Infected with TDSS & Google keeps redirecting

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages
1
2
3
→

You cannot start a new topic
This topic is locked

Infected with TDSS & Google keeps redirecting Do not know how to remove it!

#1 turkey10

Member

Group: Members
Posts: 23
Joined: 04-June 11

Posted 05 June 2011 - 09:32 AM

Google keeps redirecting when I try to go to a site I have search for. I am also hearing music or ads in the back round and my printer will not work says printer is unspooled and tells me to restart spooler when I try to restart it it says it can't find the file. I tried uninsalling the printer but it won't let me. I have followed all the instructions in the prearations guide. Thank You.

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_24
Run by Bob at 18:27:15 on 2011-06-04
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1791.919 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Soluto\soluto.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\SysMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\acer\empowering technology\edatasecurity\edsloader.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
c:\program files\adobe media player\adobe media player.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSEARCH PAGE = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [????r]
uRun: [?????????] ??????????????e
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [Acer Tour]
mRun: [Acer Empowering Technology Monitor] c:\windows\system32\SysMonitor.exe
mRun: [eRecoveryService]
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\bob\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobem~1.lnk - c:\program files\adobe media player\Adobe Media Player.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{59491320-FDB5-405E-AD8F-A5AA7722D0C3} : DhcpNameServer = 192.168.254.254 192.168.254.254
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bob\appdata\roaming\mozilla\firefox\profiles\8v7p92vi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2011-5-30 51144]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20071204.001\IDSvix86.sys [2007-12-6 180272]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl17928c92;MpKsl17928c92;c:\programdata\microsoft\microsoft antimalware\definition updates\{6255a2ba-806d-4da1-af38-d38066c8ce31}\MpKsl17928c92.sys [2011-6-4 28752]
R1 MpKsl8cc54a97;MpKsl8cc54a97;c:\programdata\microsoft\microsoft antimalware\definition updates\{6255a2ba-806d-4da1-af38-d38066c8ce31}\MpKsl8cc54a97.sys [2011-6-3 28752]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-18 21504]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2011-5-28 364576]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-18 135664]
S3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-18 135664]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-2-12 1251720]
S3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2007-10-30 37936]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2007-9-12 80744]
.
=============== Created Last 30 ================
.
2011-06-04 22:15:47 388096 ----a-r- c:\users\bob\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-04 22:15:45 -------- d-----w- c:\program files\Trend Micro
2011-06-04 21:30:12 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-04 21:30:11 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-06-04 21:30:11 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-06-04 21:30:11 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-06-04 21:30:11 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-06-04 21:30:11 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-06-04 21:30:11 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-06-04 21:30:11 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-06-04 09:02:40 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6255a2ba-806d-4da1-af38-d38066c8ce31}\MpKsl17928c92.sys
2011-06-03 19:39:32 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6255a2ba-806d-4da1-af38-d38066c8ce31}\MpKsl8cc54a97.sys
2011-06-03 19:38:49 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6255a2ba-806d-4da1-af38-d38066c8ce31}\mpengine.dll
2011-05-31 23:54:36 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-05-30 21:52:06 -------- d-----w- c:\users\bob\appdata\roaming\Malwarebytes
2011-05-30 21:51:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-30 21:51:54 -------- d-----w- c:\programdata\Malwarebytes
2011-05-30 21:51:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-30 17:50:54 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bf7712d3-c144-472b-9048-322b08c0f8b9}\gapaengine.dll
2011-05-30 17:46:06 -------- d-----w- c:\users\bob\appdata\roaming\Soluto
2011-05-30 17:29:28 -------- d-----w- c:\program files\Microsoft Security Client
2011-05-30 17:28:43 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-05-30 17:14:00 -------- d-----w- c:\program files\iPod
2011-05-30 17:07:44 -------- d-----w- c:\program files\Bonjour
2011-05-30 16:54:14 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2011-05-30 16:54:09 -------- d-----w- c:\program files\Soluto
2011-05-30 16:52:17 -------- d-----w- c:\programdata\Soluto
2011-05-30 16:46:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-30 16:46:52 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-05-30 16:40:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-30 16:33:05 -------- d-----w- c:\users\bob\appdata\local\Secunia PSI
2011-05-30 16:32:58 -------- d-----w- c:\program files\Secunia
2011-05-27 06:56:43 6962000 ------w- c:\programdata\microsoft\windows defender\definition updates\{be6d3200-b274-4f96-b407-f95b7a3f2d9d}\mpengine.dll
.
==================== Find3M ====================
.
2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-12 21:55:52 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
.
============= FINISH: 18:28:23.83 ===============

Attached File(s)

Attach.txt (8.67K)
Number of downloads: 0
ark.txt (1.15K)
Number of downloads: 2

#2 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 11 June 2011 - 11:08 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)

Link 2 (zipped file)

Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.
Click the Report tab, then click Scan.
Check Drivers, Stealth Code, and uncheck the rest.
Click OK.
Wait until it's finished and then go to File > Save Report.
Save the report to your Desktop.
Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

NEXT:

Running OTL

We need to create a FULL OTL Report

Please download OTL from here:
- Main Mirror
- Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized

NEXT:

Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 turkey10

Member

Group: Members
Posts: 23
Joined: 04-June 11

Posted 11 June 2011 - 03:57 PM

Hi ST, nice to meet you. Thanks for the help. After running the the scans as directed Google is still redirecting my searches. I haven't heard any music or adds in the back round but that only happens randomly.Thanks again.

OTL logfile created on: 6/11/2011 3:38:39 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Bob\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 34.25% Memory free
3.74 Gb Paging File | 1.73 Gb Available in Paging File | 46.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113.20 Gb Total Space | 39.32 Gb Free Space | 34.73% Space Free | Partition Type: NTFS
Drive D: | 112.85 Gb Total Space | 103.87 Gb Free Space | 92.04% Space Free | Partition Type: NTFS

Computer Name: BOB-PC | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/11 15:34:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
PRC - [2011/05/28 17:03:44 | 000,364,576 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2011/05/28 17:03:42 | 001,705,520 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/04/19 01:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/16 21:51:55 | 000,308,224 | ---- | M] () -- c:\Program Files\Adobe Media Player\Adobe Media Player.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/23 18:24:54 | 000,319,488 | ---- | M] () -- C:\Windows\System32\SysMonitor.exe
PRC - [2006/11/17 08:26:58 | 000,453,120 | ---- | M] (HiTRUST) -- c:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

========== Modules (SafeList) ==========

MOD - [2011/06/11 15:34:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/12/03 08:37:36 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/12/03 08:37:36 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll
MOD - [2006/11/16 19:10:14 | 000,286,720 | ---- | M] (HiTRUST) -- C:\Windows\System32\sysenv.dll
MOD - [2006/11/16 13:19:10 | 000,037,376 | ---- | M] () -- C:\Windows\System32\MSNChatHook.dll
MOD - [2006/11/16 13:18:50 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (Spooler)
SRV - [2011/05/28 17:03:44 | 000,364,576 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/02/12 19:03:28 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/12/08 15:45:32 | 000,045,056 | ---- | M] (Acer Inc.) [On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/11/20 23:44:32 | 000,107,624 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006/11/20 23:44:32 | 000,107,624 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/20 23:44:32 | 000,107,624 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/20 23:43:42 | 000,046,736 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/11/20 23:42:52 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/11/20 23:42:12 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2006/11/12 21:35:08 | 000,024,576 | ---- | M] () [On_Demand | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (MpKsl8cc54a97)
DRV - [2011/06/11 04:11:40 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8904C765-DE0E-41C2-8B53-C6A75C067FCF}\MpKsl7e48a1b9.sys -- (MpKsl7e48a1b9)
DRV - [2011/05/28 16:47:42 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Soluto.sys -- (Soluto)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/06/20 01:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/02/12 19:04:02 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/12/01 00:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/12/01 00:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/12/01 00:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/11/14 04:00:00 | 000,865,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071210.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2007/11/14 04:00:00 | 000,081,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071210.002\NAVENG.SYS -- (NAVENG)
DRV - [2007/11/06 11:07:18 | 000,180,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20071204.001\IDSvix86.sys -- (IDSvix86)
DRV - [2007/10/30 20:55:44 | 000,037,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2007/10/30 20:55:38 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/10/30 20:55:34 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/10/30 20:55:28 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/10/30 20:55:20 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/10/30 20:55:14 | 000,012,848 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2007/09/12 03:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/01/09 09:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/12/07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/20 23:45:36 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/11/02 02:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/09/19 16:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2347104757-713467479-638698903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.google.com
IE - HKU\S-1-5-21-2347104757-713467479-638698903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-2347104757-713467479-638698903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-2347104757-713467479-638698903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2347104757-713467479-638698903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2347104757-713467479-638698903-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2347104757-713467479-638698903-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/04 16:30:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/04 16:30:09 | 000,000,000 | ---D | M]

[2008/12/04 18:58:47 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Extensions
[2011/06/07 19:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\8v7p92vi.default\extensions
[2011/06/04 16:37:58 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\8v7p92vi.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/05/26 00:16:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\8v7p92vi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/26 00:16:02 | 000,000,000 | ---D | M] ("IE Tab") -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\8v7p92vi.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/06/04 16:30:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/26 00:15:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
[2011/05/30 11:47:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8V7P92VI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8V7P92VI.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011/05/26 00:16:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/06/19 04:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\MyCamera.dll
[2008/06/19 04:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/05/30 11:46:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/30 13:54:50 | 000,616,607 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16291 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2347104757-713467479-638698903-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-2347104757-713467479-638698903-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Windows\System32\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2347104757-713467479-638698903-1000..\Run: [updateMgr] File not found
O4 - HKU\S-1-5-21-2347104757-713467479-638698903-1000..\Run: [捁牥吠畯r] File not found
O4 - HKU\S-1-5-21-2347104757-713467479-638698903-1000..\Run: [捁牥吠畯⁲敒業摮牥] File not found
O4 - HKU\S-1-5-21-2347104757-713467479-638698903-1000..\RunOnce: [FlashPlayerUpdate] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2347104757-713467479-638698903-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O24 - Desktop WallPaper: C:\Users\Bob\Pictures\Bobs pictures\006.JPG
O24 - Desktop BackupWallPaper: C:\Users\Bob\Pictures\Bobs pictures\006.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/11 15:34:26 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2011/06/04 18:24:43 | 000,607,222 | R--- | C] (Swearware) -- C:\Users\Bob\Desktop\dds.scr
[2011/06/04 17:15:46 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/04 17:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/04 16:28:13 | 012,521,992 | ---- | C] (Mozilla) -- C:\Users\Bob\Desktop\Firefox Setup 4.0.1.exe
[2011/06/01 14:32:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/05/30 16:52:06 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Malwarebytes
[2011/05/30 16:51:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/30 16:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/30 16:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/30 16:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/30 16:50:37 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bob\Desktop\mbam-setup.exe
[2011/05/30 16:23:15 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bob\Desktop\tdsskiller.exe
[2011/05/30 16:18:08 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\tdsskiller
[2011/05/30 12:46:06 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Soluto
[2011/05/30 12:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/05/30 12:28:43 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/05/30 12:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/30 12:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/30 12:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/05/30 12:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/30 12:01:27 | 007,866,472 | ---- | C] (Microsoft Corporation) -- C:\Users\Bob\Desktop\mseinstall.exe
[2011/05/30 11:54:14 | 000,051,144 | ---- | C] (Soluto LTD.) -- C:\Windows\System32\drivers\Soluto.sys
[2011/05/30 11:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
[2011/05/30 11:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2011/05/30 11:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2011/05/30 11:51:50 | 001,227,824 | ---- | C] (Soluto Inc) -- C:\Users\Bob\Desktop\solutoinstaller.exe
[2011/05/30 11:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/05/30 11:46:52 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/05/30 11:46:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/05/30 11:46:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/05/30 11:46:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/05/30 11:44:18 | 080,869,160 | ---- | C] (Apple Inc.) -- C:\Users\Bob\Desktop\iTunesSetup.exe
[2011/05/30 11:40:08 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/30 11:33:05 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Secunia PSI
[2011/05/30 11:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/05/30 11:32:01 | 001,739,400 | ---- | C] (Secunia) -- C:\Users\Bob\Desktop\PSISetup.exe
[2011/05/30 10:27:55 | 000,000,000 | ---D | C] -- C:\Users\Bob\Desktop\hosts
[2007/09/12 19:29:52 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2006/01/06 23:51:35 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

========== Files - Modified Within 30 Days ==========

[2011/06/11 15:43:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2011/06/11 15:37:13 | 000,139,264 | ---- | M] () -- C:\Users\Bob\Desktop\RKUnhookerLE.EXE
[2011/06/11 14:51:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/11 14:03:20 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/11 14:03:20 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/11 01:51:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/10 20:00:01 | 000,000,484 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Bob.job
[2011/06/06 22:49:34 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/04 18:31:37 | 000,050,477 | ---- | M] () -- C:\Users\Bob\Desktop\Defogger.exe
[2011/06/04 18:24:46 | 000,607,222 | R--- | M] (Swearware) -- C:\Users\Bob\Desktop\dds.scr
[2011/06/04 18:23:22 | 000,000,000 | ---- | M] () -- C:\Users\Bob\defogger_reenable
[2011/06/04 17:55:37 | 000,002,519 | ---- | M] () -- C:\Users\Bob\Desktop\HiJackThis.lnk
[2011/06/04 17:23:37 | 001,402,880 | ---- | M] () -- C:\Users\Bob\Desktop\HijackThis.msi
[2011/06/04 16:30:16 | 000,000,874 | ---- | M] () -- C:\Users\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/04 16:30:16 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/04 16:29:07 | 012,521,992 | ---- | M] (Mozilla) -- C:\Users\Bob\Desktop\Firefox Setup 4.0.1.exe
[2011/06/04 13:54:09 | 000,003,508 | ---- | M] () -- C:\Windows\System32\.rsp
[2011/06/04 13:54:09 | 000,001,567 | ---- | M] () -- C:\Windows\System32\.lck
[2011/06/04 04:02:29 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2011/06/04 04:02:24 | 227,118,684 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/30 17:00:07 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bob\Desktop\mbam-setup.exe
[2011/05/30 16:51:57 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/30 16:33:27 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bob\Desktop\tdsskiller.exe
[2011/05/30 13:54:50 | 000,616,607 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.MVP
[2011/05/30 13:54:50 | 000,616,607 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2011/05/30 13:52:15 | 000,151,798 | ---- | M] () -- C:\Users\Bob\Desktop\hosts.zip
[2011/05/30 12:35:05 | 000,228,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/30 12:32:38 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/05/30 12:30:18 | 000,606,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/30 12:30:18 | 000,104,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/30 12:26:21 | 000,032,415 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/05/30 12:15:05 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/30 12:02:59 | 000,656,896 | ---- | M] () -- C:\Users\Bob\Desktop\MicrosoftFixit50525.msi
[2011/05/30 12:02:19 | 007,866,472 | ---- | M] (Microsoft Corporation) -- C:\Users\Bob\Desktop\mseinstall.exe
[2011/05/30 11:56:47 | 000,000,098 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/05/30 11:55:42 | 080,869,160 | ---- | M] (Apple Inc.) -- C:\Users\Bob\Desktop\iTunesSetup.exe
[2011/05/30 11:51:56 | 001,227,824 | ---- | M] (Soluto Inc) -- C:\Users\Bob\Desktop\solutoinstaller.exe
[2011/05/30 11:46:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/05/30 11:46:37 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/05/30 11:46:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/05/30 11:46:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/05/30 11:42:49 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/05/30 11:32:59 | 000,000,903 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/05/30 11:32:09 | 001,739,400 | ---- | M] (Secunia) -- C:\Users\Bob\Desktop\PSISetup.exe
[2011/05/29 12:32:00 | 000,302,592 | ---- | M] () -- C:\Users\Bob\Desktop\gmer.exe
[2011/05/28 16:47:42 | 000,051,144 | ---- | M] (Soluto LTD.) -- C:\Windows\System32\drivers\Soluto.sys
[2011/05/25 20:32:23 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~35249912r
[2011/05/25 20:32:23 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~35249912
[2011/05/25 07:26:18 | 000,000,336 | -H-- | M] () -- C:\ProgramData\35249912

========== Files Created - No Company Name ==========

[2011/06/11 15:28:00 | 000,139,264 | ---- | C] () -- C:\Users\Bob\Desktop\RKUnhookerLE.EXE
[2011/06/04 18:23:22 | 000,000,000 | ---- | C] () -- C:\Users\Bob\defogger_reenable
[2011/06/04 18:22:24 | 000,050,477 | ---- | C] () -- C:\Users\Bob\Desktop\Defogger.exe
[2011/06/04 17:15:46 | 000,002,519 | ---- | C] () -- C:\Users\Bob\Desktop\HiJackThis.lnk
[2011/06/04 17:14:18 | 001,402,880 | ---- | C] () -- C:\Users\Bob\Desktop\HijackThis.msi
[2011/06/04 16:30:16 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/01 14:32:50 | 227,118,684 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/30 16:51:57 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/30 12:40:16 | 000,003,508 | ---- | C] () -- C:\Windows\System32\.rsp
[2011/05/30 12:40:16 | 000,001,567 | ---- | C] () -- C:\Windows\System32\.lck
[2011/05/30 12:32:38 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/05/30 12:29:44 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/05/30 12:24:05 | 000,032,415 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/05/30 12:15:05 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/30 12:02:58 | 000,656,896 | ---- | C] () -- C:\Users\Bob\Desktop\MicrosoftFixit50525.msi
[2011/05/30 11:56:47 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/05/30 11:32:59 | 000,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/05/30 11:32:59 | 000,000,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011/05/30 10:22:06 | 000,151,798 | ---- | C] () -- C:\Users\Bob\Desktop\hosts.zip
[2011/05/29 12:32:00 | 000,302,592 | ---- | C] () -- C:\Users\Bob\Desktop\gmer.exe
[2011/05/25 07:26:23 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~35249912r
[2011/05/25 07:26:23 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~35249912
[2011/05/25 07:26:18 | 000,000,336 | -H-- | C] () -- C:\ProgramData\35249912
[2009/09/18 05:57:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 05:57:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/24 07:18:38 | 000,160,414 | ---- | C] () -- C:\Windows\hpqins00.dat
[2008/08/08 03:00:31 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/22 13:29:19 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2008/04/22 18:46:13 | 000,001,356 | -H-- | C] () -- C:\Users\Bob\AppData\Local\d3d9caps.dat
[2008/04/01 17:50:19 | 000,096,577 | ---- | C] () -- C:\Windows\hpqins16.dat
[2007/09/13 19:41:00 | 000,027,136 | ---- | C] () -- C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/13 17:31:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/09/12 19:31:01 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2007/09/12 19:31:00 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2007/09/12 19:29:52 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2006/11/16 13:20:38 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2006/11/16 13:20:20 | 000,200,704 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2006/11/16 13:20:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2006/11/16 13:19:10 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MSNChatHook.dll
[2006/11/16 13:19:04 | 000,123,904 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2006/11/16 13:18:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2006/11/16 13:18:50 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/11/16 13:18:06 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 07:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,228,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,606,364 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/01/06 23:51:39 | 000,319,488 | ---- | C] () -- C:\Windows\System32\SysMonitor.exe
[2006/01/06 23:51:38 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2006/01/06 23:40:58 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys
[2006/01/06 23:22:59 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2006/01/06 23:15:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2006/01/06 22:07:26 | 000,000,985 | ---- | C] () -- C:\Windows\generic.ini
[2006/01/06 22:07:26 | 000,000,095 | ---- | C] () -- C:\Windows\Alaunch.ini
[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:5D10517E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DD874E14
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:CC2932DB
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:C8B517A2
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7715B65F

< End of report >

OTL Extras logfile created on: 6/11/2011 3:38:39 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Bob\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 34.25% Memory free
3.74 Gb Paging File | 1.73 Gb Available in Paging File | 46.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113.20 Gb Total Space | 39.32 Gb Free Space | 34.73% Space Free | Partition Type: NTFS
Drive D: | 112.85 Gb Total Space | 103.87 Gb Free Space | 92.04% Space Free | Partition Type: NTFS

Computer Name: BOB-PC | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2347104757-713467479-638698903-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055F9F66-5F94-49A1-9EC9-A516E7972385}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4793A9F4-D007-49D1-8B52-5475D08A9251}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{576009DB-9A99-4ABC-9582-5046CE0618C0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{63F251BB-3642-4C60-80B7-03426CFC179A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A8E12BD3-8368-4B8A-9AEA-3D6D5916E25C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C26CFB89-A3EE-4A1E-B6DF-ECE8C66FD455}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DFCFB8F0-D527-43D1-B915-6D5F5612052F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03DE0338-B9D1-4DEA-986A-80946EA0CDE7}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer zone softdma\softdma.exe |
"{07D7C3D2-4063-4611-BBD3-17DDD9BE888D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0A5650EA-B05B-46ED-82B3-993DCE83C005}" = protocol=17 | dir=in | app=c:\program files\morpheus\morpheus.exe |
"{0C764EEA-4B92-4251-88CF-A63A3B6BAC2F}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe |
"{1319F44E-1AF7-4342-AEC8-8B0C6FC1F200}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1EC388A6-EACC-493A-B303-376D2A691359}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{2DB202CF-9CF6-457C-A3F2-E98B37F85DDB}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{39D968A4-7066-42C0-9744-307CCCA47CA5}" = protocol=6 | dir=in | app=c:\users\bob\desktop\solutoinstaller.exe |
"{3F70E758-A447-4C69-A1C7-8732AAA4D3E7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4F3FF9CE-5AA4-44C7-B1CC-0B7292597A32}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{53DBA74A-093C-4270-BF2C-A9A443CAA248}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe |
"{56044074-8D48-4335-A0CC-11768FEEC708}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{606F9767-608B-402B-961F-09F4FD26CF0D}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe |
"{649AE684-4342-473A-A807-AEF388EFF8E0}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{69E5CD57-D89E-46A5-BB98-A79C39D6EC2A}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe |
"{70C1936E-5807-4787-98C4-77D3D8E5A80B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{7A5CBA66-D006-4CD7-BA7B-7086872ADBC1}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer zone softdma\softdma.exe |
"{7E4AC85D-4B2A-4340-B186-3BD36D62FBF5}" = protocol=17 | dir=in | app=c:\users\bob\desktop\solutoinstaller.exe |
"{80D1CFAB-3AC0-4248-9C41-8DF0570EDC42}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{884832DD-2E21-48CE-BFBE-888A4EC3A9E6}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{9130DA1F-6530-4D17-883B-5EAFA2025370}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9DE2CC96-75DC-47FF-BA30-9162BE1C38CF}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe |
"{9E0F81EE-4A45-4234-BDF2-0E6BC4D76694}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{A0393481-B96A-49C3-A860-933E21D88E07}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{AF88644B-647E-4F43-9998-8378037CC77D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{AFEE8130-FB67-4B1C-80AC-16787DB69F0A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B72072FB-56BB-43FD-9A80-9BCF8D7289E0}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe |
"{C19F7B2D-6B30-44ED-9747-4A4596275204}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{C7E41AF6-AEF0-4837-A48B-E6C3FD6696E0}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{CCC058AA-2F4C-4604-8F3C-93811B85C4A2}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe |
"{DF564822-C4E5-4210-BC7F-18839F803730}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EACA8F28-E9FE-4356-B3F6-9A18E5B93B94}" = protocol=6 | dir=in | app=c:\program files\morpheus\morpheus.exe |
"{F805D548-A289-46D1-BD6F-D4F60A7C6050}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe |
"TCP Query User{1FF14D12-5C99-429A-AFBD-7FF8F6258737}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{F0F23E93-E9F7-4E44-880E-2DF2698C7619}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{B0EBE2A1-7D34-4F72-8A6D-186807326162}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{40E56DF2-65BA-49C0-85B3-637903FE46A9}" = Symantec Real Time Storage Protection Component
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer Picture Slide DVD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51AFB69C-1C54-4C77-A888-2860F8CD3E7D}" = Paint.NET v3.31
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8C5766F2-81D9-4B5A-8AD5-A8BD6361EF0A}" = Hoyle Card Games
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer Zone SoftDMA
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer Zone MakeDisk
"{B667FE9D-4FED-4E3C-9E3D-0B4D71156935}" = SymNet
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BC7BE680-9F74-48E5-A8F2-0442E16C60E5}" = Soluto
"{C2CF94B6-9311-4422-BB00-7495685F96BC}" = Virtual Weather Station
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Zone Main Page
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer Plug and Record
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer Zone MagicDirector
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"eMusic Download Manager" = eMusic Download Manager 3.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Shop for HP Supplies" = Shop for HP Supplies
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/12/2010 10:51:12 PM | Computer Name = Bob-PC | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/12/2010 10:51:12 PM | Computer Name = Bob-PC | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/12/2010 10:51:12 PM | Computer Name = Bob-PC | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/12/2010 10:51:12 PM | Computer Name = Bob-PC | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/12/2010 10:51:12 PM | Computer Name = Bob-PC | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/14/2010 6:30:50 PM | Computer Name = Bob-PC | Source = VSS | ID = 8194
Description =

Error - 4/14/2010 6:31:38 PM | Computer Name = Bob-PC | Source = VSS | ID = 8194
Description =

Error - 4/14/2010 6:32:21 PM | Computer Name = Bob-PC | Source = VSS | ID = 8194
Description =

Error - 4/14/2010 6:33:03 PM | Computer Name = Bob-PC | Source = VSS | ID = 8194
Description =

Error - 4/14/2010 6:33:50 PM | Computer Name = Bob-PC | Source = VSS | ID = 8194
Description =

[ Media Center Events ]
Error - 5/29/2010 7:04:00 PM | Computer Name = Bob-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 5/30/2010 7:03:59 PM | Computer Name = Bob-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 5/31/2010 7:04:54 PM | Computer Name = Bob-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 6/1/2010 7:04:53 PM | Computer Name = Bob-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 6/2/2010 7:04:52 PM | Computer Name = Bob-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 6/5/2010 7:04:03 PM | Computer Name = Bob-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 6/7/2010 7:04:57 PM | Computer Name = Bob-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 6/10/2010 7:04:56 PM | Computer Name = Bob-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 6/11/2010 7:04:54 PM | Computer Name = Bob-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 6/14/2010 7:04:55 PM | Computer Name = Bob-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 5/30/2011 5:01:47 PM | Computer Name = Bob-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/30/2011 5:28:52 PM | Computer Name = Bob-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.254.1 for the Network Card with network
address 001921E5E044 has been denied by the DHCP server 192.168.254.254 (The DHCP
Server sent a DHCPNACK message).

Error - 5/30/2011 7:47:05 PM | Computer Name = Bob-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/1/2011 3:32:59 PM | Computer Name = Bob-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:30:43 PM on 6/1/2011 was unexpected.

Error - 6/1/2011 3:33:51 PM | Computer Name = Bob-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 6/1/2011 3:34:34 PM | Computer Name = Bob-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/4/2011 5:02:31 AM | Computer Name = Bob-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:00:57 AM on 6/4/2011 was unexpected.

Error - 6/4/2011 5:04:07 AM | Computer Name = Bob-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/5/2011 9:56:59 PM | Computer Name = Bob-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.254.1 for the Network Card with network
address 001921E5E044 has been denied by the DHCP server 192.168.254.254 (The DHCP
Server sent a DHCPNACK message).

Error - 6/9/2011 9:06:53 PM | Computer Name = Bob-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.254.1 for the Network Card with network
address 001921E5E044 has been denied by the DHCP server 192.168.254.254 (The DHCP
Server sent a DHCPNACK message).

< End of report >

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8CA0C000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7471104 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.30 )
0x81E52000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x81E52000 PnpManager 3907584 bytes
0x81E52000 RAW 3907584 bytes
0x81E52000 WMIxWDM 3907584 bytes
0x95C30000 Win32k 2113536 bytes
0x95C30000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8D601000 C:\Windows\system32\drivers\RTKVHDA.sys 1650688 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x87600000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82A78000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8C804000 C:\Windows\system32\DRIVERS\smserial.sys 1011712 bytes (Motorola Inc., Motorola SM56 Modem WDM Driver)
0x8740B000 C:\Windows\System32\drivers\tcpip.sys 970752 bytes (Microsoft Corporation, TCP/IP Driver)
0x80670000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x9C003000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8DF4C000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8D12C000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8C926000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80750000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82A07000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9B401000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8DE02000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 405504 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x9B57C000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x875AB000 C:\Windows\system32\DRIVERS\yk60x86.sys 311296 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)
0x828A2000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8DA6C000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x82806000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8062F000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x82958000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8755E000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8DB27000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82BAE000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9B4F9000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x87710000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8D524000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x81E1F000 ACPI_HAL 208896 bytes
0x81E1F000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x829A6000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8DAB4000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8DB73000 C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071204.001\IDSvix86.sys 192512 bytes (Symantec Corporation, IDS Core Driver)
0x8D404000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8DA05000 C:\Windows\System32\Drivers\SYMTDI.SYS 188416 bytes (Symantec Corporation, Network Dispatch Driver)
0x8D794000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82B83000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8D4E3000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9B54A000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x87783000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8D56A000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x8285D000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8D7C1000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8DA33000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x8D460000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x877BB000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x9B4B9000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8D5AD000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9B4DA000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8291D000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8DEBE000 C:\Windows\System32\Drivers\dump_nvstor32.sys 118784 bytes
0x8293B000 C:\Windows\system32\drivers\nvstor32.sys 118784 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x9B46E000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x874F8000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8DF29000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8D1D8000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x9B48B000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x9C156000 C:\Users\Bob\AppData\Local\Temp\kxtdqpow.sys 102400 bytes
0x8C9B3000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9B532000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8C9D3000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x8DE65000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8D43E000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8DEDB000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9C133000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8DAE6000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x82BE9000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9B4A4000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8D4A6000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8DEFB000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x9C0F7000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8D492000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8DA58000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8DBB2000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8DB0A000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x87760000 C:\Windows\system32\drivers\psdvdisk.sys 73728 bytes (HiTRUST, PSD Virtual Disk Driver)
0x9C10C000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x877AA000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x9B5D2000 C:\Acer\Empowering Technology\eRecovery\int15.sys 69632 bytes
0x8D559000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80616000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x87544000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x829D8000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8DE85000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8DBA2000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x82901000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8C908000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8D4BB000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8DF1A000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x87774000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x82884000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8D483000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x87751000 C:\Windows\system32\DRIVERS\Soluto.sys 61440 bytes (Soluto LTD., Soluto PCGenome Core Driver)
0x8759C000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x82893000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8C918000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x95E70000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8DAFC000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8D5E9000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x828F3000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8DEA7000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8C8FB000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x82999000 C:\Windows\system32\DRIVERS\nvstor.sys 53248 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x8D517000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x807CC000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x9C11E000 C:\Windows\system32\DRIVERS\NisDrvWFP.sys 49152 bytes (Microsoft Corporation, Microsoft Network Inspection System Driver)
0x9C0EB000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8D5A1000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8D1CC000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8D4CB000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8D4D6000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8D5DE000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8D455000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8D433000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x87530000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8DEB4000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x8DF10000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x9B572000 C:\Windows\system32\DRIVERS\MpNWMon.sys 40960 bytes (Microsoft Corporation, Network monitor driver)
0x8D50D000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8DB63000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9C0E1000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8D1F2000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x8DB1D000 C:\Windows\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x87554000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x9C19C000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x877DC000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8D7E6000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8DE7C000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8DEF2000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8D5F7000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x95E50000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8753B000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8284C000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x82915000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80627000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8DE9F000 C:\Windows\system32\DRIVERS\moufiltr.sys 32768 bytes (Chic, Mouse Filter Driver)
0x8DE97000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x82855000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8D5CE000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8D5D6000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x87749000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8D7F6000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8D59A000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8060F000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x9C149000 C:\Users\Bob\AppData\Local\Temp\mbr.sys 28672 bytes
0x8D7EF000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x9B5CB000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x828EC000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8C9CD000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x9C18D000 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8904C765-DE0E-41C2-8B53-C6A75C067FCF}\MpKsl7e48a1b9.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x8DB6D000 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6255A2BA-806D-4DA1-AF38-D38066C8CE31}\MpKsl8cc54a97.sys 24576 bytes
0x82911000 C:\Windows\System32\Drivers\UBHelper.sys 16384 bytes
0x829E8000 C:\Windows\system32\DRIVERS\psdfilter.sys 12288 bytes (HiTRUST, PSD Filter Driver)
0x9C130000 C:\Windows\system32\DRIVERS\psi_mf.sys 12288 bytes (Secunia, Secunia PSI Driver)
0x8C9CB000 C:\Windows\system32\DRIVERS\NTIDrvr.sys 8192 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)
0x87772000 C:\Windows\system32\drivers\PSDNServ.sys 8192 bytes (HiTRUST, PSD Named Pipe Driver)
0x8D4E1000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8DE95000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x861BEA91 Unknown page with executable code, 1391 bytes
0x87710000 WARNING: Virus alike driver modification [volsnap.sys], 233472 bytes
0x861BD288 Unknown page with executable code, 3448 bytes
0x861BF191 Unknown page with executable code, 3695 bytes
0x861C1E7A Unknown thread object [ ETHREAD 0x86502C10 ] TID: 264, 600 bytes
0x861C4008 Unknown thread object [ ETHREAD 0x864DD020 ] TID: 268, 600 bytes
0x861C3CDC Unknown page with executable code, 804 bytes

#4 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 11 June 2011 - 04:10 PM

Hi!

No problem!

Do you plan on sticking with Norton or Microsoft Security Essentials?

Looks like we maybe dealing with a rootkit infection here.

Running TDSSKiller

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKU\S-1-5-21-2347104757-713467479-638698903-1000..\Run: [updateMgr] File not found
O4 - HKU\S-1-5-21-2347104757-713467479-638698903-1000..\Run: [捁牥吠畯r] File not found
O4 - HKU\S-1-5-21-2347104757-713467479-638698903-1000..\Run: [捁牥吠畯⁲敒業摮牥] File not found
O4 - HKU\S-1-5-21-2347104757-713467479-638698903-1000..\RunOnce: [FlashPlayerUpdate] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2011/05/25 20:32:23 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~35249912r
[2011/05/25 20:32:23 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~35249912
[2011/05/25 07:26:18 | 000,000,336 | -H-- | M] () -- C:\ProgramData\35249912
[2011/05/25 07:26:23 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~35249912r
[2011/05/25 07:26:23 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~35249912
[2011/05/25 07:26:18 | 000,000,336 | -H-- | C] () -- C:\ProgramData\35249912
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:5D10517E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DD874E14
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:CC2932DB
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:C8B517A2
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7715B65F
:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

#5 turkey10

Member

Group: Members
Posts: 23
Joined: 04-June 11

Posted 11 June 2011 - 04:40 PM

Thanks. I will be using MSE unless you recommend something different.

2011/06/11 16:17:59.0450 5196 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/11 16:17:59.0836 5196 ================================================================================
2011/06/11 16:17:59.0836 5196 SystemInfo:
2011/06/11 16:17:59.0836 5196
2011/06/11 16:17:59.0836 5196 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/11 16:17:59.0836 5196 Product type: Workstation
2011/06/11 16:17:59.0837 5196 ComputerName: BOB-PC
2011/06/11 16:17:59.0837 5196 UserName: Bob
2011/06/11 16:17:59.0837 5196 Windows directory: C:\Windows
2011/06/11 16:17:59.0838 5196 System windows directory: C:\Windows
2011/06/11 16:17:59.0838 5196 Processor architecture: Intel x86
2011/06/11 16:17:59.0838 5196 Number of processors: 2
2011/06/11 16:17:59.0838 5196 Page size: 0x1000
2011/06/11 16:17:59.0838 5196 Boot type: Normal boot
2011/06/11 16:17:59.0838 5196 ================================================================================
2011/06/11 16:18:01.0312 5196 Initialize success
2011/06/11 16:18:15.0758 4296 ================================================================================
2011/06/11 16:18:15.0758 4296 Scan started
2011/06/11 16:18:15.0758 4296 Mode: Manual;
2011/06/11 16:18:15.0759 4296 ================================================================================
2011/06/11 16:18:16.0167 4296 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/11 16:18:16.0341 4296 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/11 16:18:16.0493 4296 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/11 16:18:16.0543 4296 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/11 16:18:16.0590 4296 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/11 16:18:16.0769 4296 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/11 16:18:16.0913 4296 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/11 16:18:16.0955 4296 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/11 16:18:17.0085 4296 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/11 16:18:17.0138 4296 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/11 16:18:17.0259 4296 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/11 16:18:17.0422 4296 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/11 16:18:17.0459 4296 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/11 16:18:17.0624 4296 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/11 16:18:17.0783 4296 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/11 16:18:17.0927 4296 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/11 16:18:17.0977 4296 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/11 16:18:18.0130 4296 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/11 16:18:18.0432 4296 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/11 16:18:18.0576 4296 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/11 16:18:18.0620 4296 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/11 16:18:18.0792 4296 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/11 16:18:18.0919 4296 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/11 16:18:19.0045 4296 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/11 16:18:19.0096 4296 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/11 16:18:19.0227 4296 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/11 16:18:19.0409 4296 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/11 16:18:19.0501 4296 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/11 16:18:19.0624 4296 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/11 16:18:19.0736 4296 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/11 16:18:19.0901 4296 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/11 16:18:19.0960 4296 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/06/11 16:18:20.0094 4296 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/11 16:18:20.0144 4296 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/11 16:18:20.0313 4296 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/11 16:18:20.0482 4296 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/11 16:18:20.0561 4296 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/06/11 16:18:20.0715 4296 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/06/11 16:18:20.0763 4296 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/06/11 16:18:20.0904 4296 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/11 16:18:21.0049 4296 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/11 16:18:21.0199 4296 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/11 16:18:21.0357 4296 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/11 16:18:21.0461 4296 eeCtrl (31c959319ef45b548d2111e338412270) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/06/11 16:18:21.0666 4296 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/11 16:18:21.0892 4296 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/11 16:18:21.0944 4296 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/11 16:18:22.0076 4296 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/11 16:18:22.0189 4296 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/11 16:18:22.0282 4296 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/11 16:18:22.0360 4296 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/11 16:18:22.0468 4296 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/11 16:18:22.0614 4296 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/11 16:18:22.0670 4296 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/11 16:18:22.0794 4296 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/06/11 16:18:22.0974 4296 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/11 16:18:23.0046 4296 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/11 16:18:23.0187 4296 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/11 16:18:23.0264 4296 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/11 16:18:23.0377 4296 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/11 16:18:23.0533 4296 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/11 16:18:23.0603 4296 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/11 16:18:23.0727 4296 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/11 16:18:23.0883 4296 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/11 16:18:23.0946 4296 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/11 16:18:24.0065 4296 IDSvix86 (b719025ba318425bbd1b05c999c98778) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071204.001\IDSvix86.sys
2011/06/11 16:18:24.0203 4296 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/11 16:18:24.0318 4296 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/06/11 16:18:24.0501 4296 IntcAzAudAddService (04bef1c4aa990e0d5851c7532fc8642c) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/11 16:18:24.0655 4296 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/06/11 16:18:24.0795 4296 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/11 16:18:24.0996 4296 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/11 16:18:25.0054 4296 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/11 16:18:25.0198 4296 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/11 16:18:25.0255 4296 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/11 16:18:25.0391 4296 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/11 16:18:25.0551 4296 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/11 16:18:25.0670 4296 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/11 16:18:25.0722 4296 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/11 16:18:25.0851 4296 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/11 16:18:25.0932 4296 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/11 16:18:26.0124 4296 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/11 16:18:26.0308 4296 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/11 16:18:26.0344 4296 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/11 16:18:26.0468 4296 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/11 16:18:26.0533 4296 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/11 16:18:26.0702 4296 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/11 16:18:26.0800 4296 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/11 16:18:26.0936 4296 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/11 16:18:27.0236 4296 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/11 16:18:27.0530 4296 moufiltr (baa4ed3c323bee7ebc144c7d232220a8) C:\Windows\system32\DRIVERS\moufiltr.sys
2011/06/11 16:18:27.0645 4296 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/11 16:18:27.0706 4296 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/11 16:18:27.0847 4296 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/06/11 16:18:27.0919 4296 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/11 16:18:28.0133 4296 MpKsl7e48a1b9 (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8904C765-DE0E-41C2-8B53-C6A75C067FCF}\MpKsl7e48a1b9.sys
2011/06/11 16:18:28.0389 4296 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/06/11 16:18:28.0442 4296 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/11 16:18:28.0598 4296 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/11 16:18:28.0658 4296 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/11 16:18:28.0777 4296 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/11 16:18:28.0824 4296 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/11 16:18:28.0980 4296 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/11 16:18:29.0112 4296 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/11 16:18:29.0162 4296 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/11 16:18:29.0331 4296 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/11 16:18:29.0393 4296 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/11 16:18:29.0543 4296 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/11 16:18:29.0606 4296 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/11 16:18:29.0723 4296 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/11 16:18:29.0778 4296 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/11 16:18:29.0902 4296 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/11 16:18:30.0007 4296 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/11 16:18:30.0141 4296 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/11 16:18:30.0223 4296 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/11 16:18:30.0325 4296 NAVENG (b6c1825fcccf6d981627c983e16dfc29) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071210.002\NAVENG.SYS
2011/06/11 16:18:30.0392 4296 NAVEX15 (8e54570b4dfd8e1f0b7a5266737bfee5) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071210.002\NAVEX15.SYS
2011/06/11 16:18:30.0559 4296 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/11 16:18:30.0716 4296 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/11 16:18:30.0767 4296 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/11 16:18:30.0891 4296 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/11 16:18:31.0036 4296 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/11 16:18:31.0183 4296 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/11 16:18:31.0239 4296 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/11 16:18:31.0429 4296 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/11 16:18:31.0505 4296 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/06/11 16:18:31.0651 4296 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/11 16:18:31.0724 4296 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/11 16:18:31.0889 4296 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/11 16:18:32.0038 4296 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/06/11 16:18:32.0117 4296 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/11 16:18:32.0229 4296 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/11 16:18:32.0629 4296 nvlddmkm (ff58c7a7da6116c1f71e883cb088d598) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/11 16:18:32.0939 4296 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/11 16:18:32.0997 4296 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\DRIVERS\nvstor.sys
2011/06/11 16:18:33.0125 4296 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\drivers\nvstor32.sys
2011/06/11 16:18:33.0272 4296 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/11 16:18:33.0516 4296 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/11 16:18:33.0681 4296 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/06/11 16:18:33.0740 4296 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/11 16:18:33.0843 4296 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/11 16:18:33.0926 4296 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/11 16:18:34.0064 4296 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/06/11 16:18:34.0137 4296 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/11 16:18:34.0312 4296 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/11 16:18:34.0606 4296 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/11 16:18:34.0728 4296 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/11 16:18:34.0895 4296 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/11 16:18:34.0944 4296 PSDFilter (88b72d2a800300eb05c69f3c6c3180f2) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/06/11 16:18:35.0069 4296 PSDNServ (9649e11fc5459bf6b2c9e8e327e45c3a) C:\Windows\system32\drivers\PSDNServ.sys
2011/06/11 16:18:35.0212 4296 psdvdisk (3d0be1373b9dfe9fc7b64f090e4d59e3) C:\Windows\system32\drivers\psdvdisk.sys
2011/06/11 16:18:35.0262 4296 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/06/11 16:18:35.0435 4296 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/11 16:18:35.0778 4296 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/11 16:18:36.0057 4296 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/11 16:18:36.0373 4296 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/11 16:18:36.0515 4296 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/11 16:18:36.0592 4296 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/11 16:18:36.0711 4296 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/11 16:18:36.0774 4296 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/11 16:18:36.0889 4296 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/11 16:18:37.0086 4296 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/11 16:18:37.0204 4296 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/11 16:18:37.0281 4296 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/11 16:18:37.0477 4296 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/11 16:18:37.0541 4296 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/11 16:18:37.0743 4296 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/11 16:18:37.0914 4296 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/11 16:18:38.0006 4296 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/06/11 16:18:38.0096 4296 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/11 16:18:38.0208 4296 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/06/11 16:18:38.0310 4296 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/11 16:18:38.0361 4296 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/11 16:18:38.0469 4296 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/11 16:18:38.0558 4296 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/11 16:18:38.0650 4296 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/11 16:18:38.0711 4296 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/11 16:18:38.0787 4296 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/11 16:18:38.0937 4296 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
2011/06/11 16:18:39.0122 4296 Soluto (ff35c2d01ac36b446a1b997f305f0fc2) C:\Windows\system32\DRIVERS\Soluto.sys
2011/06/11 16:18:39.0262 4296 SPBBCDrv (905782bcf15b6e5af9905b77923c7fa2) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/06/11 16:18:39.0398 4296 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/11 16:18:39.0476 4296 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS
2011/06/11 16:18:39.0603 4296 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS
2011/06/11 16:18:39.0644 4296 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS
2011/06/11 16:18:39.0712 4296 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/11 16:18:39.0846 4296 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/11 16:18:39.0975 4296 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/11 16:18:40.0062 4296 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/11 16:18:40.0232 4296 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/11 16:18:40.0270 4296 SYMDNS (1d8fb1e5d6859d38e3ebca5febc6839f) C:\Windows\System32\Drivers\SYMDNS.SYS
2011/06/11 16:18:40.0322 4296 SymEvent (9e4188476848b2ef86f9c44d5164e724) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/06/11 16:18:40.0459 4296 SYMFW (91fcddf2cbaf898126ae7dfa5ce570ed) C:\Windows\System32\Drivers\SYMFW.SYS
2011/06/11 16:18:40.0503 4296 SYMIDS (9584e278787ad65e82eec5694f77cb54) C:\Windows\System32\Drivers\SYMIDS.SYS
2011/06/11 16:18:40.0545 4296 SYMNDISV (60350bc7919e6e45dd8130ad55665f48) C:\Windows\System32\Drivers\SYMNDISV.SYS
2011/06/11 16:18:40.0627 4296 SYMREDRV (9181892e5af5df8d2ac3d9d2cea48afd) C:\Windows\System32\Drivers\SYMREDRV.SYS
2011/06/11 16:18:40.0746 4296 SYMTDI (d539f317e6caaa4e08911a84c2180938) C:\Windows\System32\Drivers\SYMTDI.SYS
2011/06/11 16:18:40.0787 4296 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/11 16:18:40.0905 4296 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/11 16:18:41.0032 4296 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/06/11 16:18:41.0199 4296 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/11 16:18:41.0332 4296 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/11 16:18:41.0387 4296 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/11 16:18:41.0499 4296 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/11 16:18:41.0560 4296 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/11 16:18:41.0676 4296 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/11 16:18:41.0801 4296 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/11 16:18:41.0929 4296 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/11 16:18:41.0978 4296 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/11 16:18:42.0029 4296 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/11 16:18:42.0130 4296 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\Windows\system32\drivers\UBHelper.sys
2011/06/11 16:18:42.0197 4296 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/11 16:18:42.0346 4296 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/11 16:18:42.0395 4296 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/11 16:18:42.0445 4296 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/11 16:18:42.0563 4296 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/11 16:18:42.0633 4296 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/11 16:18:42.0779 4296 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/11 16:18:42.0855 4296 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/11 16:18:42.0964 4296 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/11 16:18:43.0040 4296 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/11 16:18:43.0155 4296 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/11 16:18:43.0197 4296 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/11 16:18:43.0316 4296 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/11 16:18:43.0453 4296 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/11 16:18:43.0528 4296 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/11 16:18:43.0648 4296 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/11 16:18:43.0718 4296 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/11 16:18:43.0838 4296 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/11 16:18:43.0898 4296 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/11 16:18:44.0000 4296 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/11 16:18:44.0049 4296 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/06/11 16:18:44.0104 4296 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/11 16:18:44.0236 4296 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/11 16:18:44.0298 4296 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys
2011/06/11 16:18:44.0302 4296 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: 147281c01fcb1df9252de2a10d5e7093
2011/06/11 16:18:44.0316 4296 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/06/11 16:18:44.0452 4296 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/11 16:18:44.0536 4296 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/11 16:18:44.0598 4296 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/11 16:18:44.0631 4296 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/11 16:18:44.0782 4296 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/11 16:18:44.0864 4296 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/11 16:18:45.0157 4296 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/11 16:18:45.0362 4296 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/11 16:18:45.0429 4296 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/11 16:18:45.0602 4296 WSVD (2584df81cc9f7e7bd3545691106f8cae) C:\Windows\system32\drivers\WSVD.sys
2011/06/11 16:18:45.0681 4296 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/11 16:18:45.0859 4296 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/06/11 16:18:45.0910 4296 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
2011/06/11 16:18:46.0071 4296 ================================================================================
2011/06/11 16:18:46.0071 4296 Scan finished
2011/06/11 16:18:46.0071 4296 ================================================================================
2011/06/11 16:18:46.0099 3248 Detected object count: 1
2011/06/11 16:18:46.0100 3248 Actual detected object count: 1
2011/06/11 16:19:27.0049 3248 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys
2011/06/11 16:19:27.0053 3248 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: 147281c01fcb1df9252de2a10d5e7093
2011/06/11 16:19:31.0773 3248 Backup copy found, using it..
2011/06/11 16:19:31.0907 3248 C:\Windows\system32\drivers\volsnap.sys - will be cured after reboot
2011/06/11 16:19:31.0907 3248 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
2011/06/11 16:20:14.0877 4100 Deinitialize success

========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2347104757-713467479-638698903-1000\Software\Microsoft\Windows\CurrentVersion\Run\\updateMgr deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2347104757-713467479-638698903-1000\Software\Microsoft\Windows\CurrentVersion\Run\\捁牥吠畯r deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2347104757-713467479-638698903-1000\Software\Microsoft\Windows\CurrentVersion\Run\\捁牥吠畯⁲敒業摮牥 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2347104757-713467479-638698903-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\ProgramData\~35249912r moved successfully.
C:\ProgramData\~35249912 moved successfully.
C:\ProgramData\35249912 moved successfully.
File C:\ProgramData\~35249912r not found.
File C:\ProgramData\~35249912 not found.
File C:\ProgramData\35249912 not found.
ADS C:\ProgramData\TEMP:5D10517E deleted successfully.
ADS C:\ProgramData\TEMP:DD874E14 deleted successfully.
ADS C:\ProgramData\TEMP:CC2932DB deleted successfully.
ADS C:\ProgramData\TEMP:C8B517A2 deleted successfully.
ADS C:\ProgramData\TEMP:7715B65F deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Bob\Desktop\cmd.bat deleted successfully.
C:\Users\Bob\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.24.0 log created on 06112011_163321

#6 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 11 June 2011 - 04:47 PM

Hi!

MSE is a great free Anti-Virus program.

The main infection that you were infected with is called TDL3.

See the snippet of text below:

Quote

2011/06/11 16:18:46.0099 3248 Detected object count: 1
2011/06/11 16:18:46.0100 3248 Actual detected object count: 1
2011/06/11 16:19:27.0049 3248 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys
2011/06/11 16:19:27.0053 3248 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: 147281c01fcb1df9252de2a10d5e7093
2011/06/11 16:19:31.0773 3248 Backup copy found, using it..
2011/06/11 16:19:31.0907 3248 C:\Windows\system32\drivers\volsnap.sys - will be cured after reboot
2011/06/11 16:19:31.0907 3248 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
2011/06/11 16:20:14.0877 4100 Deinitialize success

You can read more about this infection here:

Special thanks to quietman7 for providing the above links.

NEXT:

Posted Image

One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.

I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

NEXT:

Remove Norton Tool

ONLY if you don't have an active subscription, use below link to uninstall Norton.

Please click HERE and follow the instructions to download and run the Norton Removal Tool for your own version.

It is strongly recommended that you run only one anti-virus program at a time. Having more than one anti-virus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

NEXT:

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

What issues are you currently experiencing with your computer?

This post has been edited by SweetTech: 11 June 2011 - 04:47 PM

#7 turkey10

Member

Group: Members
Posts: 23
Joined: 04-June 11

Posted 11 June 2011 - 05:41 PM

I have read most of the stuff you recommended, called our credit card comp. and will call my bank Monday morning. I think I will keep going and try to get the system clean and if looks like we can't get it clean I will re-install. That said how do I find what version of norton is on my system? Any idea how this infection got my system?

#8 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 11 June 2011 - 06:00 PM

Hi!

Okay! It looks like you have Norton Internet Security. It's really hard to say how exactly you got this infection.

#9 turkey10

Member

Group: Members
Posts: 23
Joined: 04-June 11

Posted 11 June 2011 - 06:42 PM

Norton is uninstalled, I tried Google search it seems to be working fine.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6837

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

6/11/2011 6:32:52 PM
mbam-log-2011-06-11 (18-32-52).txt

Scan type: Quick scan
Objects scanned: 168055
Time elapsed: 10 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 12 June 2011 - 08:48 AM

Hi!

Great to hear!

Please run through these 2 scans;

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
- Enable Anti-Stealth technology
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#11 turkey10

Member

Group: Members
Posts: 23
Joined: 04-June 11

Posted 12 June 2011 - 01:06 PM

C:\Program Files\Morpheus\morpheustoolbar.exe Win32/Toolbar.AskSBar application
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MHASRDWD\img[1].htm HTML/TrojanClicker.IFrame.AIW trojan
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TBK0QL5B\img[1].htm HTML/TrojanClicker.IFrame.AIW trojan
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TBK0QL5B\img[2].htm HTML/TrojanClicker.IFrame.AIW trojan
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TBK0QL5B\img[3].htm HTML/TrojanClicker.IFrame.AIW trojan
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQM0QAYY\img[1].htm HTML/TrojanClicker.IFrame.AIW trojan
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQM0QAYY\img[2].htm HTML/TrojanClicker.IFrame.AIW trojan
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQM0QAYY\img[3].htm HTML/TrojanClicker.IFrame.AIW trojan
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1b44c7d2-2c0a8c95 multiple threats
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\2250f692-4bbae2a0 multiple threats
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-1c9f96d6 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-1d89deca a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-279eb26a a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-2f5e5111 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-61c8acee a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-7a344f21 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\51d1c3f7-7f05658b a variant of Java/TrojanDownloader.OpenStream.NCE trojan

Results of screen317's Security Check version 0.99.13
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 24
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.3.181.22
Adobe Reader 8.2.6
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

#12 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 12 June 2011 - 01:09 PM

Hi!

These threats below will be removed very shortly:

Quote

C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MHASRDWD\img[1].htm HTML/TrojanClicker.IFrame.AIW trojan
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TBK0QL5B\img[1].htm HTML/TrojanClicker.IFrame.AIW trojan
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TBK0QL5B\img[2].htm HTML/TrojanClicker.IFrame.AIW trojan
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TBK0QL5B\img[3].htm HTML/TrojanClicker.IFrame.AIW trojan
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQM0QAYY\img[1].htm HTML/TrojanClicker.IFrame.AIW trojan
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQM0QAYY\img[2].htm HTML/TrojanClicker.IFrame.AIW trojan
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQM0QAYY\img[3].htm HTML/TrojanClicker.IFrame.AIW trojan
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1b44c7d2-2c0a8c95 multiple threats
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\2250f692-4bbae2a0 multiple threats
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-1c9f96d6 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-1d89deca a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-279eb26a a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-2f5e5111 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-61c8acee a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-7a344f21 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\51d1c3f7-7f05658b a variant of Java/TrojanDownloader.OpenStream.NCE trojan

____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
Look for "Java Platform, Standard Edition".
Click the "Download JRE" button to the right.
Read the License Agreement, and then check the box that says: "Accept License Agreement".
From the list, select your OS and Platform.
- 32-bit Select: Windows x86 Offline.
- 64-bit Select: Windows x64.
If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Go to

> Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
When the Java Setup - Welcome window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.

NEXT

Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy

Go to Start > Control Panel > Add/Remove Programs
Remove ALL instances of Adobe Reader
Re-boot your computer as required.
Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader

Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL

:Reg

:Files
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MHASRDWD\img[1].htm
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TBK0QL5B\img[1].htm
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TBK0QL5B\img[2].htm
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TBK0QL5B\img[3].htm
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQM0QAYY\img[1].htm
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQM0QAYY\img[2].htm
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQM0QAYY\img[3].htm
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1b44c7d2-2c0a8c95
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\2250f692-4bbae2a0
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-1c9f96d6
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-1d89deca
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-279eb26a
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-2f5e5111
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-61c8acee
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-7a344f21
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\51d1c3f7-7f05658b
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

OTL Custom Scan

We need to run an OTL Custom Scan

Please reopen on your desktop.
Copy and Paste the following code into the textbox.

netsvcs
drivers32
hklm\software\clients\startmenuinternet|command /rs
%USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Push the button.
A report will open. Copy and Paste that report in your next reply.

NEXT:

What outstanding issues (if any) are you still experiencing with your computer?

#13 turkey10

Member

Group: Members
Posts: 23
Joined: 04-June 11

Posted 12 June 2011 - 04:54 PM

Seems to be working great except my printer still doesn't work. Don't know if you can help with that but when I would try and print something it would say printer is unspooled and would tell me to restart spooler when I did that it said it couldn't because it was missing a driver. I tried to uninstall the printer but it wouldn't let me uninstall it because it was missing a driver.

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MHASRDWD\img[1].htm moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TBK0QL5B\img[1].htm moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TBK0QL5B\img[2].htm moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TBK0QL5B\img[3].htm moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQM0QAYY\img[1].htm moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQM0QAYY\img[2].htm moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQM0QAYY\img[3].htm moved successfully.
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1b44c7d2-2c0a8c95 moved successfully.
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\2250f692-4bbae2a0 moved successfully.
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-1c9f96d6 moved successfully.
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-1d89deca moved successfully.
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-279eb26a moved successfully.
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-2f5e5111 moved successfully.
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-61c8acee moved successfully.
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-7a344f21 moved successfully.
C:\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\51d1c3f7-7f05658b moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Bob\Desktop\cmd.bat deleted successfully.
C:\Users\Bob\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Bob
->Temp folder emptied: 339650715 bytes
->Temporary Internet Files folder emptied: 109566102 bytes
->Java cache emptied: 143684064 bytes
->FireFox cache emptied: 55412562 bytes
->Apple Safari cache emptied: 1162240 bytes
->Flash cache emptied: 814829 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Marge
->Temp folder emptied: 933134 bytes
->Temporary Internet Files folder emptied: 46755281 bytes
->Java cache emptied: 1719127 bytes
->FireFox cache emptied: 62451807 bytes
->Flash cache emptied: 39903 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1483988076 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,142.00 mb

[EMPTYFLASH]

User: All Users

User: Bob
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Marge
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.24.0 log created on 06122011_162809

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 6/12/2011 4:40:50 PM - Run 2
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Bob\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 48.92% Memory free
3.74 Gb Paging File | 2.66 Gb Available in Paging File | 71.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113.20 Gb Total Space | 43.60 Gb Free Space | 38.52% Space Free | Partition Type: NTFS
Drive D: | 112.85 Gb Total Space | 103.87 Gb Free Space | 92.04% Space Free | Partition Type: NTFS

Computer Name: BOB-PC | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/11 15:43:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/28 17:03:44 | 000,364,576 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2011/05/28 17:03:42 | 001,705,520 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/04/19 01:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/23 18:24:54 | 000,319,488 | ---- | M] () -- C:\Windows\System32\SysMonitor.exe
PRC - [2006/11/17 08:26:58 | 000,453,120 | ---- | M] (HiTRUST) -- c:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

========== Modules (SafeList) ==========

MOD - [2011/06/11 15:43:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/12/03 08:37:36 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/12/03 08:37:36 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll
MOD - [2006/11/16 19:10:14 | 000,286,720 | ---- | M] (HiTRUST) -- C:\Windows\System32\sysenv.dll
MOD - [2006/11/16 13:19:10 | 000,037,376 | ---- | M] () -- C:\Windows\System32\MSNChatHook.dll
MOD - [2006/11/16 13:18:50 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (Spooler)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/28 17:03:44 | 000,364,576 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/12/08 15:45:32 | 000,045,056 | ---- | M] (Acer Inc.) [On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/11/12 21:35:08 | 000,024,576 | ---- | M] () [On_Demand | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)

========== Driver Services (SafeList) ==========

DRV - [2011/06/12 16:36:37 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2AD2490D-318B-4358-8E97-8D5BA5CAE3AF}\MpKslf9ab8b9c.sys -- (MpKslf9ab8b9c)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/28 16:47:42 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Soluto.sys -- (Soluto)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/06/20 01:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/01/09 09:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/12/07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/02 02:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/09/19 16:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/04 16:30:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/12 16:08:36 | 000,000,000 | ---D | M]

[2008/12/04 18:58:47 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Extensions
[2011/06/07 19:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\8v7p92vi.default\extensions
[2011/06/04 16:37:58 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\8v7p92vi.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/05/26 00:16:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\8v7p92vi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/26 00:16:02 | 000,000,000 | ---D | M] ("IE Tab") -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\8v7p92vi.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/06/12 16:03:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/12 16:03:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8V7P92VI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8V7P92VI.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011/05/26 00:16:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/06/19 04:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\MyCamera.dll
[2008/06/19 04:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/06/12 16:03:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/12 16:28:13 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Windows\System32\SysMonitor.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O24 - Desktop WallPaper: C:\Users\Bob\Pictures\Bobs pictures\006.JPG
O24 - Desktop BackupWallPaper: C:\Users\Bob\Pictures\Bobs pictures\006.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERZO~1\ACERZO~2\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/12 16:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.0
[2011/06/12 16:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/06/12 16:20:02 | 012,557,920 | ---- | C] (Foxit Corporation ) -- C:\Users\Bob\Desktop\FoxitReader501.0523_enu_Setup.exe
[2011/06/12 16:08:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/12 16:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/12 09:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/12 09:51:38 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Bob\Desktop\esetsmartinstaller_enu.exe
[2011/06/11 18:20:22 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/11 16:33:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/11 15:34:26 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2011/06/07 17:32:48 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bob\Desktop\TDSSKiller.exe
[2011/06/04 18:24:43 | 000,607,222 | R--- | C] (Swearware) -- C:\Users\Bob\Desktop\dds.scr
[2011/06/04 17:15:46 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/04 17:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/01 14:32:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/05/30 16:52:06 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Malwarebytes
[2011/05/30 16:51:56 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/30 16:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/30 16:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/30 16:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/30 16:50:37 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bob\Desktop\mbam-setup.exe
[2011/05/30 16:18:08 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\tdsskiller
[2011/05/30 12:46:06 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Soluto
[2011/05/30 12:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/05/30 12:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/30 12:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/30 12:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/05/30 12:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/30 11:54:14 | 000,051,144 | ---- | C] (Soluto LTD.) -- C:\Windows\System32\drivers\Soluto.sys
[2011/05/30 11:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
[2011/05/30 11:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2011/05/30 11:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2011/05/30 11:51:50 | 001,227,824 | ---- | C] (Soluto Inc) -- C:\Users\Bob\Desktop\solutoinstaller.exe
[2011/05/30 11:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/05/30 11:33:05 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Secunia PSI
[2011/05/30 11:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/05/30 11:32:01 | 001,739,400 | ---- | C] (Secunia) -- C:\Users\Bob\Desktop\PSISetup.exe
[2011/05/30 10:27:55 | 000,000,000 | ---D | C] -- C:\Users\Bob\Desktop\hosts
[2007/09/12 19:29:52 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2006/01/06 23:51:35 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

========== Files - Modified Within 30 Days ==========

[2011/06/12 16:38:17 | 000,003,940 | ---- | M] () -- C:\Windows\System32\.rsp
[2011/06/12 16:38:17 | 000,002,041 | ---- | M] () -- C:\Windows\System32\.lck
[2011/06/12 16:36:48 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/12 16:36:39 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/12 16:36:39 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/12 16:36:29 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2011/06/12 16:28:13 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/06/12 16:23:46 | 000,000,959 | ---- | M] () -- C:\Users\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.0.lnk
[2011/06/12 16:23:46 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader 5.0.lnk
[2011/06/12 16:21:50 | 012,557,920 | ---- | M] (Foxit Corporation ) -- C:\Users\Bob\Desktop\FoxitReader501.0523_enu_Setup.exe
[2011/06/12 15:51:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/12 13:02:35 | 000,879,099 | ---- | M] () -- C:\Users\Bob\Desktop\SecurityCheck.exe
[2011/06/12 09:51:46 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Bob\Desktop\esetsmartinstaller_enu.exe
[2011/06/11 18:20:30 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/11 18:05:49 | 000,932,400 | ---- | M] () -- C:\Users\Bob\Desktop\Norton_Removal_Tool.exe
[2011/06/11 15:43:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2011/06/11 15:37:13 | 000,139,264 | ---- | M] () -- C:\Users\Bob\Desktop\RKUnhookerLE.EXE
[2011/06/07 17:32:48 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bob\Desktop\TDSSKiller.exe
[2011/06/04 18:31:37 | 000,050,477 | ---- | M] () -- C:\Users\Bob\Desktop\Defogger.exe
[2011/06/04 18:24:46 | 000,607,222 | R--- | M] (Swearware) -- C:\Users\Bob\Desktop\dds.scr
[2011/06/04 18:23:22 | 000,000,000 | ---- | M] () -- C:\Users\Bob\defogger_reenable
[2011/06/04 17:55:37 | 000,002,519 | ---- | M] () -- C:\Users\Bob\Desktop\HiJackThis.lnk
[2011/06/04 17:23:37 | 001,402,880 | ---- | M] () -- C:\Users\Bob\Desktop\HijackThis.msi
[2011/06/04 16:30:16 | 000,000,874 | ---- | M] () -- C:\Users\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/04 16:30:16 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/04 04:02:24 | 227,118,684 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/30 17:00:07 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bob\Desktop\mbam-setup.exe
[2011/05/30 13:54:50 | 000,616,607 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.MVP
[2011/05/30 13:52:15 | 000,151,798 | ---- | M] () -- C:\Users\Bob\Desktop\hosts.zip
[2011/05/30 12:35:05 | 000,228,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/30 12:32:38 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/05/30 12:30:18 | 000,606,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/30 12:30:18 | 000,104,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/30 12:15:05 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/30 12:02:59 | 000,656,896 | ---- | M] () -- C:\Users\Bob\Desktop\MicrosoftFixit50525.msi
[2011/05/30 11:56:47 | 000,000,098 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/05/30 11:51:56 | 001,227,824 | ---- | M] (Soluto Inc) -- C:\Users\Bob\Desktop\solutoinstaller.exe
[2011/05/30 11:32:59 | 000,000,903 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/05/30 11:32:09 | 001,739,400 | ---- | M] (Secunia) -- C:\Users\Bob\Desktop\PSISetup.exe
[2011/05/29 12:32:00 | 000,302,592 | ---- | M] () -- C:\Users\Bob\Desktop\gmer.exe
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/28 16:47:42 | 000,051,144 | ---- | M] (Soluto LTD.) -- C:\Windows\System32\drivers\Soluto.sys

========== Files Created - No Company Name ==========

[2011/06/12 16:23:46 | 000,000,959 | ---- | C] () -- C:\Users\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.0.lnk
[2011/06/12 16:23:46 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader 5.0.lnk
[2011/06/12 13:02:34 | 000,879,099 | ---- | C] () -- C:\Users\Bob\Desktop\SecurityCheck.exe
[2011/06/11 18:05:28 | 000,932,400 | ---- | C] () -- C:\Users\Bob\Desktop\Norton_Removal_Tool.exe
[2011/06/11 15:28:00 | 000,139,264 | ---- | C] () -- C:\Users\Bob\Desktop\RKUnhookerLE.EXE
[2011/06/04 18:23:22 | 000,000,000 | ---- | C] () -- C:\Users\Bob\defogger_reenable
[2011/06/04 18:22:24 | 000,050,477 | ---- | C] () -- C:\Users\Bob\Desktop\Defogger.exe
[2011/06/04 17:15:46 | 000,002,519 | ---- | C] () -- C:\Users\Bob\Desktop\HiJackThis.lnk
[2011/06/04 17:14:18 | 001,402,880 | ---- | C] () -- C:\Users\Bob\Desktop\HijackThis.msi
[2011/06/04 16:30:16 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/01 14:32:50 | 227,118,684 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/30 16:51:57 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/30 12:40:16 | 000,003,940 | ---- | C] () -- C:\Windows\System32\.rsp
[2011/05/30 12:40:16 | 000,002,041 | ---- | C] () -- C:\Windows\System32\.lck
[2011/05/30 12:32:38 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/05/30 12:29:44 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/05/30 12:15:05 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/30 12:02:58 | 000,656,896 | ---- | C] () -- C:\Users\Bob\Desktop\MicrosoftFixit50525.msi
[2011/05/30 11:56:47 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/05/30 11:32:59 | 000,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/05/30 11:32:59 | 000,000,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011/05/30 10:22:06 | 000,151,798 | ---- | C] () -- C:\Users\Bob\Desktop\hosts.zip
[2011/05/29 12:32:00 | 000,302,592 | ---- | C] () -- C:\Users\Bob\Desktop\gmer.exe
[2009/09/18 05:57:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 05:57:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/24 07:18:38 | 000,160,414 | ---- | C] () -- C:\Windows\hpqins00.dat
[2008/08/08 03:00:31 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/22 13:29:19 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2008/04/22 18:46:13 | 000,001,356 | -H-- | C] () -- C:\Users\Bob\AppData\Local\d3d9caps.dat
[2008/04/01 17:50:19 | 000,096,577 | ---- | C] () -- C:\Windows\hpqins16.dat
[2007/09/13 19:41:00 | 000,027,136 | ---- | C] () -- C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/13 17:31:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/09/12 19:31:01 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2007/09/12 19:31:00 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2007/09/12 19:29:52 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2006/11/16 13:20:38 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2006/11/16 13:20:20 | 000,200,704 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2006/11/16 13:20:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2006/11/16 13:19:10 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MSNChatHook.dll
[2006/11/16 13:19:04 | 000,123,904 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2006/11/16 13:18:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2006/11/16 13:18:50 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/11/16 13:18:06 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 07:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,228,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,606,364 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/01/06 23:51:39 | 000,319,488 | ---- | C] () -- C:\Windows\System32\SysMonitor.exe
[2006/01/06 23:51:38 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2006/01/06 23:40:58 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys
[2006/01/06 23:22:59 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2006/01/06 23:15:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2006/01/06 22:07:26 | 000,000,985 | ---- | C] () -- C:\Windows\generic.ini
[2006/01/06 22:07:26 | 000,000,095 | ---- | C] () -- C:\Windows\Alaunch.ini
[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2007/09/12 19:35:15 | 000,000,000 | -H-D | M] -- C:\Users\Bob\AppData\Roaming\Acer
[2010/08/05 17:35:42 | 000,000,000 | -H-D | M] -- C:\Users\Bob\AppData\Roaming\GARMIN
[2011/05/26 00:15:59 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Hoyle Blackjack
[2011/05/26 00:16:01 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Hoyle Card Games
[2011/05/26 00:16:01 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Hoyle FaceCreator
[2008/04/20 16:19:42 | 000,000,000 | -H-D | M] -- C:\Users\Bob\AppData\Roaming\Image Zone Express
[2008/05/09 21:51:52 | 000,000,000 | -H-D | M] -- C:\Users\Bob\AppData\Roaming\iWin
[2007/09/12 19:35:13 | 000,000,000 | -H-D | M] -- C:\Users\Bob\AppData\Roaming\Leadertech
[2007/12/21 23:53:03 | 000,000,000 | -H-D | M] -- C:\Users\Bob\AppData\Roaming\Printer Info Cache
[2011/05/30 12:46:06 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Soluto
[2011/06/12 16:35:29 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/19 02:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/19 02:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/19 02:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/04/11 01:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-12 08:03:17

< End of report >

#14 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 12 June 2011 - 05:01 PM

Hello,

Quote

I think you'd receive the best assistance by posting in the Windows forum and see what the techs have to say about that.

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.
Copy and Paste the following code into the textbox.
```
:Commands
[ClearAllRestorePoints]
```
Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.

NEXT:

OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:

Reopen on your desktop.
Click on
You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

NEXT:

All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.

Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.

Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Extra Goodies

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe.
Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:
- Open Malwarebytes' Anti-Malware
- Select the Update tab
- Click Check for Updates
Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for Chrome and Opera.
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

#15 turkey10

Member

Group: Members
Posts: 23
Joined: 04-June 11

Posted 12 June 2011 - 07:48 PM

Thanks ST. Everything but the printer seems to be running good, I will check in with the the techs on the windows forum on that. I greatly appreciate your help with this matter and my wife also thanks you, she can have her computer back again. Should I get rid of the security check, eset, rkunhook programs or are they part of my security now? Do I need to activate cd emulation? Thanks again.

========== COMMANDS ==========

OTL by OldTimer - Version 3.2.24.0 log created on 06122011_192005