BleepingComputer.com: Slow PC that is getting slower by the day

Hi,

my PC is getting slower by the day. I realize that it might not be a malware but I would appreciate if somebody can take a look. Attached are log files from the DDS run.

 DDS.txt (19.39K)
Number of downloads: 2

 Attach.txt (9.32K)
Number of downloads: 1

I was also running GMER but system blue screened. I have to login accounts on the machine, both with admin privileges. Do I need to run logs for both accounts?

Thanks

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

• Do not run any other tool untill instructed to do so!
  
• please Do not Attach logs or put in code boxes.
  
• Tell me about any problems that have occurred during the fix.
  
• Tell me of any other symptoms you may be having as these can help also.
  
• Do not run anything while running a fix.
  
• Do not run any other tool untill instructed to do so!

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following


• Log from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

Hi Gringo,

it took over 50 min to run ComboFix and generate log file. Here is the log

 ComboFix.txt (13.61K)
Number of downloads: 1

I needed to reboot the system after I saved the log file since all icons and desktop disappeared.


ComboFix 11-08-09.02 - Alex 09/08/2011 21:23:06.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.3326.2063 [GMT -4:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\RelevantKnowledge
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\Alex\Taskmgr.exe
c:\users\Alex\wevtapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-10 to 2011-08-10 )))))))))))))))))))))))))))))))
.
.
2011-08-10 01:50 . 2011-08-10 01:51 -------- d-----w- c:\users\Alex\AppData\Local\temp
2011-08-10 01:50 . 2011-08-10 01:50 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-08-10 01:50 . 2011-08-10 01:50 -------- d-----w- c:\users\Jasmina\AppData\Local\temp
2011-08-10 01:50 . 2011-08-10 01:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-10 00:34 . 2010-03-04 22:49 33280 ----a-w- c:\windows\system32\drivers\IOMap.sys
2011-07-13 07:02 . 2011-07-13 07:02 -------- d-----w- C:\0cff2cd437fa658580a6cf7a5d
2011-07-12 20:22 . 2011-06-02 05:59 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-12 20:22 . 2011-06-02 05:55 271872 ----a-w- c:\windows\system32\conhost.exe
2011-07-12 20:22 . 2011-06-11 02:37 2332672 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-30 22:00 . 2011-05-28 21:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-30 19:51 . 2011-06-30 19:51 14336 ----a-w- c:\windows\system32\drivers\EIO.sys
2011-05-25 04:25 . 2011-05-25 04:25 7800832 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-05-25 03:44 . 2011-05-25 03:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-25 03:43 . 2011-05-25 03:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-25 03:31 . 2011-05-25 03:31 17940992 ----a-w- c:\windows\system32\atioglxx.dll
2011-05-25 03:07 . 2011-05-25 03:07 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-05-25 03:07 . 2011-03-09 14:54 688128 ----a-w- c:\windows\system32\aticfx32.dll
2011-05-25 03:04 . 2011-05-25 03:04 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-25 03:03 . 2011-05-25 03:03 401408 ----a-w- c:\windows\system32\atieclxx.exe
2011-05-25 03:03 . 2011-05-25 03:03 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-05-25 03:02 . 2011-05-25 03:02 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-05-25 03:02 . 2011-03-09 14:49 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-05-25 03:02 . 2011-05-25 03:02 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-05-25 03:01 . 2011-05-25 03:01 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-05-25 03:01 . 2011-05-25 03:01 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-05-25 02:59 . 2011-05-25 02:59 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-05-25 02:58 . 2011-03-09 14:46 4219904 ----a-w- c:\windows\system32\atidxx32.dll
2011-05-25 02:50 . 2011-03-09 14:21 4017152 ----a-w- c:\windows\system32\atiumdva.dll
2011-05-25 02:47 . 2011-05-25 02:47 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-05-25 02:47 . 2011-05-25 02:47 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-05-25 02:43 . 2011-05-25 02:43 6847488 ----a-w- c:\windows\system32\aticaldd.dll
2011-05-25 02:39 . 2011-03-09 14:28 4330496 ----a-w- c:\windows\system32\atiumdag.dll
2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-05-25 02:26 . 2011-05-25 02:26 262144 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-05-25 02:25 . 2011-05-25 02:25 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-05-25 02:25 . 2011-05-25 02:25 245760 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-05-25 02:24 . 2011-03-09 14:14 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-05-25 02:24 . 2011-03-09 14:14 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-05-25 02:24 . 2011-05-25 02:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:18 . 2011-06-30 19:47 52736 ----a-w- c:\windows\system32\coinst.dll
2011-05-24 10:35 . 2011-06-30 15:38 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-25 02:31 . 2011-03-27 23:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-06-17 21:48 787744 ------w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-06 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX3000"="c:\windows\vVX3000.exe" [2009-07-01 762208]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"STO Backup Service"="c:\program files\SmarThru Office\BackUpSvr.exe" [2009-07-01 184320]
"STO Launcher Service"="c:\program files\SmarThru Office\LegacyLauncher.exe" [2009-07-01 331776]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-09-23 614400]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-20 18432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-25 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-05-25 294400]
S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2010-09-13 86016]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-07-22 5120]
S2 VisualSVNServer;VisualSVN Server;c:\program files\VisualSVN Server\bin\VisualSVNServer.exe [2011-06-01 24424]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-25 7800832]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-25 245760]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-03-30 100880]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-06 105592]
S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap.sys [2010-03-04 33280]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 17:28]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 17:28]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Capture Selection - c:\program files\SmarThru Office\WebCapture.dll2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Save as HTML - c:\program files\SmarThru Office\WebCapture.dll1.htm
IE: Save Selected Text - c:\program files\SmarThru Office\WebCapture.dll.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Web Capture - c:\program files\SmarThru Office\WebCapture.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://miler-family.myq-see.com/DvrOcx.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zml53k2q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.kiss925.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000020
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000020
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-09 22:04:33
ComboFix-quarantined-files.txt 2011-08-10 02:04
.
Pre-Run: 198,102,028,288 bytes free
Post-Run: 198,008,143,872 bytes free
.
- - End Of File - - 7BBD2DCA726ECE945E243034CEC85746

This post has been edited by gringo_pr: 09 August 2011 - 10:05 PM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

Hi Gringo,

TDSSkiller did not find any problems.

 TDSSKiller.2.5.14.0_10.08.2011_07.34.08_log.txt (73.71K)
Number of downloads: 0

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
  
• Under Output, ensure that Minimal Output is selected.
  
• Under Extra Registry section, select Use SafeList.
  
• Click the Scan All Users checkbox.
  
• Click on Run Scan at the top left hand corner.
  
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened and the that I need posted back here
    
  • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  
  
• Please post the contents of OTListIt.txt in your next reply.

Gringo

Here are the files:

 OTL.Txt (78.34K)
Number of downloads: 1
 Extras.Txt (69.49K)
Number of downloads: 0

Thanks

OTL logfile created on: 10/08/2011 8:31:29 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Alex\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 44.46% Memory free
6.50 Gb Paging File | 4.12 Gb Available in Paging File | 63.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 183.59 Gb Free Space | 61.61% Space Free | Partition Type: NTFS
Drive E: | 119.34 Gb Total Space | 61.56 Gb Free Space | 51.59% Space Free | Partition Type: NTFS
Drive F: | 29.71 Gb Total Space | 4.42 Gb Free Space | 14.86% Space Free | Partition Type: NTFS
Drive G: | 111.79 Gb Total Space | 104.80 Gb Free Space | 93.75% Space Free | Partition Type: NTFS

Computer Name: OFFICE-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Alex\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe (Google Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\VisualSVN Server\bin\VisualSVNServer.exe (Apache Software Foundation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)
PRC - C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe ()
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Windows\System32\ATKFUSService.exe (ASUSTeK COMPUTER INC.)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\ASDR.exe ()
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\SmarThru Office\LegacyLauncher.exe ()
PRC - C:\Program Files\SmarThru Office\BackUpSvr.exe ()
PRC - C:\Program Files\SmarThru Office\STOSysService.exe ()
PRC - C:\Windows\vVX3000.exe (Microsoft Corporation)
PRC - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe (ASUSTeK Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Alex\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (VisualSVNServer) -- File not found
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (PCPitstop Scheduling) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (ATKFUSService) -- C:\Windows\System32\ATKFUSService.exe (ASUSTeK COMPUTER INC.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ASDR) -- C:\Windows\System32\ASDR.exe ()
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (mi-raysat_3dsMax2009_32) -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110806.002\NAVEX15.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110806.002\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EIO) -- C:\Windows\System32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (IOMap) -- C:\Windows\System32\drivers\IOMap.sys (ASUSTeK Computer Inc.)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (SrvHsfPCI) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (VX3000) -- C:\Windows\System32\drivers\VX3000.sys (Microsoft Corporation)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (atkdisplf) -- C:\Windows\System32\drivers\ATKDispLowFilter.sys (ASUSTeK Computer Inc.)
DRV - (asusgsb) -- C:\Windows\System32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (ASPI32) -- C:\Windows\System32\drivers\aspi32.sys (Adaptec)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4276112408-1280083303-1038284115-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4276112408-1280083303-1038284115-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKU\S-1-5-21-4276112408-1280083303-1038284115-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7F EB 92 EB 08 55 CC 01 [binary data]
IE - HKU\S-1-5-21-4276112408-1280083303-1038284115-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4276112408-1280083303-1038284115-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4276112408-1280083303-1038284115-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4276112408-1280083303-1038284115-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-4276112408-1280083303-1038284115-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-4276112408-1280083303-1038284115-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www3.serbiancafe.com/lat/kanada/
IE - HKU\S-1-5-21-4276112408-1280083303-1038284115-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKU\S-1-5-21-4276112408-1280083303-1038284115-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-4276112408-1280083303-1038284115-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4276112408-1280083303-1038284115-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.100: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/23 19:52:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 22:31:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/25 16:39:10 | 000,000,000 | ---D | M]

[2011/01/02 23:17:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2011/01/02 23:17:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2011/08/07 22:29:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zml53k2q.default\extensions
[2011/06/24 19:09:02 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zml53k2q.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/08/07 22:29:57 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zml53k2q.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/12/19 15:34:09 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zml53k2q.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011/04/13 08:01:53 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zml53k2q.default\extensions\ietab@ip.cn
[2011/06/26 09:52:09 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zml53k2q.default\extensions\LogMeInClient@logmein.com
[2011/06/24 19:15:43 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zml53k2q.default\extensions\plugin@yontoo.com
[2011/04/13 07:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/17 19:08:58 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/10 11:40:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/10 18:18:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/12 10:39:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/04 17:11:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/28 21:35:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/24 22:31:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/09 21:51:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [STO Backup Service] C:\Program Files\SmarThru Office\BackUpSvr.exe ()
O4 - HKLM..\Run: [STO Launcher Service] C:\Program Files\SmarThru Office\LegacyLauncher.exe ()
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4276112408-1280083303-1038284115-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4276112408-1280083303-1038284115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4276112408-1280083303-1038284115-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Capture Selection - C:\Program Files\SmarThru Office\WEBCapture.dll2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save as HTML - C:\Program Files\SmarThru Office\WEBCapture.dll1.htm ()
O8 - Extra context menu item: Save Selected Text - C:\Program Files\SmarThru Office\WEBCapture.dll.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Web Capture - C:\Program Files\SmarThru Office\WebCapture.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} http://miler-family.myq-see.com/DvrOcx.cab (DvrOcx Control)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/05/03 20:18:30 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4276112408-1280083303-1038284115-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-4276112408-1280083303-1038284115-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/08/10 20:21:29 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011/08/10 07:33:29 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\tdsskiller.exe
[2011/08/09 22:08:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/09 22:04:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\temp
[2011/08/09 21:14:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/09 21:00:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/09 21:00:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/09 21:00:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/09 21:00:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/09 21:00:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/09 20:58:52 | 004,168,373 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
[2011/08/09 20:34:06 | 000,033,280 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\System32\drivers\IOMap.sys
[2011/08/09 19:27:03 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\cleanup
[2011/07/13 08:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/13 03:02:11 | 000,000,000 | ---D | C] -- C:\0cff2cd437fa658580a6cf7a5d
[2011/07/12 16:23:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/12 16:23:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/12 16:23:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/12 16:23:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/07/12 16:23:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/07/12 16:23:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/12 16:23:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/12 16:23:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/12 16:23:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/07/12 16:23:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/07/12 16:23:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/12 16:23:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/07/12 16:23:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/07/12 16:23:00 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/07/12 16:23:00 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/07/12 16:23:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/12 16:23:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/07/12 16:23:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/12 16:23:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/12 16:23:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/07/12 16:23:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/07/12 16:23:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/07/12 16:23:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/12 16:23:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/12 16:23:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/12 16:23:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/07/12 16:23:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/12 16:23:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/07/12 16:22:57 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/07/12 16:22:57 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/12 16:22:52 | 002,332,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Alex\Documents\*.tmp files -> C:\Users\Alex\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/10 20:22:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/10 20:21:33 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011/08/10 20:09:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/10 10:56:14 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/10 07:33:30 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\tdsskiller.exe
[2011/08/09 22:59:41 | 000,007,626 | ---- | M] () -- C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
[2011/08/09 22:12:34 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/09 22:12:34 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/09 22:06:53 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/09 21:51:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/09 20:58:59 | 004,168,373 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
[2011/08/09 20:15:46 | 885,785,124 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/07 22:31:29 | 000,000,199 | ---- | M] () -- C:\ProgramData\RmUserCfg.ini
[2011/08/07 22:31:29 | 000,000,086 | ---- | M] () -- C:\ProgramData\IpAndPort.fig
[2011/07/31 08:56:31 | 000,630,928 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/31 08:56:31 | 000,111,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/23 21:05:33 | 000,050,052 | ---- | M] () -- C:\Users\Alex\Desktop\photoduino.shield.v.2.0.pdf
[2011/07/13 06:02:56 | 002,568,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Alex\Documents\*.tmp files -> C:\Users\Alex\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/09 21:00:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/09 21:00:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/09 21:00:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/09 21:00:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/09 21:00:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/23 21:05:33 | 000,050,052 | ---- | C] () -- C:\Users\Alex\Desktop\photoduino.shield.v.2.0.pdf
[2011/06/30 15:51:03 | 000,053,248 | ---- | C] () -- C:\Windows\System32\asrussian.dll
[2011/06/30 15:51:03 | 000,053,248 | ---- | C] () -- C:\Windows\System32\askorean.dll
[2011/06/30 15:51:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\asjapan.dll
[2011/06/30 15:51:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\asgerman.dll
[2011/06/30 15:51:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\asfrench.dll
[2011/06/30 15:51:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\aseng.dll
[2011/06/30 15:51:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\ASCHT.dll
[2011/06/30 15:51:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\aschs.dll
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/05/08 12:47:31 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2011/04/20 12:30:06 | 000,233,765 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/04/13 08:04:15 | 000,000,199 | ---- | C] () -- C:\ProgramData\RmUserCfg.ini
[2011/04/13 08:04:15 | 000,000,086 | ---- | C] () -- C:\ProgramData\IpAndPort.fig
[2011/03/17 13:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/19 11:47:31 | 003,856,932 | ---- | C] () -- C:\ProgramData\SamPCFax000013000000
[2011/02/17 22:46:43 | 000,692,224 | ---- | C] () -- C:\Windows\System32\bsrmgcv.dll
[2011/02/17 22:46:43 | 000,192,512 | ---- | C] () -- C:\Windows\System32\bsrmgps.dll
[2011/02/17 22:46:43 | 000,081,920 | ---- | C] () -- C:\Windows\System32\bsrgvas.dll
[2011/02/17 22:46:36 | 000,585,728 | ---- | C] () -- C:\Windows\System32\bsratswf.dll
[2011/02/17 22:46:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\bsratwmv.dll
[2010/11/18 21:34:35 | 003,856,932 | ---- | C] () -- C:\ProgramData\SamPCFax00001FF00000
[2010/10/03 19:05:50 | 000,000,036 | ---- | C] () -- C:\Users\Alex\AppData\Local\housecall.guid.cache
[2010/08/16 09:08:54 | 000,022,528 | ---- | C] () -- C:\Windows\System32\DvrOcxRUS.dll
[2010/08/16 09:08:18 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CovH264ToAvi.dll
[2010/06/01 11:30:40 | 000,680,040 | ---- | C] () -- C:\Windows\System32\RM_DVRNET_DLL.dll
[2010/05/15 08:53:45 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/01 22:43:43 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/02/20 18:25:47 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/02/20 18:25:47 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/02/20 18:25:45 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/02/13 11:31:22 | 000,080,384 | ---- | C] () -- C:\Windows\smgrinst.exe
[2010/02/13 11:31:18 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010/02/13 11:30:02 | 000,159,400 | R--- | C] () -- C:\Windows\System32\sskinst.exe
[2010/02/13 11:30:01 | 000,040,616 | R--- | C] () -- C:\Windows\System32\SvcMan.exe
[2010/02/13 11:29:45 | 000,172,032 | R--- | C] () -- C:\Windows\System32\SecSNMP.dll
[2010/02/13 11:28:38 | 000,126,976 | ---- | C] () -- C:\Windows\System32\STOFaxPort.dll
[2010/02/13 11:28:30 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2010/02/13 11:28:29 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2010/02/13 11:27:28 | 000,950,585 | ---- | C] () -- C:\Windows\System32\libiconv-2.dll
[2010/02/13 11:25:57 | 000,113,768 | R--- | C] () -- C:\Windows\Wiainst.exe
[2010/02/13 11:24:58 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2010/02/13 11:24:57 | 000,270,336 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2010/02/13 11:24:57 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2010/02/13 11:24:57 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2010/02/13 11:24:39 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sss3ml3.dll
[2010/01/30 21:24:00 | 000,003,584 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/25 13:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2010/01/23 19:51:31 | 000,023,106 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2010/01/22 00:26:59 | 000,023,124 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/17 20:09:08 | 000,221,154 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/01/17 20:09:08 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/01/03 11:41:47 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/12/31 13:42:25 | 000,007,626 | ---- | C] () -- C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
[2009/12/13 16:27:19 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat
[2009/12/06 15:04:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\pxhpinst.exe
[2009/12/06 09:41:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/06 02:59:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/12/03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/07/27 11:13:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\ASDR.exe
[2009/07/23 18:51:26 | 000,229,442 | ---- | C] () -- C:\Windows\System32\winpubf.dll
[2009/07/23 18:51:26 | 000,196,608 | ---- | C] () -- C:\Windows\System32\nvrfs.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 002,568,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,630,928 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,111,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/26 18:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/08/13 10:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:5F64C164

< End of report >

This post has been edited by gringo_pr: 10 August 2011 - 07:52 PM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

• Double-click OTL.exe to start the program.
  
• Copy and Paste the following code into the textbox. Do not include the word Code
  

  :otl
  FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
  FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.100: C:\Program Files\NOS\bin\np_gp.dll File not found
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
  O37 - HKU\S-1-5-21-4276112408-1280083303-1038284115-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
  O37 - HKU\S-1-5-21-4276112408-1280083303-1038284115-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
  @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:5F64C164  
  [2011/06/24 19:15:43 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zml53k2q.default\extensions\plugin@yontoo.com
  O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
  :Files
  ipconfig /flushdns /c
  :Commands
  [PURITY] 
  [EMPTYTEMP]
  [EMPTYFLASH]
  [RESETHOSTS] 
  

  
  
• Then click the Run Fix button at the top.
  
• Click .
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Here it is. By the way, system is doing better right now.

 otl_cleanup.txt (12.8K)
Number of downloads: 1

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..
Your Java is out of date.

It can be updated by the Java control panel

• click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  
• An update should begin;
  
• follow the prompts

Clear your Java Cache

• click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
  
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    Applications and Applets
    Trace and Log Files
    
    
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    
  • Click OK to leave the Temporary Files Window
    
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

• Please download TFC to your desktop,
  
• Save any unsaved work. TFC will close all open application windows.
  
• Double-click TFC.exe to run the program.
  
• If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.


• Double-click mbam-setup.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
    
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

• Go Here to download HijackThis Installer
  
• Save HijackThis Installer to your desktop.
  
• Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
  
• Click on Install.
  
• It will create a HijackThis icon on the desktop.
  
• Once installed it will launch Hijackthis.
  
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  
• Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  
• Come back here to this thread and Paste the log in your next reply.
  
• DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

In your next post I need the following


• Log From MBAM
  
• report from Hijackthis
  
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

Hi Gringo,

here are the logs. Everything went ok, with one infected file found.

 mbam-log-2011-08-13 (00-48-08).txt (964bytes)
Number of downloads: 1
 hijackthis.log (11.97K)
Number of downloads: 1

Thanks

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

• Run HijackThis
  
• Click on the Scan button
  
• Put a check beside all of the items listed below (if present):
  
  
  O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
  O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
  O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
  O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
  O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
  O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
  O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
  O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
  
  
  
  
• Close all open windows and browsers/email, etc...
  
• Click on the "Fix Checked" button
  
• When completed, close the application.
  
  
  NOTE**You can research each of those lines >here< and see if you want to keep them or not
  just copy the name between the brakets and paste into the search space
  O4 - HKLM\..\Run: [IntelliPoint]

If you have any problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• click on the ESET Online Scanner button
  
• Tick the box next to YES, I accept the Terms of Use.
  
  • Click Start
• When asked, allow the activex control to install
  
  • Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  
• Click on Advanced Settings, ensure the options
  
  Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
  
• Wait for the scan to finish
  
• Click on copy to clipboard and paste the results here in this topic
  
• you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt

Copy and paste that log as a reply to this topic

Gringo

This post has been edited by gringo_pr: 13 August 2011 - 12:25 AM

Hi Gringo,

scan found 9 threats. Here is the log file

 EOS_log.txt (962bytes)
Number of downloads: 1

Thanks

Hello

There are some minor things in your online scan that should be removed.


delete files

• Copy all text in the quote box (below)...to Notepad.
  

  Quote

  @echo off
  del /f /s /q "C:\Users\Alex\Downloads\Vegas.rar"
  del /f /s /q "C:\Users\Alex\Downloads\Vegas\Vegas 10\Keygen.exe"
  del /f /s /q "C:\Users\Alex\Downloads\Vegas\Vegas 10\SonyVegasPro Patch.exe"
  del /f /s /q "E:\Documents and Settings\Alex\Local Settings\Temp\OpenCandy\OCSetupHlp.dll"
  del /f /s /q "E:\Documents and Settings\Alex\My Documents\Downloads\FreeVideoToiPodConverter.exe"
  del /f /s /q "E:\Documents and Settings\Alex\My Documents\Downloads\videora-htc-503-setup.exe"
  del /f /s /q "E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8L6N8HEN\warning[1].gif"
  del /f /s /q "E:\WINDOWS\system32\warning.gif"
  del %0
  
  
• Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
  It should look like this: <--XP<--vista
  
• Double click on delfile.bat to execute it.
  A black CMD window will flash, then disappear...this is normal.
  
• The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

To re-enable your Emulation drivers, double click DeFogger to run the tool.

• The application window will appear
  
• Click the Re-enable button to re-enable your CD Emulation drivers
  
• Click Yes to continue
  
• A 'Finished!' message will appear
  
• Click OK
  
• DeFogger will now ask to reboot the machine - click OK

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

• turn off all active protection software
  
• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  
• please copy and past the following into the box ComboFix /Uninstall and click OK.
  
• Note the space between the X and the /Uninstall, it needs to be there.
  
• 

:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

• Double-click OTCleanIt.exe.
  
• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes, if not delete it by yourself.
  
• If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

• From within Internet Explorer click on the Tools menu and then click on Options.
  
• Click once on the Security tab
  
• Click once on the Internet icon so it becomes highlighted.
  
• Click once on the Custom Level button.
  
• Change the Download signed ActiveX controls to Prompt
  
• Change the Download unsigned ActiveX controls to Disable
  
• Change the Initialise and script ActiveX controls not marked as safe to Disable
  
• Change the Installation of desktop items to Prompt
  
• Change the Launching programs and files in an IFRAME to Prompt
  
• When all these settings have been made, click on the OK button.
  
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
  Next press the Apply button and then the OK to exit the Internet Properties page.

:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox

Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

• WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  
  
• Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  
  
• Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
  totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Gringo

Hi Gringo,

thank you so much for your help. Much appreciated.

Sincerely,

Former_ATI