Apache Malware Spyware or virus

vaioman · October 4, 2010

Hello all,

I am glad to have become a member of the forum! As a avid computer user, I've always made sure to browse safely using Firefox inconjuction with "add-on" scripts to prevent such attacks... but recently; I've been experiencing strange actions from All web browsers that I have installed on my laptop. Here is the issue:

I use both Firefox and Google chrome and ever time I try I attempt to log onto www.amazon.com, facebook.com, I get this strange Apache server page / CentOS!? The message: "This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page it means that the Apache HTTP server installed at this site is working properly. Apache 2 Test Page| powered by CentOS" Personally i do not use my computer as a server/host machine. Also, when i try going to or depositefiles.com, I am given a forbidden message. :cry

The odd thing about the entire issue is that when I use a free proxy anonymizer to hide my ip, Both sites work perfectly fine. :confused

I thank you very much for assisting me with this odd issue. Here is my log file and a picture-link (http://img825.imageshack.us/img825/5029/33119517.jpg) of the error page posted.

Thanks

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:47:11 AM, on 10/4/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe

C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Users\Lawdy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Users\Lawdy\AppData\Local\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL

O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: 2nd &Speech Center - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\PROGRA~1\2NDSPE~1\tts4ie.dll

O3 - Toolbar: Alive Text to Speech - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\PROGRA~1\ALIVEM~1\TEXTTO~1\IETOOL~1.DLL

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll

O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [iME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\OfflineExplorer\Add_UrlO.htm

O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\OfflineExplorer\Add_AllO.htm

O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html

O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - http://content.systemrequirementslab...l_4.1.66.0.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe

O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (file missing)

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 8028 bytes

HiJacklog.txt

Elise · October 4, 2010

Hello ,

And My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

Please download OTL from one of the following mirrors:
- This is THE Mirror
[*]Save it to your desktop.
[*]Double click on the icon on your desktop.
[*]Click the "Scan All Users" checkbox.
[*]Push the Quick Scan button.
[*]Two reports will open, copy and paste them in a reply here:
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

Double-click on RKUnhookerLE to run it
Click the Report tab, then click Scan
Check Drivers, Stealth and uncheck the rest
Click OK
Wait until it's finished and then go to File > Save Report
Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

A detailed description of your problems
A new OTL log (don't forget extra.txt)
RKU log

Thanks and again sorry for the delay.

vaioman · October 4, 2010

Thank you Elise. I've copied the Report from RKUnhookerLE. Currently waiting for OTL to finish still:

RKUnhookerLE Report:

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows 7

Version 6.1.7600

Number of processors #2

==============================================

>Drivers

==============================================

0x8F639000 C:\Windows\system32\DRIVERS\igdkmd32.sys 5230592 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)

0x8FC11000 C:\Windows\system32\DRIVERS\netw5v32.sys 4272128 bytes (Intel Corporation, Intel

vaioman · October 4, 2010

OTL Report:

OTL logfile created on: 10/4/2010 5:55:06 PM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Lawdy\Downloads

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 90.45 Gb Total Space | 22.72 Gb Free Space | 25.12% Space Free | Partition Type: NTFS

Drive D: | 134.31 Gb Total Space | 88.96 Gb Free Space | 66.24% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: LAWDY-PC

Current User Name: Lawdy

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/04 17:53:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lawdy\Downloads\OTL (1).exe

PRC - [2010/09/21 01:40:50 | 000,977,976 | ---- | M] (Google Inc.) -- C:\Users\Lawdy\AppData\Local\Google\Chrome\Application\chrome.exe

PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010/04/01 21:13:54 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2010/01/21 01:45:24 | 000,059,760 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEDICTUPDATE.EXE

PRC - [2009/09/12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe

PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2009/05/14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

PRC - [2009/05/08 10:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

PRC - [2008/11/25 12:57:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/09/10 07:11:16 | 000,131,752 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe

PRC - [2008/09/10 07:11:12 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe

PRC - [2008/05/23 08:58:34 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxducoms.exe

========== Modules (SafeList) ==========

MOD - [2010/10/04 17:53:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lawdy\Downloads\OTL (1).exe

MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll

MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll

MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll

MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll

MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll

MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll

MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll

MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll

MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll

MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/04/19 13:42:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)

SRV - [2010/04/17 18:48:06 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010/01/21 01:45:24 | 000,059,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE -- (ImeDictUpdateService)

SRV - [2009/11/19 21:14:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/09/12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)

SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)

SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

SRV - [2009/05/14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)

SRV - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)

SRV - [2008/11/25 12:57:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/05/23 08:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device)

SRV - [2008/05/23 08:58:22 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Lawdy\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2010/07/27 04:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)

DRV - [2010/07/27 04:13:26 | 000,066,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus)

DRV - [2010/07/27 04:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)

DRV - [2010/07/27 04:07:10 | 000,020,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)

DRV - [2010/05/15 15:55:49 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/03/03 19:33:26 | 000,435,736 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)

DRV - [2009/07/26 22:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2009/07/24 16:20:28 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)

DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)

DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)

DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)

DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)

DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)

DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)

DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)

DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)

DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)

DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)

DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)

DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)

DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)

DRV - [2009/07/13 21:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)

DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)

DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)

DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)

DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)

DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)

DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)

DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)

DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)

DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)

DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)

DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)

DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)

DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)

DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)

DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)

DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)

DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)

DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)

DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)

DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)

DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)

DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)

DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)

DRV - [2009/07/13 19:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)

DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)

DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)

DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)

DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)

DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)

DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)

DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)

DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)

DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)

DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)

DRV - [2009/07/13 18:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)

DRV - [2009/07/13 18:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)

DRV - [2009/07/13 18:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)

DRV - [2009/07/13 18:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®

DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)

DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

DRV - [2009/06/10 17:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2009/05/14 15:49:34 | 000,093,312 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)

DRV - [2009/05/14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)

DRV - [2009/05/14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)

DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)

DRV - [2006/06/10 18:19:20 | 000,205,312 | ---- | M] (SoliCall) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\solicall.sys -- (msvad_simple)

DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)

DRV - [2003/12/18 18:53:06 | 000,665,600 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)

DRV - [2003/12/18 18:53:06 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\haspnt.sys -- (haspnt)

DRV - [2001/06/22 05:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)

DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9D 68 9E B9 DF 61 CB 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

*.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.2

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1

FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.6

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8

FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.9

FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.6.0

FF - prefs.js..extensions.enabledItems: {563e4790-7e70-11da-a72b-0800200c9a66}:0.9c

FF - prefs.js..extensions.enabledItems: {e971b650-6098-11da-8cd6-0800200c9a66}:0.6.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/22 19:35:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 03:32:43 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/09/06 15:02:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/06 15:02:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/09/06 15:02:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/04/27 21:06:42 | 000,000,000 | ---D | M]

[2010/05/05 21:50:36 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Extensions

[2010/05/05 21:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}

[2010/06/06 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\4txa7v8x.x3 (2008)\extensions

[2010/07/24 06:11:58 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\4txa7v8x.x3 (2008)\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010/07/24 06:11:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\4txa7v8x.x3 (2008)\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/07/24 06:12:00 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\4txa7v8x.x3 (2008)\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

[2010/07/24 06:12:00 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\4txa7v8x.x3 (2008)\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}

[2010/07/24 06:12:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\4txa7v8x.x3 (2008)\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/07/24 06:12:01 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\4txa7v8x.x3 (2008)\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010/07/24 06:11:58 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\4txa7v8x.x3 (2008)\extensions\mgDownloadHelper@yevgenyandrov.net

[2010/07/24 06:10:00 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions

[2010/07/24 06:12:17 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}

[2010/07/24 06:12:20 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2010/07/24 06:12:20 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}

[2010/05/20 04:44:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/07/24 06:12:20 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010/07/24 06:12:20 | 000,000,000 | ---D | M] (Takuapa) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{9e6ecf40-4690-11dd-ae16-0800200c9a66}

[2010/07/24 06:12:20 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}

[2010/07/24 06:12:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/06/22 12:56:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

[2010/07/24 06:12:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/07/24 06:12:21 | 000,000,000 | ---D | M] (iFox Smooth) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}

[2010/07/24 06:12:21 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2010/07/24 06:12:21 | 000,000,000 | ---D | M] (Whitehart) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}

[2010/07/24 06:12:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010/07/24 06:12:23 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}

[2010/07/24 06:12:23 | 000,000,000 | ---D | M] (UnMHT) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}

[2010/07/24 06:12:17 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\craigslistimagepreviewext@craigstoolbox

[2010/07/24 06:12:17 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\Foxdie@tanjihay.com

[2010/07/24 06:12:17 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\foxdie_ext_ocelot@foxdie.us

[2010/07/24 06:12:17 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\iSafari.Leopard.Themes@gmail.com

[2010/07/24 06:12:17 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\langpack-pt-BR@firefox.mozilla.org

[2010/07/24 06:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}\chrome\mozapps\extensions

[2010/04/28 01:40:13 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\foh836ux.test\extensions

[2010/04/28 01:40:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\foh836ux.test\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010/04/28 01:40:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\foh836ux.test\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/04/28 01:40:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\foh836ux.test\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/04/28 01:40:13 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\foh836ux.test\extensions\YoutubeDownloader@PeterOlayev.com

[2009/11/10 21:56:10 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\hrjd0cdv.default\extensions

[2010/07/24 06:12:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\hrjd0cdv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/07/24 06:12:48 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\hrjd0cdv.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

[2010/07/24 06:12:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\hrjd0cdv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/10/04 01:15:38 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions

[2010/09/22 19:35:30 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2010/07/24 06:12:53 | 000,000,000 | ---D | M] (Vyprázdnit vyrovnávací paměť) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}

[2010/09/22 19:35:30 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010/08/04 22:14:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/09/18 13:19:54 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

[2010/09/04 13:54:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/09/04 13:54:28 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2010/07/24 06:12:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010/07/24 06:12:55 | 000,000,000 | ---D | M] (Simpler Black) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions\{e971b650-6098-11da-8cd6-0800200c9a66}

[2010/07/24 06:12:55 | 000,000,000 | ---D | M] (UnMHT) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}

[2010/07/25 04:12:53 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions

[2010/07/24 06:12:59 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010/07/24 06:12:59 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}

[2010/07/24 06:12:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/07/24 06:13:00 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

[2010/07/24 06:13:00 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}

[2010/07/24 06:13:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/07/24 06:13:00 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2010/07/24 06:13:01 | 000,000,000 | ---D | M] (iAqua) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\{e1d404a0-6bb3-11de-8a39-0800200c9a66}

[2010/07/24 06:13:01 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010/07/24 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\linkgopher@oooninja.com

[2010/04/23 18:38:25 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\staged-xpis

[2010/07/24 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\YoutubeDownloader@PeterOlayev.com

[2010/05/20 04:44:00 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\wsabpt14.WINDOWS 7 DEFAULT\extensions

[2010/07/24 06:13:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\wsabpt14.WINDOWS 7 DEFAULT\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/07/24 06:13:06 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\wsabpt14.WINDOWS 7 DEFAULT\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010/07/24 06:13:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\wsabpt14.WINDOWS 7 DEFAULT\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/07/24 06:13:07 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\wsabpt14.WINDOWS 7 DEFAULT\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

[2010/07/24 06:13:07 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\wsabpt14.WINDOWS 7 DEFAULT\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}

[2010/07/24 06:13:08 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\wsabpt14.WINDOWS 7 DEFAULT\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/07/24 06:13:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\wsabpt14.WINDOWS 7 DEFAULT\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010/07/24 06:13:05 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\wsabpt14.WINDOWS 7 DEFAULT\extensions\smarterwiki@wikiatic.com

[2010/07/24 06:13:06 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\wsabpt14.WINDOWS 7 DEFAULT\extensions\YoutubeDownloader@PeterOlayev.com

[2010/07/24 06:24:25 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions

[2010/07/24 06:13:13 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}

[2010/07/24 06:13:16 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2010/07/24 06:13:17 | 000,000,000 | ---D | M] (Unofficial Google Translate Firefox extension) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{3eaacb33-878f-44fa-b4cd-6e67cbaf828b}

[2010/07/24 06:13:17 | 000,000,000 | ---D | M] (Aquatint Redone) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{47e5a66c-0e35-11dc-8314-0800200c9a66}

[2010/07/24 06:13:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010/07/24 06:13:17 | 000,000,000 | ---D | M] (Takuapa) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{9e6ecf40-4690-11dd-ae16-0800200c9a66}

[2010/07/24 06:13:17 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}

[2010/07/24 06:13:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/07/24 06:13:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/07/24 06:13:18 | 000,000,000 | ---D | M] (iFox Smooth) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}

[2010/07/24 06:13:18 | 000,000,000 | ---D | M] (Whitehart) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}

[2010/07/24 06:13:18 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}

[2010/07/24 06:13:18 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010/07/24 06:13:19 | 000,000,000 | ---D | M] (UnMHT) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}

[2010/07/24 06:13:13 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\craigslistimagepreviewext@craigstoolbox

[2010/07/24 06:13:13 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\Foxdie@tanjihay.com

[2010/07/24 06:13:13 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\foxdie_ext_ocelot@foxdie.us

[2010/07/24 06:13:13 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\iSafari.Leopard.Themes@gmail.com

[2010/07/24 06:13:13 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\langpack-pt-BR@firefox.mozilla.org

[2010/07/24 06:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}\chrome\mozapps\extensions

[2010/05/05 21:50:36 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Sunbird\Profiles\f50do5sr.default\extensions

[2010/10/04 01:15:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2008/12/23 12:06:38 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/10/03 02:36:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll (Xi)

O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()

O3 - HKLM\..\Toolbar: (Alive Text to Speech) - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\Program Files\AliveMedia\Text to Speech\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (Xi)

O3 - HKLM\..\Toolbar: (2nd &Speech Center) - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\Program Files\2nd Speech Center\tts4ie.dll ()

O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll ()

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe (Lexmark International Inc.)

O4 - HKLM..\Run: [iME14 CHT Setup] C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: + Offline &Explorer: Download the link - C:\Program Files\OfflineExplorer\Add_UrlO.htm ()

O8 - Extra context menu item: + Offline E&xplorer: Download the current page - C:\Program Files\OfflineExplorer\Add_AllO.htm ()

O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html ()

O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html ()

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s...el_4.1.66.0.cab (Reg Error: Key error.)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[2009/12/04 20:20:54 | 016,183,808 | ---- | C] (Boris FX) -- C:\Program Files\BorisFX9 AE.aex

[2009/09/18 13:44:32 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll

[2009/09/18 13:44:32 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll

[2009/09/18 13:44:32 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll

[2009/09/18 13:44:31 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll

[2009/09/18 13:44:31 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll

[2009/09/18 13:44:31 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll

[2009/09/18 13:44:31 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll

[2009/09/18 13:44:30 | 000,679,936 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll

[2009/09/18 13:44:29 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll

[2009/09/18 13:44:29 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll

[2009/09/13 11:40:59 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Lawdy\AppData\Roaming\pcouffin.sys

[2004/04/23 18:06:25 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp71.dll

[2004/04/23 18:06:25 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll

[2003/09/08 10:09:54 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp70.dll

[2003/09/08 10:09:54 | 000,344,064 | R--- | C] (Microsoft Corporation) -- C:\Program Files\msvcr70.dll

[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/04 18:22:23 | 000,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/10/04 18:22:23 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/10/04 18:22:23 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/10/04 18:22:01 | 007,602,176 | -HS- | M] () -- C:\Users\Lawdy\ntuser.dat

[2010/10/04 18:17:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-358773793-620390815-2993260238-1001UA.job

[2010/10/04 17:21:41 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/04 17:21:41 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/04 17:16:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/10/04 17:16:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/04 17:16:26 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/04 17:16:23 | 000,039,556 | ---- | M] () -- C:\Windows\System32\oodbs.lor

[2010/10/04 02:48:09 | 000,172,908 | ---- | M] () -- C:\Users\Lawdy\Desktop\A.jpg

[2010/10/04 01:45:06 | 000,008,192 | ---- | M] () -- C:\Users\Lawdy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/04 00:00:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs

[2010/10/03 23:21:14 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-358773793-620390815-2993260238-1001Core.job

[2010/10/03 02:36:49 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini

[2010/10/03 02:36:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/10/03 01:03:15 | 000,002,963 | ---- | M] () -- C:\Users\Lawdy\Desktop\HiJackThis.lnk

[2010/10/03 01:02:53 | 001,402,880 | ---- | M] () -- C:\HiJackThis.msi

[2010/10/02 00:30:39 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/04 02:48:09 | 000,172,908 | ---- | C] () -- C:\Users\Lawdy\Desktop\A.jpg

[2010/10/03 02:30:29 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2010/10/03 02:30:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2010/10/03 02:30:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2010/10/03 02:30:29 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe

[2010/10/03 02:30:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010/10/03 01:03:15 | 000,002,963 | ---- | C] () -- C:\Users\Lawdy\Desktop\HiJackThis.lnk

[2010/10/03 01:02:43 | 001,402,880 | ---- | C] () -- C:\HiJackThis.msi

[2010/10/02 00:30:39 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/12 12:28:13 | 000,008,192 | ---- | C] () -- C:\Users\Lawdy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/12 01:40:29 | 019,657,194 | ---- | C] () -- C:\Users\Lawdy\Documents\vlc-1.1.4-win32.exe

[2010/09/10 22:14:59 | 000,000,048 | ---- | C] () -- C:\Windows\System32\pdfutil.ini

[2010/09/06 15:09:45 | 000,039,556 | ---- | C] () -- C:\Windows\System32\oodbs.lor

[2010/08/30 16:13:39 | 004,192,486 | ---- | C] () -- C:\Users\Lawdy\Documents\Document.rtf

[2010/08/03 22:23:33 | 014,663,168 | ---- | C] () -- C:\Windows\System32\cpime.ime

[2010/08/03 22:23:33 | 000,013,488 | ---- | C] () -- C:\Windows\System32\cpime.chm

[2010/07/28 08:00:54 | 252,643,804 | ---- | C] () -- C:\heatherantTV1_1_640.wmv

[2010/07/27 04:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll

[2010/07/27 04:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe

[2010/07/27 04:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll

[2010/07/27 03:56:40 | 000,266,828 | ---- | C] () -- C:\Windows\System32\drivers\LVAFT.cfg

[2010/07/27 03:56:04 | 000,090,411 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2010/07/27 03:55:50 | 000,037,518 | ---- | C] () -- C:\Windows\System32\Repository.reg

[2010/07/21 13:59:36 | 000,002,592 | ---- | C] () -- C:\ProgramData\lxduJSW.log

[2010/07/20 22:34:56 | 000,038,905 | ---- | C] () -- C:\Program Files\SpokeStyles.jpg

[2010/06/09 04:58:44 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys

[2010/06/08 14:22:56 | 000,000,000 | ---- | C] () -- C:\Windows\CNeuroWizard.ini

[2010/06/08 13:37:59 | 000,000,115 | ---- | C] () -- C:\Windows\wt.ini

[2010/05/15 15:55:49 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll

[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys

[2010/04/30 03:52:47 | 000,000,077 | ---- | C] () -- C:\Windows\System32\winitn.dll

[2010/04/30 03:52:42 | 000,000,001 | ---- | C] () -- C:\Windows\sslzdlt.dll

[2010/04/10 17:44:57 | 000,435,736 | ---- | C] () -- C:\Windows\System32\drivers\iaStor.sys

[2010/02/10 01:42:35 | 000,035,328 | ---- | C] () -- C:\Program Files\XXX Password Finder v2.exe

[2009/12/26 05:15:18 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2009/12/26 05:15:17 | 002,041,363 | ---- | C] () -- C:\Windows\System32\x264vfw.dll

[2009/12/26 05:15:16 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2009/12/26 05:15:16 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009/12/26 05:15:15 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2009/12/26 05:15:15 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2009/12/26 00:53:27 | 000,000,032 | ---- | C] () -- C:\Windows\tdlp32.ini

[2009/12/21 22:53:11 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009/12/08 08:49:18 | 000,007,388 | ---- | C] () -- C:\Program Files\mbsuite21.log

[2009/12/04 20:24:02 | 000,002,145 | ---- | C] () -- C:\Windows\BorisFX9.2.ini

[2009/12/04 20:20:59 | 000,237,568 | R--- | C] () -- C:\Windows\System32\qtmlClient.dll

[2009/11/17 08:18:18 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll

[2009/10/02 01:14:30 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

[2009/10/01 18:06:23 | 000,014,848 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll

[2009/09/18 13:46:28 | 000,360,448 | ---- | C] () -- C:\Windows\System32\lxducoin.dll

[2009/09/18 13:45:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll

[2009/09/18 13:45:25 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll

[2009/09/18 13:45:25 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll

[2009/09/18 13:45:25 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll

[2009/09/18 13:45:04 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdurwrd.ini

[2009/09/18 13:44:32 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll

[2009/09/18 13:44:30 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll

[2009/09/15 06:44:07 | 000,000,029 | ---- | C] () -- C:\Users\Lawdy\AppData\Roaming\default.rss

[2009/09/15 06:44:07 | 000,000,000 | ---- | C] () -- C:\Users\Lawdy\AppData\Roaming\downloads.m3u

[2009/09/14 13:25:31 | 000,000,255 | ---- | C] () -- C:\Users\Lawdy\AppData\Roaming\iPod Access v4 Prefs

[2009/09/14 13:23:25 | 000,000,041 | -H-- | C] () -- C:\Users\Lawdy\AppData\Roaming\iPodAccessv4_OwnerName

[2009/09/14 13:22:40 | 000,000,011 | -H-- | C] () -- C:\Users\Lawdy\AppData\Roaming\iPodAccess_Time

[2009/09/14 04:51:00 | 000,000,600 | ---- | C] () -- C:\Users\Lawdy\AppData\Roaming\winscp.rnd

[2009/09/14 00:56:35 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini

[2009/09/14 00:15:50 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009/09/13 11:42:09 | 000,000,671 | ---- | C] () -- C:\Users\Lawdy\AppData\Roaming\vso_ts_preview.xml

[2009/09/13 11:41:38 | 000,000,034 | ---- | C] () -- C:\Users\Lawdy\AppData\Roaming\pcouffin.log

[2009/09/13 11:40:59 | 000,007,887 | ---- | C] () -- C:\Users\Lawdy\AppData\Roaming\pcouffin.cat

[2009/09/13 11:40:59 | 000,001,144 | ---- | C] () -- C:\Users\Lawdy\AppData\Roaming\pcouffin.inf

[2009/07/30 21:58:42 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini

[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll

[2008/02/08 18:13:44 | 000,319,488 | ---- | C] () -- C:\Windows\System32\LS3Renderer.dll

[2008/02/08 18:03:43 | 000,516,096 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll

[2005/10/10 00:00:00 | 002,182,144 | ---- | C] () -- C:\Windows\System32\pdfutil.dll

[1998/09/15 09:12:52 | 000,051,200 | ---- | C] () -- C:\Windows\System32\tctsaudio.dll

[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/06/09 03:16:37 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\.anki

[2010/06/09 03:14:00 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\.matplotlib

[2010/09/13 15:32:48 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\4Media

[2010/04/20 18:21:14 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\acccore

[2010/09/20 18:11:24 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Audacity

[2010/08/05 05:19:52 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\CasaPortale.de

[2010/04/12 22:58:48 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\CopyTrans

[2010/05/15 16:02:59 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\DAEMON Tools Lite

[2010/04/28 02:01:48 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Darq Software

[2010/01/17 20:40:03 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\DiskAid

[2010/06/09 03:37:31 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Ectaco

[2010/02/12 21:04:00 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Elluminate

[2010/10/04 17:01:17 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\foobar2000

[2009/09/14 04:16:38 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Foxit

[2010/09/10 21:02:27 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Foxit Software

[2010/06/22 08:51:15 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\KoshyJohn.com

[2010/02/03 12:56:02 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Leadertech

[2009/11/17 23:39:25 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\NCH Swift Sound

[2010/09/30 19:51:45 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Offline Explorer

[2010/03/25 02:29:41 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\OpenOffice.org

[2009/12/24 03:15:37 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Paltalk

[2010/06/12 23:39:29 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Pamela

[2010/09/30 14:13:53 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\PrimoPDF

[2009/09/14 00:40:44 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Publish Providers

[2010/01/03 03:39:40 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Registry Mechanic

[2010/07/12 23:44:03 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Softland

[2010/07/22 03:28:48 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Sony

[2009/10/31 23:44:13 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Sony Creative Software

[2010/10/04 03:56:08 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\TeraCopy

[2009/12/02 21:38:13 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Thunderbird

[2010/10/03 02:01:07 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\uTorrent

[2010/07/14 14:35:21 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Vso

[2010/04/12 21:34:21 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\WindSolutions

[2009/10/16 15:51:33 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Xilisoft Corporation

[2010/09/27 00:28:07 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:F8D65F32

< End of report >

Elise · October 5, 2010

Hi, could you please also post extra.txt, created by OTL?

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

vaioman · October 5, 2010

Hello, I was unable to locate extra.txt created by OTL, perhaps i did not save it the first time. OTL for some reason hogs memory resources from my laptop and runs extremely slow, however; I've posted Combofix report as requested. Thank you =-)

ComboFix 10-10-01.07 - Lawdy 10/03/2010 2:31.1.2 - x86 NETWORK

Running from: c:\users\Lawdy\Downloads\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Lawdy\AppData\Roaming\inst.exe

c:\windows\config.ini

c:\windows\system32\Memman.vxd

c:\windows\system32\skinboxer43.dll

.

((((((((((((((((((((((((( Files Created from 2010-09-03 to 2010-10-03 )))))))))))))))))))))))))))))))

.

2010-10-03 05:03 . 2010-10-03 05:03 388096 ----a-r- c:\users\Lawdy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-10-03 05:03 . 2010-10-03 05:03 -------- d-----w- c:\program files\Trend Micro

2010-10-03 05:02 . 2010-10-03 05:02 1402880 ----a-w- C:\HiJackThis.msi

2010-10-02 10:28 . 2010-10-02 10:32 -------- d-----w- C:\new DTOR

2010-10-02 04:30 . 2010-10-02 04:30 -------- d-----w- c:\users\Lawdy\AppData\Roaming\Malwarebytes

2010-10-02 04:30 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-02 04:30 . 2010-10-02 04:30 -------- d-----w- c:\programdata\Malwarebytes

2010-10-02 04:30 . 2010-10-03 06:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-02 04:30 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-02 04:30 . 2010-10-02 04:30 6153376 ----a-w- C:\mbam-setup.exe

2010-09-22 14:22 . 2008-08-28 17:40 720896 ----a-w- c:\windows\InsydeFlash.exe

2010-09-22 14:22 . 2008-08-28 16:41 1228800 ----a-w- c:\windows\iscflash.dll

2010-09-22 14:22 . 2008-08-05 20:48 11520 ----a-w- c:\windows\iscflash.sys

2010-09-22 14:22 . 2007-01-20 02:47 38784 ----a-w- c:\windows\PhlashNT.sys

2010-09-22 14:22 . 2007-01-20 02:43 303104 ----a-w- c:\windows\SWinFlash.exe

2010-09-22 14:22 . 2006-11-21 00:04 200704 ----a-w- c:\windows\PhlashLc.dll

2010-09-22 14:22 . 2009-10-15 01:17 36864 ----a-w- c:\windows\UpdateBattery.exe

2010-09-22 02:53 . 2010-09-22 03:03 120124752 ----a-w- C:\lws201_full.exe

2010-09-16 20:55 . 2010-09-16 20:55 -------- d-----w- C:\Buena Vista Social Club

2010-09-15 17:01 . 2010-09-23 11:31 -------- d-----w- C:\logs

2010-09-15 00:02 . 2010-09-15 00:21 -------- d-----w- c:\programdata\LogiShrd

2010-09-15 00:02 . 2010-09-15 00:06 -------- d-----w- c:\program files\Logitech

2010-09-14 23:57 . 2010-09-14 23:57 -------- d-----w- c:\programdata\Logitech

2010-09-14 23:57 . 2010-09-15 00:01 -------- d-----w- c:\program files\Common Files\LWS

2010-09-13 19:50 . 2010-09-15 22:40 -------- d-----w- C:\Hrvatski Slow

2010-09-13 19:35 . 2010-09-13 19:35 -------- d-----w- c:\program files\ImTOO

2010-09-13 19:32 . 2010-09-13 19:32 -------- d-----w- c:\users\Lawdy\AppData\Roaming\4Media

2010-09-13 19:29 . 2010-09-13 19:32 -------- d-----w- c:\program files\4Media

2010-09-13 19:26 . 2010-09-13 19:33 -------- d-----w- C:\4Media iPod to PC Transfer

2010-09-12 06:44 . 2010-09-12 06:44 -------- d-----w- c:\users\Lawdy\dwhelper

2010-09-12 06:11 . 2010-09-12 06:11 142392 ----a-w- c:\users\Lawdy\AppData\Local\GDIPFONTCACHEV1.DAT

2010-09-12 05:54 . 2010-09-14 20:30 -------- d-----w- c:\users\Lawdy\AppData\Roaming\vlc

2010-09-11 02:25 . 2010-09-11 02:36 -------- d-----w- c:\program files\A-PDF Merger

2010-09-11 01:02 . 2010-09-11 01:02 -------- d-----w- c:\users\Lawdy\AppData\Roaming\Foxit Software

2010-09-09 02:04 . 2010-09-09 02:13 -------- d-----w- c:\program files\OfflineExplorer

2010-09-08 10:45 . 2010-09-08 16:06 -------- d-----w- C:\Part 6 of 6

2010-09-07 05:44 . 2010-09-07 05:44 -------- d-----w- c:\windows\system32\oodag

2010-09-06 19:05 . 2010-09-06 19:05 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe

2010-09-06 19:04 . 2010-09-06 19:04 -------- d-----w- c:\program files\iPod

2010-09-06 19:04 . 2010-09-06 19:05 -------- d-----w- c:\program files\iTunes

2010-09-06 18:58 . 2010-09-06 18:58 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-06 18:39 . 2010-09-06 18:39 -------- d-----w- c:\users\Lawdy\AppData\Local\O&O

2010-09-06 18:37 . 2010-09-06 18:37 -------- d-----w- c:\program files\OO Software

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-03 06:03 . 2009-09-13 08:39 -------- d-----w- c:\users\Lawdy\AppData\Roaming\foobar2000

2010-10-03 06:01 . 2009-09-13 08:34 -------- d-----w- c:\users\Lawdy\AppData\Roaming\uTorrent

2010-10-03 05:04 . 2009-09-13 08:24 -------- d-----w- c:\users\Lawdy\AppData\Roaming\Skype

2010-10-03 04:00 . 2010-06-09 02:24 -------- d-----w- c:\users\Lawdy\AppData\Roaming\skypePM

2010-10-03 01:50 . 2009-09-13 08:15 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2010-10-02 04:39 . 2009-09-14 04:47 -------- d-----w- c:\program files\Common Files\Nero

2010-10-02 04:13 . 2010-04-28 00:59 -------- d-----w- c:\program files\ESET

2010-09-30 23:51 . 2010-03-24 19:43 -------- d-----w- c:\users\Lawdy\AppData\Roaming\Offline Explorer

2010-09-30 18:15 . 2009-09-18 17:50 -------- d-----w- c:\programdata\Lx_cats

2010-09-30 18:13 . 2009-11-17 12:19 -------- d-----w- c:\users\Lawdy\AppData\Roaming\PrimoPDF

2010-09-30 12:09 . 2010-04-30 23:26 -------- d-----w- c:\users\Lawdy\AppData\Roaming\TeraCopy

2010-09-24 19:05 . 2010-03-25 06:29 1 ----a-w- c:\users\Lawdy\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-09-21 04:25 . 2010-06-09 02:15 -------- d-----r- c:\program files\Skype

2010-09-21 04:25 . 2010-06-09 02:15 -------- d-----w- c:\programdata\Skype

2010-09-20 22:11 . 2010-05-16 02:10 -------- d-----w- c:\users\Lawdy\AppData\Roaming\Audacity

2010-09-18 07:56 . 2009-09-14 04:13 -------- d-----w- c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter

2010-09-15 00:07 . 2009-09-13 08:14 -------- d-----w- c:\program files\Common Files\LogiShrd

2010-09-12 06:00 . 2009-09-13 08:35 -------- d-----w- c:\program files\uTorrent

2010-09-12 00:53 . 2009-09-21 16:54 531456 ----a-w- c:\users\Lawdy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\USDownloader_portable\USDownloader-v.1.3.5.11\USDownloader.exe

2010-09-11 01:00 . 2009-09-14 08:16 -------- d-----w- c:\program files\Foxit Software

2010-09-09 23:09 . 2010-05-05 18:40 -------- d-----w- c:\program files\SpeedFan

2010-09-07 19:57 . 2010-08-05 08:27 -------- d-----w- c:\program files\iPod Pics

2010-09-06 19:06 . 2009-12-29 02:37 -------- d-----w- c:\program files\Safari

2010-09-06 19:04 . 2009-09-13 17:39 -------- d-----w- c:\program files\Common Files\Apple

2010-09-06 19:02 . 2010-01-02 21:22 -------- d-----w- c:\program files\QuickTime

2010-08-29 08:19 . 2010-08-29 08:19 -------- d-----w- c:\program files\iPhone Folders

2010-08-12 21:57 . 2009-12-29 02:38 229664 ---ha-w- c:\windows\system32\mlfcache.dat

2010-08-12 17:45 . 2009-11-15 06:54 -------- d-----w- c:\program files\Your Website Downloader Program

2010-08-10 23:53 . 2010-08-10 23:53 -------- d-----w- c:\program files\SequoiaView

2010-08-10 06:33 . 2010-08-10 06:33 262144 ----a-w- c:\programdata\SPL2C8A.tmp

2010-08-10 06:32 . 2010-08-10 06:32 262144 ----a-w- c:\programdata\SPL9836.tmp

2010-08-10 06:31 . 2010-08-10 06:31 262144 ----a-w- c:\programdata\SPLD41B.tmp

2010-08-07 06:19 . 2009-09-20 08:53 -------- d-----w- c:\program files\Yahoo!

2010-08-05 20:57 . 2009-09-25 03:36 -------- d--h--w- c:\programdata\yahoo!

2010-08-05 09:19 . 2010-08-05 09:19 -------- d-----w- c:\program files\PosteRazor

2010-08-05 09:19 . 2010-08-05 09:19 -------- d-----w- c:\users\Lawdy\AppData\Roaming\CasaPortale.de

2010-08-05 08:18 . 2010-08-04 02:22 -------- d-----w- c:\program files\Cantonese typing

2010-07-27 08:14 . 2010-07-27 08:14 6842464 ----a-w- c:\windows\system32\drivers\lvuvc.sys

2010-07-27 08:14 . 2010-07-27 08:14 539232 ----a-w- c:\windows\system32\LVUI2RC.dll

2010-07-27 08:14 . 2010-07-27 08:14 543328 ----a-w- c:\windows\system32\LVUI2.dll

2010-07-27 08:13 . 2010-07-27 08:13 66528 ----a-w- c:\windows\system32\drivers\lvselsus.sys

2010-07-27 08:12 . 2010-07-27 08:12 282336 ----a-w- c:\windows\system32\drivers\lvrs.sys

2010-07-27 08:08 . 2010-07-27 08:08 203360 ----a-w- c:\windows\system32\lvci1311021.dll

2010-07-27 08:07 . 2010-07-27 08:07 416352 ----a-w- c:\windows\system32\lvcodec2.dll

2010-07-27 08:07 . 2010-07-27 08:07 20704 ----a-w- c:\windows\system32\drivers\lvbusflt.sys

2010-07-27 08:03 . 2010-07-27 08:03 10829656 ----a-w- c:\windows\system32\LogiDPP.dll

2010-07-27 08:03 . 2010-07-27 08:03 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe

2010-07-27 08:03 . 2010-07-27 08:03 290648 ----a-w- c:\windows\system32\DevManagerCore.dll

2010-07-27 07:55 . 2010-07-27 07:55 37518 ----a-w- c:\windows\system32\Repository.reg

2010-07-15 02:36 . 2010-07-15 02:36 2977792 ----a-w- c:\users\Lawdy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\umbrella-4.00.80.exe

2009-12-08 12:49 . 2009-12-08 12:49 7388 ----a-w- c:\program files\mbsuite21.log

2008-12-17 23:50 . 2010-02-10 05:42 35328 ----a-w- c:\program files\XXX Password Finder v2.exe

2007-12-15 18:53 . 2009-12-05 00:20 16183808 ----a-w- c:\program files\BorisFX9 AE.aex

2003-11-03 22:07 . 2004-04-23 22:06 499712 ----a-w- c:\program files\msvcp71.dll

2003-11-03 22:07 . 2004-04-23 22:06 348160 ----a-w- c:\program files\msvcr71.dll

2003-05-30 14:22 . 2003-09-08 14:09 344064 ----a-r- c:\program files\msvcr70.dll

2002-01-05 08:40 . 2003-09-08 14:09 487424 ----a-w- c:\program files\msvcp70.dll

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

.

------- Sigcheck -------

[-] 2010-04-02 . 39B9C70E07A578BD24974E89F18F5771 . 2614272 . . [6.1.7600.16385] . . c:\windows\explorer.exe

[-] 2009-07-14 01:14 . 3E12B9A226F0F4AA130D666A26195D5E . 2613248 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520]

"EzPrint"="c:\program files\Lexmark 5600-6600 Series\ezprint.exe" [2008-09-10 131752]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

"IME14 CHT Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-21 80240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"TaskbarNoThumbnail"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e03d0c04]

IME file REG_SZ cpime.ime

[HKLM\~\startupfolder\C:^Users^Lawdy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Lawdy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]

2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-07-13 19:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-02-20 00:22 135664 ----atw- c:\users\Lawdy\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2009-05-08 14:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-11-14 02:07 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]

2009-09-12 04:34 2524416 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pamela.exe]

2010-01-18 00:25 3395584 ----a-w- c:\program files\Pamela\Pamela.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

2009-10-14 20:42 292824 ----a-w- c:\program files\Registry Mechanic\RMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-09-01 20:39 14709640 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USDownloader]

2010-09-12 00:53 531456 ----a-w- c:\users\Lawdy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\USDownloader_portable\USDownloader-v.1.3.5.11\USDownloader.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Google Update"="c:\users\Lawdy\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-15 691696]

R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]

R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312]

R2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-01-21 59760]

R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2008-05-23 594600]

R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [2008-05-23 98984]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]

R3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2010-07-27 20704]

R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]

R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2009-07-24 25112]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-358773793-620390815-2993260238-1001Core.job

- c:\users\Lawdy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 00:22]

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-358773793-620390815-2993260238-1001UA.job

- c:\users\Lawdy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 00:22]

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = 127.0.0.1

IE: + Offline &Explorer: Download the link - file://c:\program files\OfflineExplorer\Add_UrlO.htm

IE: + Offline E&xplorer: Download the current page - file://c:\program files\OfflineExplorer\Add_AllO.htm

IE: Download all by NetXfer - c:\program files\Xi\NetXfer\NXAddList.html

IE: Download by NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\Lawdy\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-RunOnce-<NO NAME> - (no file)

MSConfigStartUp-Logitech Vid - c:\program files\Logitech\Logitech Vid\Vid.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2010-10-03 02:38:05

ComboFix-quarantined-files.txt 2010-10-03 06:38

Pre-Run: 24,540,348,416 bytes free

Post-Run: 24,450,490,368 bytes free

- - End Of File - - F53D79ECBA6A7D2FAA80D012FE4884C5

ComboFix.txt

Elise · October 5, 2010

OTL

-----

Please download OTL from one of the following mirrors:
- This is THE Mirror

[*]Save it to your desktop.

[*]Double click on the icon on your desktop.

[*]Copy and Paste the following code into the textbox. Do not include the word "Code"

/md5start
explorer.exe
wininit.exe
hlp.dat
/md5stop

[*]Click the NONE button.

[*]Push

[*]A report will open. Copy and Paste that report in your next reply.

LDTate · October 28, 2010

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Apache Malware Spyware or virus

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information