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
pciide.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
pciidex.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
pcmcia.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
point32.sys 6/10/2008 2:5.00,2:5.1,2:5.2 Signed oem6.CAT Microsoft Windows Hardware Compatibility Publisher
portcls.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
processr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ps2.sys 12/12/2005 2:5.1 Signed oem107.CAT Microsoft Windows Hardware Compatibility Publisher
psched.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
psinaflt.sys 10/30/2009 None Signed N/A Panda Security S.L
psinfile.sys 10/13/2009 None Signed N/A Panda Security S.L
psinknc.sys 10/13/2009 None Signed N/A Panda Security S.L
psinproc.sys 10/13/2009 None Signed N/A Panda Security S.L
ptilink.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
pxhelp20.sys 8/19/2005 3.0.9.0 Not Signed N/A
rasacd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rasl2tp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
raspppoe.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
raspptp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
raspti.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rawwan.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rdbss.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rdpcdd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rdpdr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rdpwd.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
recagent.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
redbook.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rfcomm.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rio8drv.sys 8/10/2004 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
riodrv.sys 8/10/2004 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
rmcast.sys 5/8/2008 2:5.1 Signed KB950762.cat Microsoft Windows Component Publisher
rndismp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rndismpx.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rootmdm.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rtkhdaud.sys 2/11/2009 2:5.00,2:5.1 Signed oem150.CAT Microsoft Windows Hardware Compatibility Publisher
rtl8139.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
s3gnbm.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
scsiport.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sdbus.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
secdrv.sys 11/13/2007 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
serenum.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
serial.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sffdisk.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sffp_mmc.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sffp_sd.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sfloppy.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
siint5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sisagp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slip.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slnt7554.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slntamr.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slnthal.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slwdmsup.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
smbali.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
smclib.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
sonydcam.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
splitter.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
srv.sys 12/31/2009 2:5.1 Signed KB971468.cat Microsoft Windows Component Publisher
stream.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
streamip.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
swenum.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
swmidi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sysaudio.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tape.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tcpip.sys 6/20/2008 2:5.1 Signed KB951748.cat Microsoft Windows Component Publisher
tcpip6.sys 2/11/2010 2:5.1 Signed KB978338.cat Microsoft Windows Component Publisher
tdi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tdpipe.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tdtcp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
termdd.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tosdvd.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
tsbvcap.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
tunmp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
uagp35.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
udfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
update.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usb8023.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usb8023x.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbaudio.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbcamd.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbcamd2.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbccgp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
usbehci.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbhub.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbintel.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbkey.sys 2/2/2006 None Not Signed N/A
usbohci.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbport.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbprint.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbscan.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbstor.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbuhci.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbvideo.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
vchnt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
vdmindvd.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
vga.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
viaagp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
viaide.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
videoprt.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
volsnap.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wacompen.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wadv07nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wadv08nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wadv09nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wadv11nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wanarp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
watv06nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
watv10nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wdf01000.sys 11/2/2006 2:5.0,2:5.1,2:5.2 Signed Wdf01005.cat Microsoft Windows Component Publisher
wdfldr.sys 11/2/2006 2:5.0,2:5.1,2:5.2 Signed Wdf01005.cat Microsoft Windows Component Publisher
wdmaud.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wmilib.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
wpdusb.sys 10/18/2006 2:5.1 Signed WMFDist11.cat Microsoft Windows Component Publisher
ws2ifsl.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
wstcodec.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wudfpf.sys 9/28/2006 2:5.1,2:5.2 Signed Wudf01000.cat Microsoft Windows
wudfrd.sys 9/28/2006 2:5.1,2:5.2 Signed Wudf01000.cat Microsoft Windows

Unscanned Files:
------------------
[c:\windows\system32\drivers]
msftwdf_kernel_01005msft_kernel_nuidfltrsptd.sys The process cannot access the file because it is being used by another process.

Google Redirecting Malware

descriptionRe: Google Redirecting Malware1st July 2010, 4:39 pm

descriptionRe: Google Redirecting Malware5th July 2010, 2:16 am

descriptionRe: Google Redirecting Malware5th July 2010, 5:13 am

descriptionRe: Google Redirecting Malware9th July 2010, 6:26 am

descriptionRe: Google Redirecting Malware9th July 2010, 8:30 pm

descriptionRe: Google Redirecting Malware10th July 2010, 4:47 am

descriptionRe: Google Redirecting Malware10th July 2010, 6:28 pm

descriptionRe: Google Redirecting Malware12th July 2010, 4:20 am

descriptionRe: Google Redirecting Malware12th July 2010, 4:48 am

descriptionRe: Google Redirecting Malware12th July 2010, 4:50 am

descriptionRe: Google Redirecting Malware12th July 2010, 4:51 am

descriptionRe: Google Redirecting Malware12th July 2010, 5:04 am

descriptionRe: Google Redirecting Malware12th July 2010, 5:07 am

descriptionRe: Google Redirecting Malware12th July 2010, 5:27 am

descriptionRe: Google Redirecting Malware12th July 2010, 5:28 am

descriptionRe: Google Redirecting Malware12th July 2010, 5:31 am

descriptionRe: Google Redirecting Malware12th July 2010, 8:07 am

descriptionRe: Google Redirecting Malware12th July 2010, 8:09 am

descriptionRe: Google Redirecting Malware13th July 2010, 3:38 am

descriptionRe: Google Redirecting Malware15th July 2010, 8:06 am

descriptionRe: Google Redirecting Malware15th July 2010, 6:58 pm

descriptionRe: Google Redirecting Malware15th July 2010, 10:26 pm

descriptionRe: Google Redirecting Malware17th July 2010, 6:06 pm

descriptionRe: Google Redirecting Malware18th July 2010, 6:28 am

descriptionRe: Google Redirecting Malware18th July 2010, 6:57 pm

descriptionRe: Google Redirecting Malware19th July 2010, 1:48 am

descriptionRe: Google Redirecting Malware19th July 2010, 6:02 am

descriptionRe: Google Redirecting Malware20th July 2010, 10:03 am

descriptionRe: Google Redirecting Malware20th July 2010, 6:54 pm

descriptionRe: Google Redirecting Malware21st July 2010, 2:32 am

descriptionRe: Google Redirecting Malware21st July 2010, 3:37 am

descriptionRe: Google Redirecting Malware21st July 2010, 8:44 am

descriptionRe: Google Redirecting Malware21st July 2010, 9:04 am

descriptionRe: Google Redirecting Malware22nd July 2010, 6:46 am

descriptionRe: Google Redirecting Malware22nd July 2010, 7:21 am

descriptionRe: Google Redirecting Malware22nd July 2010, 7:45 am

descriptionRe: Google Redirecting Malware22nd July 2010, 6:56 pm

descriptionRe: Google Redirecting Malware23rd July 2010, 1:08 am

descriptionRe: Google Redirecting Malware23rd July 2010, 6:06 am

descriptionRe: Google Redirecting Malware23rd July 2010, 6:42 am

descriptionRe: Google Redirecting Malware23rd July 2010, 6:48 am

descriptionRe: Google Redirecting Malware23rd July 2010, 6:49 am

descriptionRe: Google Redirecting Malware23rd July 2010, 6:51 am

descriptionRe: Google Redirecting Malware23rd July 2010, 7:09 am

descriptionRe: Google Redirecting Malware23rd July 2010, 7:10 am

descriptionRe: Google Redirecting Malware23rd July 2010, 7:26 am

descriptionRe: Google Redirecting Malware23rd July 2010, 6:35 pm

descriptionRe: Google Redirecting Malware24th July 2010, 7:55 am

descriptionRe: Google Redirecting Malware25th July 2010, 10:14 am

descriptionRe: Google Redirecting Malware25th July 2010, 11:34 am

descriptionRe: Google Redirecting Malware