Jump to content

abrenden123

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Everything posted by abrenden123

  1. abrenden123
    My buddy bought a laptop a few years ago and put the Intel Anti-Theft system on it. I think the system was engineered by McAffee. He got the computer when he lived with his foks, and they had internet. So there wasnt any problem hooking up to the servers. He moved to a place with no internet, the Anti-Theft server couldn't update. It has long since locked him out of any sort of usablility for this computer. He has pictures and other files he doesn't want to get rid of, so i cant just wipe it.The computer is running Windows 7. He tells me it has been years since he has been inside the computer. I tried calling McAfee customer support and they couldnt/wouldnt help me without a reciept or username/password. The text that comes up when you start the computer "Intel Anti-Theft system lock due to: Disable Timer Expired Time Left to enter Password: (a bunch of time) Please select one of the following for platform recovery: 1-User Password 2-Server Token Password Select one of the above options to proceed... Compter locked by Intel® Anti-Theft Technology intel Anti-Theft service provider ID:2000" Is there anything I can do? What about removing the hard drive to another computer, just so I can get the photos he wants? Thanks for the help in advance. This is easily the best computer help forum on the web.
  2. abrenden123
    Thanks MR Charlie. I'll let you know what the resolution is.
  3. abrenden123
    Hi there, I am trying to get the FBI Moneypack virus off of a friends computer and I was hoping someone could me out. Its an Aspire netbook running Windows XP and Im talking to you on a computer running Windows 7. I have looked at the other fixes and removal guides for this topic and nothing has helped. I can't reboot in safe mode, I cant get into the command prompt, it ends up just getting back to the moneypack screen. I can get into the boot manager but I am way too unexpierenced to start playing with that. I appreciate your help in advance.
  4. abrenden123
    I meant to say I downloaded Malwarebytes.
  5. abrenden123
    I tried loading windows normally, and it worked. I think this may have solved the problem. I am taking steps to make sure of it. I downloaded, updated, and scanned. I am currently in the process of that. I have SpyBot as well, and I will scan with that too. I am using ESET NOD32 as an antivirus and after I scan with the Malware scanners, i will scan with NOD 32. Is there anything else I should do?
  6. abrenden123
    ========== OTL ========== Registry value HKEY_USERS\ABrenden.HP6930P-106_ON_D\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found. Registry value HKEY_USERS\ABrenden.HP6930P-106_ON_D\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_USERS\ABrenden_ON_D\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found. Registry value HKEY_USERS\ABrenden_ON_D\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_USERS\Motive_Master_ON_D\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found. Registry value HKEY_USERS\Motive_Master_ON_D\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\ProgramData\nzqwwnh_ deleted successfully. File D:\ProgramData\nzqwwnh_.exe not found. File D:\ProgramData\nzqwwnh_.exe not found. File D:\Users\ABrenden.HP6930P-106\AppData\Roaming\nzqwwnh_.exe not found. File D:\Users\ABrenden.HP6930P-106\AppData\Local\nzqwwnh_.exe not found. File D:\ProgramData\nzqwwnh_.exe not found. File D:\Users\ABrenden.HP6930P-106\AppData\Local\nzqwwnh_.exe not found. File D:\Users\ABrenden.HP6930P-106\AppData\Roaming\nzqwwnh_.exe not found. OTLPE by OldTimer - Version 3.1.48.0 log created on 12272012_105924
  7. abrenden123
    OTL logfile created on: 12/26/2012 9:01:23 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files Drive C: | 139.07 Mb Total Space | 114.94 Mb Free Space | 82.65% Space Free | Partition Type: NTFS Drive D: | 148.91 Gb Total Space | 120.56 Gb Free Space | 80.96% Space Free | Partition Type: NTFS Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2012/12/18 11:32:56 | 000,137,728 | ---- | M] (LogMeIn, Inc.) [Auto] -- D:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint) SRV - [2012/12/18 11:32:50 | 000,375,296 | ---- | M] (LogMeIn, Inc.) [Auto] -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2012/11/29 13:56:52 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto] -- D:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/13 09:58:17 | 000,096,768 | ---- | M] (LabTech Software) [Auto] -- D:\Windows\LTsvc\LTSvcMon.exe -- (LTSvcMon) SRV - [2012/06/18 09:56:00 | 012,548,608 | ---- | M] (LabTech Software) [Auto] -- D:\Windows\LTSvc\LTSVC.exe -- (LTService) SRV - [2012/03/23 11:55:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011/07/12 21:49:30 | 001,922,960 | ---- | M] (Acronis) [Auto] -- D:\Program Files\Common Files\Acronis\Agent\agent.exe -- (AcronisAgent) SRV - [2011/07/12 21:47:18 | 000,809,032 | ---- | M] (Acronis) [Auto] -- D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010/11/02 20:22:02 | 000,113,168 | ---- | M] (DEVGURU Co., LTD) [Auto] -- D:\Windows\System32\ptumlcmsvc.exe -- (ptumlcmsvc) SRV - [2009/12/03 22:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto] -- D:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/01/26 17:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008/07/15 19:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto] -- D:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (VGPU) DRV - File not found [Kernel | On_Demand] -- -- (tsusbhub) DRV - File not found [Kernel | On_Demand] -- -- (Synth3dVsc) DRV - File not found [Kernel | On_Demand] -- -- (cpuz135) DRV - [2012/12/18 11:33:16 | 000,084,504 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled] -- D:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2012/11/29 13:56:52 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto] -- D:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2012/11/29 13:56:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto] -- D:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo) DRV - [2012/07/12 16:50:19 | 000,167,168 | ---- | M] (Acronis) [Kernel | Boot] -- D:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2012/05/09 14:46:00 | 000,028,032 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\lgvzandnetmdm.sys -- (vzandnetmodem) DRV - [2012/05/09 14:46:00 | 000,023,168 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\lgvzandnetdiag2.sys -- (vzandnetdiag2) DRV - [2012/05/09 14:46:00 | 000,023,168 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\lgvzandnetdiag.sys -- (vzandnetdiag) DRV - [2012/05/09 14:43:00 | 000,074,752 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\lgvzandnetndis.sys -- (vzandnetndis) DRV - [2012/04/02 13:25:54 | 000,397,640 | ---- | M] (Acronis) [Kernel | Boot] -- D:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2012/04/02 13:25:54 | 000,038,120 | ---- | M] (Acronis) [File_System | Auto] -- D:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2011/05/13 20:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot] -- D:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2011/05/13 20:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2010/11/20 06:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 06:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 06:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010/11/20 04:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 03:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 03:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 03:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/11/02 10:07:04 | 000,168,208 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\PTUMLVsp.sys -- (PTUMLVsp) DRV - [2010/11/02 10:07:02 | 000,168,848 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\PTUMLNVsp.sys -- (PTUMLNVsp) DRV - [2010/11/02 10:07:02 | 000,060,432 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\PTUMLRMNET.sys -- (PTUMLRMNET) DRV - [2010/11/02 10:07:00 | 000,237,072 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\PTUMLMBMP.sys -- (PTUMLMBMP) DRV - [2010/11/02 10:07:00 | 000,168,208 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\PTUMLMdm.sys -- (PTUMLMdm) DRV - [2010/11/02 10:07:00 | 000,168,208 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\PTUMLCVsp.sys -- (PTUMLCVsp) DRV - [2010/11/02 10:07:00 | 000,059,664 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\PTUMLBUS.sys -- (PTUMLBUS) DRV - [2010/02/25 02:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey) DRV - [2010/01/26 19:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2010/01/13 18:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel® DRV - [2009/12/03 18:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel® DRV - [2009/06/25 19:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto] -- D:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009/06/13 03:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress) Intel® DRV - [2009/04/29 09:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2009/01/14 21:46:04 | 000,077,824 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2008/10/09 05:32:46 | 001,810,856 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2006/10/03 03:07:00 | 000,047,488 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rismc32.sys -- (RICOH SmartCard Reader) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\ABrenden.HP6930P-106_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\ABrenden.HP6930P-106_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\ABrenden.HP6930P-106_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E CB DE C5 8A E3 CD 01 [binary data] IE - HKU\ABrenden.HP6930P-106_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\ABrenden_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKU\ABrenden_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\ABrenden_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Motive_Master_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\Motive_Master_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\Motive_Master_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 14 14 24 9A 19 CD 01 [binary data] IE - HKU\Motive_Master_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: D:\Windows\System32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation) O3 - HKU\ABrenden.HP6930P-106_ON_D\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O3 - HKU\ABrenden.HP6930P-106_ON_D\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\ABrenden_ON_D\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O3 - HKU\ABrenden_ON_D\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\Motive_Master_ON_D\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O3 - HKU\Motive_Master_ON_D\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [bYRUA_AGENT] D:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe (LG Electronics) O4 - HKLM..\Run: [LogMeIn GUI] D:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKU\ABrenden.HP6930P-106_ON_D..\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\jcheng_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\LogMeInRemoteUser_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKU\ABrenden.HP6930P-106_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (C:\ProgramData\nzqwwnh_) - D:\ProgramData\nzqwwnh_.exe (Lymi) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Authentication Packages - (relog_ap) - D:\Windows\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{70208ba5-a441-11e1-aa56-00271331fa59}\Shell - "" = AutoRun O33 - MountPoints2\{70208ba5-a441-11e1-aa56-00271331fa59}\Shell\AutoRun\command - "" = D:\Setup.exe O33 - MountPoints2\{8695b85a-c4bc-11e1-bb43-00271331fa59}\Shell - "" = AutoRun O33 - MountPoints2\{8695b85a-c4bc-11e1-bb43-00271331fa59}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Sharedaccess - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: msacm.l3acm - D:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - D:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - D:\Windows\System32\iccvid.dll (Radius Inc.) ========== Files/Folders - Created Within 30 Days ========== [2012/12/26 20:09:57 | 000,000,000 | -HSD | C] -- D:\RECYCLER [2012/12/26 19:31:15 | 000,112,640 | ---- | C] (Lymi) -- D:\ProgramData\nzqwwnh_.exe [2012/12/26 19:30:17 | 000,000,000 | ---D | C] -- D:\Users\ABrenden.HP6930P-106\AppData\Local\WinZip [2012/12/26 19:29:25 | 000,000,000 | ---D | C] -- D:\Program Files\Windows Resource Kits [2012/12/26 19:04:58 | 000,112,640 | ---- | C] (Lymi) -- D:\Users\ABrenden.HP6930P-106\AppData\Roaming\nzqwwnh_.exe [2012/12/26 18:33:13 | 000,112,640 | ---- | C] (Lymi) -- D:\Users\ABrenden.HP6930P-106\AppData\Local\nzqwwnh_.exe [2012/12/26 13:22:07 | 000,000,000 | ---D | C] -- D:\Users\LogMeInRemoteUser [2012/12/26 13:20:17 | 000,000,000 | ---D | C] -- D:\Users\ABrenden.HP6930P-106\AppData\Local\LogMeIn [2012/12/26 13:20:16 | 000,084,504 | ---- | C] (LogMeIn, Inc.) -- D:\Windows\System32\LMIRfsClientNP.dll [2012/12/26 13:20:16 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- D:\Windows\System32\drivers\LMIRfsDriver.sys [2012/12/26 13:20:16 | 000,031,736 | ---- | C] (LogMeIn, Inc.) -- D:\Windows\System32\LMIport.dll [2012/12/26 13:20:14 | 000,092,664 | ---- | C] (LogMeIn, Inc.) -- D:\Windows\System32\LMIinit.dll [2012/12/26 13:20:12 | 000,000,000 | ---D | C] -- D:\ProgramData\LogMeIn [2012/12/26 13:20:03 | 000,000,000 | ---D | C] -- D:\Program Files\LogMeIn [2012/12/26 12:04:16 | 000,000,000 | ---D | C] -- D:\Users\ABrenden.HP6930P-106\AppData\Local\Apps [2012/12/26 12:04:15 | 000,000,000 | ---D | C] -- D:\Users\ABrenden.HP6930P-106\AppData\Local\Deployment [2012/12/26 11:53:42 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- D:\Windows\System32\atmfd.dll [2012/12/26 11:53:42 | 000,034,304 | ---- | C] (Adobe Systems) -- D:\Windows\System32\atmlib.dll [2012/12/19 13:17:40 | 000,000,000 | ---D | C] -- D:\Users\ABrenden.HP6930P-106\Desktop\23rd ave and thunderbird [2012/12/19 13:17:23 | 002,382,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtml.tlb [2012/12/19 13:17:22 | 000,420,864 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll [2012/12/19 13:17:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll [2012/12/19 13:17:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll [2012/12/19 13:17:21 | 000,607,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll [2012/12/19 13:17:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe [2012/12/19 13:17:20 | 001,800,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll [2012/12/19 13:17:20 | 000,717,824 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll [2012/12/19 13:17:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll [2012/12/19 13:17:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl [2012/12/17 21:08:22 | 000,376,832 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dpnet.dll [2012/12/17 21:08:15 | 000,271,360 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\conhost.exe [2012/12/17 21:08:14 | 000,169,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\winsrv.dll [2012/12/17 21:08:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012/12/17 21:08:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/17 21:08:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/17 21:08:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012/12/17 21:08:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012/12/17 21:08:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012/12/17 21:08:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/17 21:08:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012/12/17 21:08:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/17 21:08:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012/12/17 21:08:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/17 21:08:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/17 21:08:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012/12/17 21:08:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/17 21:08:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/17 21:08:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012/12/17 21:08:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012/12/17 21:08:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/17 21:08:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012/12/17 21:08:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012/12/17 21:08:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012/12/17 21:08:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012/12/17 21:08:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/17 21:08:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012/12/17 21:08:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012/12/17 21:08:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012/12/17 21:08:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012/12/17 21:08:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012/12/17 21:08:04 | 002,345,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\win32k.sys [2012/12/17 21:08:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tzres.dll [2012/12/08 04:27:33 | 000,000,000 | ---D | C] -- D:\Users\ABrenden.HP6930P-106\AppData\Local\ESET [2012/11/29 13:56:30 | 000,025,248 | ---- | C] (LogMeIn, Inc.) -- D:\Windows\System32\lmimirr.dll [2012/11/29 13:56:30 | 000,011,552 | ---- | C] (LogMeIn, Inc.) -- D:\Windows\System32\lmimirr2.dll [2011/02/11 20:40:40 | 000,004,096 | ---- | C] ( ) -- D:\Windows\System32\IGFXDEVLib.dll [2008/10/09 05:28:56 | 000,195,112 | ---- | C] ( ) -- D:\Windows\System32\csnp2uvc.dll ========== Files - Modified Within 30 Days ========== [2012/12/26 20:36:03 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat [2012/12/26 20:35:21 | 000,112,640 | ---- | M] (Lymi) -- D:\ProgramData\nzqwwnh_.exe [2012/12/26 20:33:19 | 2337,484,800 | -HS- | M] () -- D:\hiberfil.sys [2012/12/26 20:32:29 | 000,006,064 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/26 20:32:29 | 000,006,064 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/26 20:31:47 | 000,112,640 | ---- | M] (Lymi) -- D:\Users\ABrenden.HP6930P-106\AppData\Local\nzqwwnh_.exe [2012/12/26 20:28:26 | 000,112,640 | ---- | M] (Lymi) -- D:\Users\ABrenden.HP6930P-106\AppData\Roaming\nzqwwnh_.exe [2012/12/26 20:07:45 | 000,624,178 | ---- | M] () -- D:\Windows\System32\perfh009.dat [2012/12/26 20:07:45 | 000,106,522 | ---- | M] () -- D:\Windows\System32\perfc009.dat [2012/12/26 13:20:16 | 000,000,958 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk [2012/12/26 13:20:13 | 000,001,024 | ---- | M] () -- D:\.rnd [2012/12/26 11:57:32 | 000,412,376 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT [2012/12/18 11:33:16 | 000,084,504 | ---- | M] (LogMeIn, Inc.) -- D:\Windows\System32\LMIRfsClientNP.dll [2012/12/18 11:33:02 | 000,031,736 | ---- | M] (LogMeIn, Inc.) -- D:\Windows\System32\LMIport.dll [2012/12/18 11:33:00 | 000,092,664 | ---- | M] (LogMeIn, Inc.) -- D:\Windows\System32\LMIinit.dll [2012/12/16 09:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\atmfd.dll [2012/12/16 09:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- D:\Windows\System32\atmlib.dll [2012/12/09 01:02:07 | 000,286,720 | ---- | M] () -- D:\Users\ABrenden.HP6930P-106\Documents\Database1.accdb [2012/12/04 22:43:58 | 000,547,840 | ---- | M] () -- D:\Users\ABrenden.HP6930P-106\Desktop\Sw VZW Sites.est [2012/11/29 13:56:52 | 000,047,640 | ---- | M] (LogMeIn, Inc.) -- D:\Windows\System32\drivers\LMIRfsDriver.sys [2012/11/29 13:56:30 | 000,025,248 | ---- | M] (LogMeIn, Inc.) -- D:\Windows\System32\lmimirr.dll [2012/11/29 13:56:30 | 000,011,552 | ---- | M] (LogMeIn, Inc.) -- D:\Windows\System32\lmimirr2.dll ========== Files Created - No Company Name ========== [2012/12/26 13:20:07 | 000,000,958 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk [2012/12/26 12:08:59 | 000,001,024 | ---- | C] () -- D:\.rnd [2012/12/09 01:02:00 | 000,286,720 | ---- | C] () -- D:\Users\ABrenden.HP6930P-106\Documents\Database1.accdb [2012/07/20 08:14:36 | 000,000,065 | ---- | C] () -- D:\Windows\System32\lgAxconfig.ini [2012/06/24 23:43:36 | 000,000,682 | ---- | C] () -- D:\Windows\hpwmdl30.dat.temp [2012/06/24 23:34:21 | 000,143,368 | ---- | C] () -- D:\Windows\hpwins30.dat [2012/05/29 10:37:56 | 000,000,008 | RHS- | C] () -- D:\ProgramData\ntuser.pol [2012/04/13 10:39:26 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe [2012/04/13 10:39:23 | 000,252,928 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll [2012/04/13 10:39:22 | 000,080,896 | ---- | C] () -- D:\Windows\System32\RDVGHelper.exe [2012/03/22 12:18:52 | 000,000,017 | ---- | C] () -- D:\Users\Motive Master\AppData\Local\resmon.resmoncfg [2011/05/16 00:32:56 | 000,000,682 | ---- | C] () -- D:\Windows\hpwmdl30.dat [2011/02/11 21:10:52 | 000,439,308 | ---- | C] () -- D:\Windows\System32\igcompkrng500.bin [2011/02/11 21:10:50 | 000,982,240 | ---- | C] () -- D:\Windows\System32\igkrng500.bin [2011/02/11 21:10:50 | 000,092,356 | ---- | C] () -- D:\Windows\System32\igfcg500m.bin [2011/02/11 20:38:44 | 000,000,151 | ---- | C] () -- D:\Windows\System32\GfxUI.exe.config [2010/11/11 09:51:29 | 000,000,805 | ---- | C] () -- D:\Windows\System32\RTSLCS.dll [2009/12/02 21:39:02 | 020,317,504 | ---- | C] () -- D:\Windows\System32\TrueSuiteCoInst02020000.dll [2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat [2009/07/13 23:33:53 | 000,412,376 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT [2009/07/13 21:05:48 | 000,624,178 | ---- | C] () -- D:\Windows\System32\perfh009.dat [2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat [2009/07/13 21:05:48 | 000,106,522 | ---- | C] () -- D:\Windows\System32\perfc009.dat [2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat [2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT [2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat [2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll [2009/07/13 17:09:19 | 000,139,824 | ---- | C] () -- D:\Windows\System32\igfcg500.bin [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat [2008/10/09 05:33:06 | 000,027,176 | ---- | C] () -- D:\Windows\snuvcdsm.exe [2008/10/09 05:32:46 | 001,810,856 | ---- | C] () -- D:\Windows\System32\drivers\snp2uvc.sys [2008/10/09 05:31:10 | 000,034,856 | ---- | C] () -- D:\Windows\System32\drivers\sncduvc.sys [2006/05/19 20:39:58 | 000,015,497 | ---- | C] () -- D:\Windows\snp2uvc.ini [2005/12/21 19:57:36 | 000,139,264 | ---- | C] () -- D:\Windows\System32\nsldap32v50.dll [2005/12/21 19:57:04 | 000,024,576 | ---- | C] () -- D:\Windows\System32\nsldappr32v50.dll [2005/12/21 19:54:34 | 000,040,960 | ---- | C] () -- D:\Windows\System32\nsldapssl32v50.dll ========== LOP Check ========== [2012/07/12 16:50:21 | 000,000,000 | ---D | M] -- D:\ProgramData\Acronis [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data [2012/04/02 13:27:37 | 000,000,000 | ---D | M] -- D:\ProgramData\Apricorn [2012/07/02 16:02:10 | 000,000,000 | ---D | M] -- D:\ProgramData\Ask [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents [2012/03/23 12:10:28 | 000,000,000 | ---D | M] -- D:\ProgramData\Downloaded Installations [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites [2012/07/13 09:58:00 | 000,000,000 | ---D | M] -- D:\ProgramData\LabTech [2012/07/20 08:14:44 | 000,000,000 | ---D | M] -- D:\ProgramData\LGMOBILEAX [2012/12/26 13:20:17 | 000,000,000 | ---D | M] -- D:\ProgramData\LogMeIn [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu [2012/03/22 14:18:07 | 000,000,000 | ---D | M] -- D:\ProgramData\TechSmith [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates [2012/03/23 12:10:29 | 000,000,000 | ---D | M] -- D:\ProgramData\TrueSuite [2012/05/30 16:08:08 | 000,000,000 | ---D | M] -- D:\ProgramData\WEngineLite [2012/03/22 16:11:46 | 000,000,000 | ---D | M] -- D:\ProgramData\WinZip [2009/07/13 23:53:46 | 000,022,948 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2012/12/26 13:20:13 | 000,001,024 | ---- | M] () -- D:\.rnd [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- D:\autoexec.bat [2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- D:\config.sys [2012/12/26 20:33:19 | 2337,484,800 | -HS- | M] () -- D:\hiberfil.sys [2012/03/23 15:28:27 | 000,000,000 | RHS- | M] () -- D:\IO.SYS [2012/03/23 15:28:27 | 000,000,000 | RHS- | M] () -- D:\MSDOS.SYS [2012/12/26 20:25:32 | 000,074,330 | ---- | M] () -- D:\OTL.Txt [2012/12/26 20:33:35 | 3116,646,400 | -HS- | M] () -- D:\pagefile.sys < MD5 for: EXPLORER.EXE > [2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2010/11/11 09:33:52 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010/11/20 06:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2010/11/11 09:31:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2010/11/11 09:31:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2010/11/11 09:33:52 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: SERVICES.EXE > [2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- D:\Windows\System32\services.exe [2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- D:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe < MD5 for: USERINIT.EXE > [2010/11/20 06:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\System32\userinit.exe [2010/11/20 06:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/08/14 04:37:49 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=1562571D6B1541098E677C3BB78709A0 -- D:\Windows\System32\winlogon.exe [2010/11/11 09:33:52 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2010/11/11 09:33:52 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 06:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\ProgramData\Microsoft\Windows\RAI\winlogon.exe [2010/11/20 06:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < End of report >
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.