Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this Log


  • This topic is locked This topic is locked
13 replies to this topic

#1 SeekerOfD

SeekerOfD

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 20 March 2010 - 10:21 AM

Started yesterday, but once in awhile, when i try to Google something or every time i try to get into youtube.com, it redirects me to ask.com. This completely destroys my use of Google and youtube. Ive used Spybot S&D and i've scanned everything 3 times and ive fixed everything that pops up. I used HijackThis and deleted ask.com toolbar. I still have yet to do a full system scan with Avira. Im using Windows Vista Home Premium.

I don't know what else to tell you so heres the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:12 PM, on 3/20/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.com/?aff=101
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbhelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [rebootex] C:\Rebootex\rebootw.exe -s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7813 bytes


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:02 AM

Posted 20 March 2010 - 10:47 AM

Hello Victim,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
1.
Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
  • Show hidden files and folders
Click Apply and then click OK

Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.
  • Ask Toolbar
  • Ask.com
  • Speedbit Toolbar
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:
How To Remove An Installed Program From Your Computer

Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.com/?aff=101
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll


Then close all windows except HijackThis and click Fix Checked.

Restart

Use Windows Explorer to find and delete these files:

And these folders:
C:\Program Files\Ask.com

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete


Finally, please post a new HijackThis log, and a description of any remaining problems.


2.
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

* When done, DDS will open two (2) logs:

1. DDS.txt
2. Attach.txt

Save both reports to your desktop post the contents of the DDS.txt and Atach.txt logs.

Things to include in your next reply:
HiJackthis log
DDS.txt
Attach.txt
Redirects gone?

Edited by fireman4it, 20 March 2010 - 10:48 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 SeekerOfD

SeekerOfD
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 20 March 2010 - 11:21 AM

Heres the HiJack log, i noticed some of the files are still there.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:39 AM, on 3/21/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Users\Inspiron 530\Documents\My DAP Downloads\dds.scr
C:\Windows\system32\cmd.exe
C:\Users\Inspiron 530\AppData\Local\Temp\BE2.tmp\evP.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [rebootex] C:\Rebootex\rebootw.exe -s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6649 bytes





Here is the DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by Inspiron 530 at 0:14:50.03 on Sun 03/21/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1073 [GMT 8:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Inspiron 530\Documents\My DAP Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web

printing\hpswp_BHO.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [rebootex] c:\rebootex\rebootw.exe -s
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RtHDVCpl] RtHDVCpl.exe
StartupFolder: c:\users\inspir~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program

files\dell\delldock\DellDock.exe
StartupFolder: c:\users\inspir~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program

files\limewire\LimeWire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12

\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital

imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\inspir~1\appdata\roaming\mozilla\firefox\profiles\g380bc2l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.bn/webhp?client=firefox-a&rls=org.mozilla:en-

US:official&channel=s&hl=en&source=hp&btnG=Google+Search
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?o=13701&l=dis&q=
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-

0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-

3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-19 11608]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-2-3 172032]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-2-19 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2-19 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-19 56816]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-3-20 1153368]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-2-3 5313536]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-2-3 150016]
R3 rt61x86;RT61 Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr61.sys [2008-11-26 333824]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

=============== Created Last 30 ================

2010-03-20 14:10:51 0 d-----w- c:\program files\Trend Micro
2010-03-20 10:42:07 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-20 10:42:07 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-03-17 10:23:31 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-17 10:23:31 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-03-17 10:23:31 0 d-----w- c:\program files\OpenAL
2010-03-16 08:18:59 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-03-15 09:13:38 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-03-15 08:31:06 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-03-15 08:31:06 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-03-15 08:31:04 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-03-15 08:21:20 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-15 08:20:51 0 d-----w- c:\program files\DAEMON Tools Lite
2010-03-15 08:20:32 0 d-----w- c:\users\inspir~1\appdata\roaming\DAEMON Tools Lite
2010-03-15 08:20:30 0 d-----w- c:\programdata\DAEMON Tools Lite
2010-03-11 13:04:30 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 13:04:29 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 13:04:29 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-09 09:30:31 0 d-----w- c:\users\inspir~1\appdata\roaming\Rainmeter
2010-03-09 09:29:54 0 d-----w- c:\program files\Rainmeter
2010-03-09 08:41:26 0 d-----w- c:\users\inspir~1\appdata\roaming\Dell
2010-03-09 08:40:06 0 dc-h--w- c:\programdata\{7322D736-AA5F-4DD0-8E33-EA48318CC276}
2010-03-09 08:39:51 0 d-----w- c:\programdata\Dell
2010-03-09 08:39:51 0 d-----w- c:\program files\Dell
2010-03-08 12:32:18 0 d-----w- c:\programdata\Oberon Media
2010-03-05 09:29:59 0 d-----w- c:\programdata\Blizzard Entertainment
2010-03-05 09:29:26 0 d-----w- c:\programdata\Blizzard
2010-03-03 14:31:18 0 d-----w- c:\program files\Shutter
2010-03-03 09:07:41 0 d-----w- c:\program files\StarCraft
2010-02-27 15:33:23 0 d-----w- c:\users\inspir~1\appdata\roaming\C__Program

Files_MSNRecorderMax_youtubeuploader.exe
2010-02-27 15:33:23 0 d-----w- c:\programdata\C__Program Files_MSNRecorderMax_youtubeuploader.exe
2010-02-27 15:31:15 0 d-----w- c:\users\inspir~1\appdata\roaming\MSNRecorderMax
2010-02-27 15:31:15 0 d-----w- c:\programdata\MSNRecorderMax
2010-02-27 15:13:54 0 d-----w- c:\program files\MSN Webcam Recorder
2010-02-24 12:15:26 19502 ----a-w- c:\windows\hpqins13.dat
2010-02-24 11:58:59 0 d-----w- c:\program files\Windows Portable Devices
2010-02-24 11:58:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-24 11:31:01 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-02-24 11:31:00 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-02-24 11:31:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-02-24 11:29:10 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-02-24 11:29:10 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-02-24 11:29:10 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-02-24 02:45:47 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 02:45:39 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 02:45:39 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 02:45:38 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 02:45:38 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 02:45:38 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 02:45:38 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 02:45:38 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 02:45:38 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 02:45:38 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 02:44:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-24 02:44:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 02:44:01 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-23 06:58:04 0 d-----w- c:\program files\SCMDraft 2
2010-02-23 02:36:29 0 d-----w- c:\windows\system32\eu-ES
2010-02-23 02:36:29 0 d-----w- c:\windows\system32\ca-ES
2010-02-23 02:36:26 0 d-----w- c:\windows\system32\vi-VN
2010-02-23 01:26:51 0 d-----w- c:\program files\common files\Blizzard Entertainment
2010-02-22 14:33:24 0 d-----w- c:\windows\system32\EventProviders
2010-02-22 14:30:59 550400 ----a-w- c:\windows\system32\rpcss.dll
2010-02-22 14:29:59 1671680 ----a-w- c:\windows\system32\chsbrkr.dll
2010-02-22 14:28:59 158208 ----a-w- c:\windows\system32\iasrad.dll
2010-02-22 14:27:59 47104 ----a-w- c:\windows\system32\wbem\WmiPerfInst.dll
2010-02-22 14:26:48 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-02-22 14:26:48 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-02-22 14:26:48 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-02-22 14:26:47 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-02-22 14:26:47 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-02-22 14:26:47 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-02-22 14:26:47 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-02-22 14:26:43 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-02-22 14:26:34 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-02-22 14:26:34 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-02-22 14:26:08 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-02-22 10:19:59 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-22 10:19:59 138056 ----a-w- c:\users\inspir~1\appdata\roaming\PnkBstrK.sys
2010-02-22 10:19:34 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-22 10:19:27 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-22 10:19:26 319 ----a-w- c:\windows\game.ini
2010-02-22 10:12:47 0 d-----w- c:\program files\Activision
2010-02-22 09:24:21 0 d-----w- c:\programdata\Trymedia
2010-02-22 08:46:34 0 d-----w- c:\program files\Hitman Blood Money
2010-02-22 08:18:38 0 d--h--w- c:\windows\msdownld.tmp
2010-02-22 08:18:32 0 d-----w- c:\windows\system32\directx
2010-02-22 03:54:44 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-02-21 05:49:05 0 d-----w- c:\windows\pss
2010-02-21 05:48:55 0 d-----w- c:\program files\CCleaner
2010-02-21 04:43:37 0 d-----w- c:\users\inspir~1\appdata\roaming\LimeWire
2010-02-21 02:31:23 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-02-21 02:30:27 0 d-----w- c:\windows\system32\RTCOM
2010-02-20 23:51:13 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-02-20 23:51:13 270848 ----a-w- c:\windows\system32\schannel.dll
2010-02-20 23:49:23 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-20 23:49:23 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-20 19:01:03 0 d-----w- c:\program files\MSXML 4.0
2010-02-20 07:46:32 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-02-20 07:46:31 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-02-20 04:21:06 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-02-20 04:21:05 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-02-20 04:21:05 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-02-20 04:21:04 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-02-20 04:21:04 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-02-20 04:21:04 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-02-20 04:21:04 17920 ----a-w- c:\windows\system32\netevent.dll
2010-02-20 04:21:04 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-02-20 04:21:04 10240 ----a-w- c:\windows\system32\finger.exe
2010-02-20 03:21:37 0 d-----w- c:\windows\system32\AGEIA
2010-02-20 03:20:22 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-02-20 01:19:18 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-02-20 01:19:16 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-02-20 01:19:16 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-02-20 01:19:16 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-02-20 01:19:16 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-02-20 00:44:07 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-20 00:44:07 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-20 00:43:46 2501921 ----a-w- c:\windows\system32\wlan.tmf
2010-02-20 00:43:45 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-02-20 00:43:45 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-02-20 00:43:45 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-02-20 00:43:45 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-02-20 00:43:44 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-02-20 00:43:44 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-02-20 00:43:29 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-02-20 00:43:28 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-02-20 00:24:35 0 d-----r- c:\program files\Left 4 Dead 2
2010-02-20 00:17:36 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-02-19 23:41:23 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-02-19 23:05:19 9728 ----a-w- c:\windows\system32\lsass.exe
2010-02-19 23:05:19 72704 ----a-w- c:\windows\system32\secur32.dll
2010-02-19 23:05:19 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-02-19 23:05:19 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-02-19 23:05:19 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-02-19 23:05:19 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-02-19 23:00:42 98816 ----a-w- c:\windows\system32\mfps.dll
2010-02-19 23:00:42 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-02-19 23:00:42 2868224 ----a-w- c:\windows\system32\mf.dll
2010-02-19 23:00:42 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-02-19 23:00:42 2048 ----a-w- c:\windows\system32\mferror.dll
2010-02-19 22:52:53 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-02-19 22:52:53 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-02-19 22:52:53 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-02-19 22:44:16 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-02-19 22:41:56 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-19 22:41:55 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-19 22:41:55 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-19 22:41:55 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-19 22:41:55 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-19 22:41:55 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-19 22:41:55 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-19 22:41:55 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-19 22:41:55 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-19 22:40:19 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-02-19 22:40:19 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-02-19 22:40:19 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-02-19 22:40:19 23552 ----a-w- c:\windows\system32\lpk.dll
2010-02-19 22:40:19 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-02-19 22:40:19 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-02-19 22:40:05 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-19 22:40:05 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 22:22:40 71680 ----a-w- c:\windows\system32\atl.dll
2010-02-19 22:07:10 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-02-19 22:01:47 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-02-19 21:48:38 623616 ----a-w- c:\windows\system32\localspl.dll
2010-02-19 21:31:01 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-02-19 21:27:59 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-02-19 21:27:58 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-02-19 21:27:58 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-02-19 21:24:38 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-19 21:24:37 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-19 21:22:29 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-02-19 21:22:09 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-02-19 21:21:08 243712 ----a-w- c:\windows\system32\rastls.dll
2010-02-19 21:16:06 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-02-19 18:43:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-02-19 17:46:49 0 d-----w- c:\windows\Panther
2010-02-19 17:46:37 8192 --s-a-r- C:\BOOTSECT.BAK
2010-02-19 17:46:36 333257 --sha-r- C:\bootmgr
2010-02-19 17:46:35 0 d-sh--w- C:\Boot
2010-02-19 17:42:58 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 16:35:51 0 d-----w- c:\program files\WildGames
2010-02-19 12:53:20 0 d-----w- c:\users\inspir~1\appdata\roaming\funkitron
2010-02-19 09:50:54 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-02-19 09:50:54 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-02-19 09:50:28 0 d-----w- c:\program files\iPod
2010-02-19 09:50:25 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-19 09:50:25 0 d-----w- c:\program files\iTunes
2010-02-19 09:49:52 0 d-----w- c:\program files\Bonjour
2010-02-19 09:49:28 0 d-----w- c:\programdata\Apple Computer
2010-02-19 09:47:51 0 d-----w- c:\programdata\Apple
2010-02-19 09:16:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-19 09:11:56 0 d-----w- c:\program files\LimeWire
2010-02-19 09:09:14 0 d-----w- c:\program files\uTorrent
2010-02-19 09:08:48 0 d-----w- c:\programdata\WEBREG
2010-02-19 09:08:15 0 d-----w- c:\users\inspir~1\appdata\roaming\uTorrent
2010-02-19 09:07:23 0 d-----w- c:\programdata\Hewlett-Packard
2010-02-19 09:03:09 0 d-----w- c:\programdata\HP Product Assistant
2010-02-19 09:02:10 0 d-----w- c:\program files\common files\HP
2010-02-19 09:02:01 0 d-----w- c:\program files\common files\Hewlett-Packard
2010-02-19 09:01:41 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-02-19 09:01:38 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2010-02-19 09:01:32 970752 ----a-w- c:\windows\system32\hpotiop6.dll
2010-02-19 09:01:32 729088 ----a-w- c:\windows\system32\hpowiax8.dll
2010-02-19 09:01:32 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2010-02-19 09:01:32 303104 ----a-w- c:\windows\system32\hpovst14.dll
2010-02-19 09:01:05 0 d-----w- c:\program files\HP
2010-02-19 09:00:06 157508 ----a-w- c:\windows\hpoins29.dat
2010-02-19 08:59:59 0 d-----w- c:\programdata\HP
2010-02-19 08:58:27 0 d-----w- c:\programdata\SpeedBit
2010-02-19 08:58:25 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2010-02-19 08:58:23 0 d-----w- c:\program files\DAP
2010-02-19 08:54:04 0 d-----w- c:\program files\common files\Steam
2010-02-19 08:54:01 0 d-----w- c:\program files\Steam
2010-02-19 08:50:30 0 d-----w- c:\users\inspir~1\appdata\roaming\ACD Systems
2010-02-19 08:37:54 0 d-----w- c:\programdata\Messenger Plus!
2010-02-19 08:35:58 0 d-----w- c:\program files\Messenger Plus! Live
2010-02-19 08:21:31 0 d-----w- c:\program files\VideoLAN
2010-02-19 08:16:22 0 d-----w- c:\program files\Garena
2010-02-19 07:03:49 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-02-19 07:03:38 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-02-19 07:03:32 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-02-19 07:03:32 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-02-19 06:56:34 0 d-----w- C:\Linksys Driver
2010-02-19 06:54:49 0 d-----w- c:\programdata\ATI
2010-02-19 06:53:58 0 ----a-w- c:\windows\ativpsrm.bin
2010-02-19 06:50:36 0 d-----w- c:\program files\ATI Technologies
2010-02-19 06:50:34 0 d-----w- c:\program files\ATI
2010-02-19 06:49:48 0 d-----w- C:\ATI
2010-02-19 06:30:35 0 d-----w- c:\users\inspiron 530\Tracing
2010-02-19 05:22:47 0 d-----w- c:\program files\Microsoft
2010-02-19 05:22:29 0 d-----w- c:\program files\Windows Live SkyDrive
2010-02-19 04:52:03 0 d-----w- c:\program files\common files\Windows Live
2010-02-19 04:48:15 802816 ----a-w- c:\windows\system32\imagXRA7.dll
2010-02-19 04:48:15 497296 ----a-w- c:\windows\system32\imagXpr7.dll
2010-02-19 04:48:15 368640 ----a-w- c:\windows\system32\TwnLib4.dll
2010-02-19 04:48:15 258048 ----a-w- c:\windows\system32\imagXR7.dll
2010-02-19 04:48:15 1757184 ----a-w- c:\windows\system32\imagX7.dll
2010-02-19 04:48:14 0 d-----w- c:\programdata\Nero
2010-02-19 04:48:14 0 d-----w- c:\program files\Nero
2010-02-19 04:45:32 0 d-----w- c:\windows\PCHEALTH
2010-02-19 04:43:48 0 d-----w- c:\programdata\Microsoft Help
2010-02-19 04:42:26 38 ----a-w- c:\windows\avisplitter.ini
2010-02-19 04:42:26 178176 ----a-w- c:\windows\system32\unrar.dll
2010-02-19 04:42:21 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-02-19 04:42:21 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-02-19 04:42:21 0 d-----w- c:\program files\K-Lite Codec Pack
2010-02-19 04:37:04 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-19 04:37:03 0 d-----w- c:\programdata\Avira
2010-02-19 04:37:03 0 d-----w- c:\program files\Avira
2010-02-19 04:35:46 0 d-----w- c:\programdata\Adobe
2010-02-19 04:33:59 0 d-----w- c:\programdata\ACD Systems
2010-02-19 04:33:51 0 d-----w- c:\program files\common files\ACD Systems
2010-02-19 04:23:34 1904 ------w- c:\windows\system32\SetupBD.din
2010-02-19 04:23:06 0 d-sh--w- c:\windows\Installer
2010-02-19 04:22:56 39288 ----a-w- c:\windows\system32\NicInE6.dll
2010-02-19 04:22:56 28536 ----a-w- c:\windows\system32\NicCo6.dll
2010-02-19 04:22:56 2689 ----a-w- c:\windows\system32\e1e6032.din
2010-02-19 04:22:56 228224 ----a-w- c:\windows\system32\drivers\e1e6032.sys
2010-02-19 04:22:56 179048 ----a-w- c:\windows\system32\e1000msg.dll
2010-02-19 04:22:56 154496 ----a-w- c:\windows\system32\Prounstl.exe
2010-02-19 04:14:12 0 d-----w- C:\Intel
2010-02-19 04:14:10 0 d-----w- C:\dell

==================== Find3M ====================

2010-02-24 11:58:55 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-24 11:58:55 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-24 11:58:54 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-02-24 11:58:54 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-23 01:24:14 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-02-04 02:01:14 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 02:01:14 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 02:01:14 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 02:01:14 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-03 04:54:34 5313536 ----a-w- c:\windows\system32\drivers\atipmdag.sys
2010-02-03 04:54:34 5313536 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-02-03 04:23:36 426496 ----a-w- c:\windows\system32\aticfx32.dll
2010-02-03 04:19:14 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-02-03 04:17:56 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-02-03 04:17:28 372736 ----a-w- c:\windows\system32\atieclxx.exe
2010-02-03 04:16:58 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2010-02-03 04:15:38 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-02-03 04:15:20 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-02-03 04:15:06 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2010-02-03 04:14:58 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-02-03 04:14:52 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-02-03 04:12:04 3073024 ----a-w- c:\windows\system32\atidxx32.dll
2010-02-03 04:01:18 14147072 ----a-w- c:\windows\system32\atioglxx.dll
2010-02-03 03:55:34 3653632 ----a-w- c:\windows\system32\atiumdag.dll
2010-02-03 03:52:44 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-02-03 03:52:30 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-02-03 03:51:18 3649536 ----a-w- c:\windows\system32\aticaldd.dll
2010-02-03 03:40:18 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-03 03:37:10 2934272 ----a-w- c:\windows\system32\atiumdva.dll
2010-02-03 03:25:00 52224 ----a-w- c:\windows\system32\atimpc32.dll
2010-02-03 03:25:00 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-03 03:24:24 229376 ----a-w- c:\windows\system32\atiadlxx.dll
2010-02-03 03:24:12 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-02-03 03:24:04 14848 ----a-w- c:\windows\system32\atigktxx.dll
2010-02-03 03:23:42 150016 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-02-03 03:23:32 50176 ----a-w- c:\windows\system32\coinst.dll
2010-02-03 03:23:14 27136 ----a-w- c:\windows\system32\atiuxpag.dll
2010-02-03 03:22:58 20480 ----a-w- c:\windows\system32\atiu9pag.dll
2010-02-03 03:22:36 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2010-01-28 14:33:28 97792 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 0:16:56.83 ===============







Here is the Attach


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 2/20/2010 2:43:42 AM
System Uptime: 3/21/2010 12:11:30 AM (0 hours ago)

Motherboard: Dell Inc. | | 0FM586
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 156.836 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 9.911 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

µTorrent
32 Bit HP CIO Components Installer
ACDSee Pro 2.5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Avira AntiVir Personal - Free Antivirus
Battlefield: Bad Company™ 2
Bonjour
Bubble Town
BufferChm
C4400
C4400_Help
Call of Duty® 4 - Modern Warfare™
Call of Duty® 4 - Modern Warfare™ 1.6 Patch
Call of Duty® 4 - Modern Warfare™ 1.7 Patch
Cards_Calendar_OrderGift_DoMorePlugout
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CCleaner
Copy
CustomerResearchQFolder
Dell Dock
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Download Accelerator Plus (DAP)
eSupportQFolder
GameHouse Super Games AIO®
Garena 2010
GPBaseService
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 3.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Intel® PRO Network Connections 12.1.11.0
iTunes
Java™ 6 Update 16
K-Lite Mega Codec Pack 5.7.0
Left 4 Dead 2 Standalone Patch™
LimeWire 5.4.8
MarketResearch
Messenger Plus! Live
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Lite 8.3.2.1
NVIDIA PhysX
OCR Software by I.R.I.S. 10.0
OpenAL
PanoStandAlone
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
PunkBuster Services
QuickTime
Rainmeter (remove only)
Realtek High Definition Audio Driver
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Shattered Horizon
Shop for HP Supplies
Shutter
SmartWebPrintingOC
SolutionCenter
Spybot - Search & Destroy
StarCraft
StarCraft II Beta
Status
Steam
The Lord of the Rings FREE Trial
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb979895)
VideoToolkit01
VLC media player 1.0.5
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
WinRAR archiver
Zero Gear Demo

==== End Of File ===========================





Youtube and Google now work fine and everything seems to be working. I did not have an Ask folder in my C:/ Drive after i restarted my computer. So i assume its been deleted.
Another minor point which i can understand why but i thought i should tell you anyway, the file you told me to check in HijackThis;
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
was named
O3 - Toolbar: [no name] - {D4027C7F-154A-4066-A1AD-4243D8127440} - {no name}

or something similar. This was probably because the files didn't exist anymore?

Anyway, ill be waiting for the All Clean. Thanks for everything so far smile.gif

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:02 AM

Posted 20 March 2010 - 11:52 AM

Hello,

QUOTE
O3 - Toolbar: [no name] - {D4027C7F-154A-4066-A1AD-4243D8127440} - {no name}

or something similar. This was probably because the files didn't exist anymore?

Yes that is the basics of it. Sometimes however malware will also cause this to try to hide legit stuff from you. Just have to when they are true or not!


Congratulations! You now appear clean! specool.gif

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  1. Install and maintain an outbound firewall
  2. Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  3. Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  4. Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  5. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    1. Click the "Start Menu" (or Windows Orb)
    2. Click "All Programs"
    3. Click "Windows Update"
    4. On the left, choose "Change Settings"
    5. Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    6. Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    7. Click "Check for Updates" in the upper left corner.
    8. Follow the instructions to install the latest updates.
    9. Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  6. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  7. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 SeekerOfD

SeekerOfD
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 20 March 2010 - 09:07 PM

Waw thank you so much!

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:02 AM

Posted 20 March 2010 - 11:32 PM

Hello,

So I take it worked?

If so please do the following.

    1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 SeekerOfD

SeekerOfD
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 21 March 2010 - 04:17 AM

OTL logfile created on: 3/21/2010 5:10:07 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Inspiron 530\Documents\My DAP Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 153.41 Gb Free Space | 53.26% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: INSPIRON530-PC
Current User Name: Inspiron 530
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/21 17:09:16 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Inspiron 530\Documents\My DAP Downloads\OTL.exe
PRC - [2010/02/19 16:58:26 | 002,815,488 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2010/02/03 12:17:28 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/02/03 12:16:58 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/02/01 11:52:06 | 002,536,792 | ---- | M] (Garena Online PTE LTD) -- C:\Program Files\Garena\Garena.exe
PRC - [2010/01/16 11:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/01 19:47:00 | 000,119,296 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
PRC - [2009/10/19 23:41:56 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/09 22:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/21 10:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/03/21 17:09:16 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Inspiron 530\Documents\My DAP Downloads\OTL.exe
MOD - [2009/04/11 14:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 18:53:13 | 000,386,856 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/02/03 12:16:58 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/09/25 09:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/09 22:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.bn/webhp?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=en&source=hp&btnG=Google+Search"
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.4.0.1
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.19.1
FF - prefs.js..extensions.enabledItems: ArzoFox@sjcmankimo.ilovetw:0.1.7
FF - prefs.js..keyword.URL: "http://www.ask.com/web?o=13701&l=dis&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/19 17:49:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/19 17:49:44 | 000,000,000 | ---D | M]

[2010/02/21 12:43:56 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\Mozilla\Extensions
[2010/02/21 12:43:56 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/21 11:55:02 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\Mozilla\Firefox\Profiles\g380bc2l.default\extensions
[2010/02/22 19:04:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Inspiron 530\AppData\Roaming\Mozilla\Firefox\Profiles\g380bc2l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/19 16:40:56 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\Mozilla\Firefox\Profiles\g380bc2l.default\extensions\ArzoFox@sjcmankimo.ilovetw
[2010/03/13 23:30:17 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\Mozilla\Firefox\Profiles\g380bc2l.default\extensions\foxyproxy@eric.h.jung
[2010/03/21 10:31:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/20 21:48:57 | 000,380,731 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13117 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Inspiron 530\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Inspiron 530\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Inspiron 530\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Inspiron 530\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 10:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/03/21 10:32:36 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2010/03/20 22:10:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/20 18:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/03/20 18:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/03/17 18:23:31 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2010/03/17 18:23:31 | 000,110,592 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2010/03/17 18:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2010/03/15 17:18:09 | 000,000,000 | ---D | C] -- C:\Users\Inspiron 530\Documents\BFBC2
[2010/03/15 16:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/03/15 16:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/03/15 16:20:32 | 000,000,000 | ---D | C] -- C:\Users\Inspiron 530\AppData\Roaming\DAEMON Tools Lite
[2010/03/15 16:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/03/09 17:30:31 | 000,000,000 | ---D | C] -- C:\Users\Inspiron 530\Documents\Rainmeter
[2010/03/09 17:30:31 | 000,000,000 | ---D | C] -- C:\Users\Inspiron 530\AppData\Roaming\Rainmeter
[2010/03/09 17:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter
[2010/03/09 16:41:26 | 000,000,000 | ---D | C] -- C:\Users\Inspiron 530\AppData\Roaming\Dell
[2010/03/09 16:40:10 | 000,000,000 | ---D | C] -- C:\Users\Inspiron 530\AppData\Local\Stardock_Corporation
[2010/03/09 16:40:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7322D736-AA5F-4DD0-8E33-EA48318CC276}
[2010/03/09 16:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2010/03/09 16:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/03/09 16:39:33 | 000,000,000 | ---D | C] -- C:\Users\Inspiron 530\AppData\Local\PackageAware
[2010/03/08 20:32:18 | 000,000,000 | ---D | C] -- C:\Users\Inspiron 530\AppData\Local\Oberon Media
[2010/03/08 20:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media
[2010/03/08 17:37:46 | 000,000,000 | ---D | C] -- C:\Users\Inspiron 530\AppData\Local\HP
[2010/03/07 18:49:59 | 000,000,000 | ---D | C] -- C:\Users\Inspiron 530\Documents\My Chat Logs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/21 17:10:23 | 006,553,600 | -HS- | M] () -- C:\Users\Inspiron 530\NTUSER.DAT
[2010/03/21 16:08:53 | 000,046,592 | ---- | M] () -- C:\Users\Inspiron 530\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/21 15:58:59 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{796AD6D4-B026-4D3A-B896-0EA0A9A9B22B}.job
[2010/03/21 15:56:38 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/21 15:56:38 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/21 14:24:58 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/03/21 10:48:21 | 000,000,041 | ---- | M] () -- C:\Users\Inspiron 530\jagex_runescape_preferences.dat
[2010/03/21 10:47:54 | 000,000,069 | ---- | M] () -- C:\Users\Inspiron 530\jagex_runescape_preferences2.dat
[2010/03/21 10:01:56 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/21 10:01:56 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/21 10:01:56 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/21 09:56:47 | 000,100,432 | ---- | M] () -- C:\Users\Inspiron 530\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/21 09:56:46 | 000,371,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/21 09:56:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/21 09:56:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/21 09:56:30 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/21 09:55:46 | 000,524,288 | -HS- | M] () -- C:\Users\Inspiron 530\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/21 09:55:46 | 000,065,536 | -HS- | M] () -- C:\Users\Inspiron 530\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/21 09:55:44 | 002,599,995 | -H-- | M] () -- C:\Users\Inspiron 530\AppData\Local\IconCache.db
[2010/03/20 21:48:57 | 000,380,731 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/03/20 19:17:44 | 000,380,731 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100320-214857.backup
[2010/03/20 19:13:38 | 000,000,761 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100320-191744.backup
[2010/03/20 09:38:23 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/03/17 18:23:31 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2010/03/17 18:23:31 | 000,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2010/03/17 09:37:18 | 000,016,278 | ---- | M] () -- C:\Users\Inspiron 530\Documents\Hotel Booking Concorde.docx
[2010/03/15 17:13:57 | 000,138,056 | ---- | M] () -- C:\Users\Inspiron 530\AppData\Roaming\PnkBstrK.sys
[2010/03/15 17:13:38 | 002,434,856 | ---- | M] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010/03/15 16:21:20 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010/03/10 09:12:26 | 000,013,586 | ---- | M] () -- C:\Users\Inspiron 530\Documents\Iran Air.docx
[2010/03/09 17:30:06 | 000,001,709 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2010/03/09 16:40:10 | 000,001,818 | ---- | M] () -- C:\Users\Inspiron 530\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/21 10:47:53 | 000,000,069 | ---- | C] () -- C:\Users\Inspiron 530\jagex_runescape_preferences2.dat
[2010/03/21 10:33:07 | 000,000,041 | ---- | C] () -- C:\Users\Inspiron 530\jagex_runescape_preferences.dat
[2010/03/17 09:37:17 | 000,016,278 | ---- | C] () -- C:\Users\Inspiron 530\Documents\Hotel Booking Concorde.docx
[2010/03/16 16:18:59 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/03/15 17:13:38 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010/03/15 16:21:20 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/03/10 09:12:24 | 000,013,586 | ---- | C] () -- C:\Users\Inspiron 530\Documents\Iran Air.docx
[2010/03/09 17:30:06 | 000,001,709 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2010/03/09 16:40:10 | 000,001,818 | ---- | C] () -- C:\Users\Inspiron 530\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/02/22 22:30:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/22 18:19:59 | 000,138,056 | ---- | C] () -- C:\Users\Inspiron 530\AppData\Roaming\PnkBstrK.sys
[2010/02/22 18:19:59 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/02/22 18:19:26 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010/02/19 17:00:06 | 000,001,153 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/02/19 16:04:30 | 000,046,592 | ---- | C] () -- C:\Users\Inspiron 530\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/19 12:42:26 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/02/19 12:42:26 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/02/19 11:23:42 | 000,000,680 | ---- | C] () -- C:\Users\Inspiron 530\AppData\Local\d3d9caps.dat
[2010/02/03 11:22:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/02/03 08:59:04 | 000,050,127 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/02/19 16:50:30 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\ACD Systems
[2010/02/27 23:33:23 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\C__Program Files_MSNRecorderMax_youtubeuploader.exe
[2010/03/15 16:27:18 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\DAEMON Tools Lite
[2010/02/19 20:53:20 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\funkitron
[2010/03/21 09:57:36 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\LimeWire
[2010/02/27 23:31:15 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\MSNRecorderMax
[2010/03/13 21:35:50 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\Rainmeter
[2010/03/21 09:59:27 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\uTorrent
[2010/03/21 09:55:47 | 000,029,212 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/03/21 15:58:59 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{796AD6D4-B026-4D3A-B896-0EA0A9A9B22B}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2008/01/21 10:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 10:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 10:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 10:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 10:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 17:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 14:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 14:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 14:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 10:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 10:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 17:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 17:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 17:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/21 10:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 10:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 10:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 17:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 14:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 14:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 10:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 17:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 10:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 10:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 10:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 10:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 14:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 14:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >




















Extras

OTL Extras logfile created on: 3/21/2010 5:10:07 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Inspiron 530\Documents\My DAP Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 153.41 Gb Free Space | 53.26% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: INSPIRON530-PC
Current User Name: Inspiron 530
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C754193-00F0-473A-9F8A-21BFB91F4135}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{95840377-6F5B-4BF9-A3ED-B061362C859F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{962087C5-CEBD-4818-A53B-BBB3B91B65D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D7222AE-3278-4984-842E-218E5E0B3A7B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{0F52BBD4-3A5E-4A40-898A-7709AC32A635}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{121949A0-6046-47CA-8A00-85551BE7A8DA}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{3C1D484B-3809-4273-93B7-88CECD88432D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\zero gear\zerogear.bat |
"{41C87062-EC20-4693-850C-4F74D28496FC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4684A45B-3605-4828-8483-48B034E62847}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{49162662-2083-4028-9030-A3B7F704F252}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{4BC535BC-AFB2-4B93-8AC2-089887DAA36A}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{5B255E67-0CCE-4CA1-8F8E-B68FFD72191C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\zero gear\zerogear.bat |
"{6901EF3E-5C08-439B-996F-23A71033A6C8}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{695411BE-FC9D-491B-A052-35F5A33AEB31}" = protocol=6 | dir=in | app=c:\users\starcraft ii beta\starcraft ii.exe |
"{75881AF8-87EA-4BE3-A2D7-2271BA00F7EB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{78BD330C-1273-4994-AE64-2F8DE00B4246}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{7A050620-52F1-4C4C-97FC-C07055F01BF6}" = protocol=17 | dir=in | app=c:\users\starcraft ii beta\starcraft ii.exe |
"{8B890D4B-24FC-4167-990D-914935F7F1E3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9FDF63BC-E701-4412-A905-8349EB0FC4ED}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe |
"{ADFBF1D7-927B-4F64-B52F-939EA6BF4B24}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{B9250727-9AD6-46E7-B11D-20DEF4E5049E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CE02F20F-02C9-4A63-9561-CD08F46C14EB}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{D0E2F0B5-DF3A-49DF-99F8-B77F34C6FDDE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{D2092A80-FF94-468B-89F2-24AAB217E54F}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{D53F1267-98A9-4207-AE07-8AB80AECE3D7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D61A4A3D-F810-4751-8B12-43CB2D3D654C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{EA8D8E37-2B61-4ADE-A11F-F0B1E54F2F34}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe |
"{F32C45ED-214D-45CB-8464-84112AF5343C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F5E6D972-0CA1-48B4-87F5-E5F8CC27C1A0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FE7C89ED-E6CE-4F4E-820B-62EF6805F665}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{FEB18DCE-F8D5-4008-B310-B0747CE02C3E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{1FE18C46-C180-42C9-A3E8-CC8FCA05074D}C:\users\starcraft ii beta\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\users\starcraft ii beta\support\blizzarddownloader.exe |
"TCP Query User{3762CC35-F8EC-4064-9F66-D7DA1DDF8424}C:\users\starcraft ii beta\versions\base14093\sc2.exe" = protocol=6 | dir=in | app=c:\users\starcraft ii beta\versions\base14093\sc2.exe |
"TCP Query User{67F6F3EA-C1F6-45C8-9D4C-F8FF9C845096}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{7D40A497-EDEE-4F62-9939-296D3F473492}C:\program files\activision\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\modern warfare 2\iw4mp.exe |
"TCP Query User{80456025-ADB9-477D-8F96-EE068753A8DC}C:\program files\steam\steamapps\common\zero gear\server\zerogearserver.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\zero gear\server\zerogearserver.exe |
"TCP Query User{93960AAF-4384-4146-BC66-09FAD3EEF853}C:\users\inspiron 530\desktop\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\inspiron 530\desktop\left 4 dead 2\left4dead2.exe |
"TCP Query User{B23ED549-8D48-47A5-B85F-FFE678DBAE80}C:\program files\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files\left 4 dead 2\left4dead2.exe |
"TCP Query User{B7F7D489-4E56-41B7-8C78-37DA86A9ADB0}C:\program files\dap\dap.exe" = protocol=6 | dir=in | app=c:\program files\dap\dap.exe |
"TCP Query User{D2600951-6966-4E7B-89C1-514436633EA6}C:\users\inspiron 530\downloads\downloader_starcraft_combo_enus.exe" = protocol=6 | dir=in | app=c:\users\inspiron 530\downloads\downloader_starcraft_combo_enus.exe |
"TCP Query User{D9145E33-ABFA-42EF-A7D7-0323C7EFDBED}C:\users\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\users\starcraft\starcraft.exe |
"TCP Query User{E36C43EB-E3A1-4CCC-86B7-36ADF311A69A}C:\users\starcraft ii beta\versions\base14219\sc2.exe" = protocol=6 | dir=in | app=c:\users\starcraft ii beta\versions\base14219\sc2.exe |
"TCP Query User{F0AECAE9-9A10-4B39-954F-D010D1E1C96D}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{F2BD1B59-498C-4105-8B2E-540CB97779DF}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{1081FA96-FF10-4A29-B60F-70852C906285}C:\users\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\users\starcraft\starcraft.exe |
"UDP Query User{293FF748-EC2A-452A-ACF7-4B700C646D2A}C:\users\starcraft ii beta\versions\base14219\sc2.exe" = protocol=17 | dir=in | app=c:\users\starcraft ii beta\versions\base14219\sc2.exe |
"UDP Query User{4CC8D008-991F-4C47-A13D-CB016335A225}C:\users\inspiron 530\downloads\downloader_starcraft_combo_enus.exe" = protocol=17 | dir=in | app=c:\users\inspiron 530\downloads\downloader_starcraft_combo_enus.exe |
"UDP Query User{644ECF09-FD9B-4B82-A907-96CC56E80185}C:\program files\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files\left 4 dead 2\left4dead2.exe |
"UDP Query User{798EB116-6DF9-409E-9B17-0D2664532E7D}C:\users\inspiron 530\desktop\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\inspiron 530\desktop\left 4 dead 2\left4dead2.exe |
"UDP Query User{7A36F5B2-C933-4119-A527-6C56806D538E}C:\users\starcraft ii beta\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\users\starcraft ii beta\support\blizzarddownloader.exe |
"UDP Query User{80BA3D67-538A-437F-B577-0ED9E8D65ABE}C:\users\starcraft ii beta\versions\base14093\sc2.exe" = protocol=17 | dir=in | app=c:\users\starcraft ii beta\versions\base14093\sc2.exe |
"UDP Query User{862B2E73-0F5D-48ED-AEE8-EE2B16C95014}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{C38507A6-7732-41A5-86C6-BC453C6AD1CA}C:\program files\steam\steamapps\common\zero gear\server\zerogearserver.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\zero gear\server\zerogearserver.exe |
"UDP Query User{C6F0F1F6-DE6A-40BB-ACC4-9FB6864CB6DF}C:\program files\dap\dap.exe" = protocol=17 | dir=in | app=c:\program files\dap\dap.exe |
"UDP Query User{C7CBE0E8-2B41-46A6-92E5-0948198F73BD}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{E7421A5D-6837-43EB-94AF-3A51D4012DB4}C:\program files\activision\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\modern warfare 2\iw4mp.exe |
"UDP Query User{F92A14A4-3014-46B2-BC70-BAF59F9CF382}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CC55E1-EA68-22D4-92DF-B94F287DCE40}" = ccc-core-static
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E76D6D4-5EFD-0714-1E65-E5B0ED1C9731}" = Catalyst Control Center Core Implementation
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{2D206DBD-6491-26BD-0DFA-165AA8A0CFFD}" = Catalyst Control Center Graphics Light
"{2D3B4614-7291-583D-A925-476924FF5A5F}" = Catalyst Control Center Graphics Previews Common
"{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{44180AF6-7A2A-B2C6-CBC9-AF2547AFD8E6}" = ATI Catalyst Install Manager
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5B479C22-7B50-5D31-7BD9-02D1260254D3}" = Catalyst Control Center HydraVision Full
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6D372DFB-666E-FD3D-8B23-C116A8F5A643}" = Catalyst Control Center Graphics Full Existing
"{6E994B82-FE8B-2777-295A-4D6F4314E8DD}" = ccc-utility
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7343AE89-4612-4436-9739-0CF73DAFB624}_is1" = Bubble Town
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{79208609-FD44-4865-AE2B-784FDF31212C}_is1" = GameHouse Super Games AIO®
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B3D726D7-12FC-B85D-E6C9-54536827A01A}" = Catalyst Control Center Graphics Previews Vista
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{C176CB21-4E7D-D56D-905B-F4A4CB1301AD}" = Catalyst Control Center Graphics Full New
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3BD4C42-B54D-DD47-68EC-5DD1D6097E6F}" = CCC Help English
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F20F8E93-3471-1808-AC39-7CE622FCBB4B}" = Catalyst Control Center InstallProxy
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Dell Dock" = Dell Dock
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Garena" = Garena 2010
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0
"L4D2SP" = Left 4 Dead 2 Standalone Patch™
"LimeWire" = LimeWire 5.4.8
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Nero8Lite_is1" = Nero 8 Lite 8.3.2.1
"OpenAL" = OpenAL
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter (remove only)
"Shop for HP Supplies" = Shop for HP Supplies
"Shutter_is1" = Shutter
"StarCraft" = StarCraft
"StarCraft II Beta" = StarCraft II Beta
"Steam App 18110" = Shattered Horizon
"Steam App 18800" = Zero Gear Demo
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/20/2010 7:11:37 AM | Computer Name = Inspiron530-PC | Source = Application Hang | ID = 1002
Description = The program SpybotSD.exe version 1.6.2.46 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ef0 Start Time: 01cac81a741fdab0 Termination Time: 7

Error - 3/20/2010 9:58:54 AM | Computer Name = Inspiron530-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3667 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: b70 Start Time: 01cac835600c3c88 Termination Time: 7

Error - 3/20/2010 10:10:13 AM | Computer Name = Inspiron530-PC | Source = Application Error | ID = 1000
Description = Faulting application DAP.exe, version 9.4.0.4, time stamp 0x4b7be93b,
faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception
code 0xc0000005, fault offset 0x00066fcf, process id 0x954, application start time
0x01cac7c493a2bbc6.

Error - 3/20/2010 11:12:43 AM | Computer Name = Inspiron530-PC | Source = Application Hang | ID = 1002
Description = The program msnmsgr.exe version 14.0.8089.726 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: f90 Start Time: 01cac80112705c7e Termination Time: 31

Error - 3/20/2010 12:06:06 PM | Computer Name = Inspiron530-PC | Source = MsiInstaller | ID = 11905
Description =

Error - 3/20/2010 12:12:25 PM | Computer Name = Inspiron530-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/20/2010 1:27:24 PM | Computer Name = Inspiron530-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/20/2010 9:51:43 PM | Computer Name = Inspiron530-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/20/2010 9:56:54 PM | Computer Name = Inspiron530-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/21/2010 3:52:30 AM | Computer Name = Inspiron530-PC | Source = Application Error | ID = 1000
Description = Faulting application left4dead2.exe, version 0.0.0.0, time stamp 0x4addfda3,
faulting module client.dll, version 0.0.0.0, time stamp 0x4b849645, exception code
0xc0000005, fault offset 0x00030e33, process id 0xb90, application start time 0x01cac8cad27f5de0.

[ System Events ]
Error - 3/17/2010 4:15:34 AM | Computer Name = Inspiron530-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/18/2010 5:29:41 AM | Computer Name = Inspiron530-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/19/2010 6:03:48 AM | Computer Name = Inspiron530-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/19/2010 6:53:20 AM | Computer Name = Inspiron530-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 3/19/2010 6:53:20 AM | Computer Name = Inspiron530-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/19/2010 8:32:23 PM | Computer Name = Inspiron530-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/20/2010 12:14:07 PM | Computer Name = Inspiron530-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/20/2010 1:28:53 PM | Computer Name = Inspiron530-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/20/2010 9:53:24 PM | Computer Name = Inspiron530-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/20/2010 9:58:27 PM | Computer Name = Inspiron530-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:02 AM

Posted 21 March 2010 - 02:35 PM

Hello,

1.
We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :Otl
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O13 - gopher Prefix: missing

    :commands
    [RESETHOSTS]
    [EMPTYTEMP]
    [EMPTYFLASH]]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.


2.
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Things to include in your next reply:
OTL log
Gooredfix.log

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 SeekerOfD

SeekerOfD
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 22 March 2010 - 12:43 AM

This is the gooredfix result.

GooredFix by jpshortstuff (08.01.10.1)
Log created at 13:38 on 22/03/2010 (Inspiron 530)
Firefox version 3.6 (en-US)

========== GooredScan ==========

Removing Orphan:
"{0329E7D6-6F54-462D-93F6-F5C3118BADF2}"="C:\Program Files\SpeedBit Video Downloader\SPFireFox" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [04:46 19/02/2010]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [09:16 19/02/2010]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [02:31 21/03/2010]

C:\Users\Inspiron 530\Application Data\Mozilla\Firefox\Profiles\g380bc2l.default\extensions\
ArzoFox@sjcmankimo.ilovetw [08:40 19/02/2010]
foxyproxy@eric.h.jung [15:30 13/03/2010]
{20a82645-c095-46ed-80e3-08825760534b} [11:04 22/02/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [02:39 21/02/2010]

-=E.O.F=-


I had done the OTL scan first and when i did the gooredfix scan, it told me to close my firefox and so i did... with this window open and it took the results of the scan with it. I can scan again if you want but i would imagine the results would be different?

Sorry :/

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:02 AM

Posted 22 March 2010 - 08:00 PM

Hello,

QUOTE
I had done the OTL scan first and when i did the gooredfix scan, it told me to close my firefox and so i did... with this window open and it took the results of the scan with it. I can scan again if you want but i would imagine the results would be different?

Sorry :/

NO problem! thumbup2.gif Just run the following and post its log.

    1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


Also, How is your machine running? Any signs of Malware or redirects?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 SeekerOfD

SeekerOfD
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 22 March 2010 - 11:17 PM

Its doing fine, nothing out of the ordinary anymore.

OTL scan;

OTL logfile created on: 3/23/2010 12:06:17 PM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = c:\Users\Inspiron 530\Documents\My DAP Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 158.32 Gb Free Space | 54.97% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: INSPIRON530-PC
Current User Name: Inspiron 530
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/21 17:09:16 | 000,555,520 | ---- | M] (OldTimer Tools) -- c:\Users\Inspiron 530\Documents\My DAP Downloads\OTL.exe
PRC - [2010/02/19 16:58:26 | 002,815,488 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2010/02/03 12:17:28 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/02/03 12:16:58 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/02/01 11:52:06 | 002,536,792 | ---- | M] (Garena Online PTE LTD) -- C:\Program Files\Garena\Garena.exe
PRC - [2010/01/16 11:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/01 19:47:00 | 000,119,296 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
PRC - [2009/10/19 23:41:56 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/09 22:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/21 10:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/03/21 17:09:16 | 000,555,520 | ---- | M] (OldTimer Tools) -- c:\Users\Inspiron 530\Documents\My DAP Downloads\OTL.exe
MOD - [2009/04/11 14:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 18:53:13 | 000,386,856 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/02/03 12:16:58 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/09/25 09:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/24 19:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/09 22:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.bn/webhp?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=en&source=hp&btnG=Google+Search"
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.4.0.1
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.19.1
FF - prefs.js..extensions.enabledItems: ArzoFox@sjcmankimo.ilovetw:0.1.7
FF - prefs.js..keyword.URL: "http://www.ask.com/web?o=13701&l=dis&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/19 17:49:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/19 17:49:44 | 000,000,000 | ---D | M]

[2010/02/21 12:43:56 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\Mozilla\Extensions
[2010/02/21 12:43:56 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/22 13:48:48 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\Mozilla\Firefox\Profiles\g380bc2l.default\extensions
[2010/02/22 19:04:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Inspiron 530\AppData\Roaming\Mozilla\Firefox\Profiles\g380bc2l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/19 16:40:56 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\Mozilla\Firefox\Profiles\g380bc2l.default\extensions\ArzoFox@sjcmankimo.ilovetw
[2010/03/13 23:30:17 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\Mozilla\Firefox\Profiles\g380bc2l.default\extensions\foxyproxy@eric.h.jung
[2010/03/21 10:31:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/22 13:28:27 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Inspiron 530\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Inspiron 530\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Inspiron 530\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Inspiron 530\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 10:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/03/22 13:38:40 | 000,000,000 | ---D | C] -- C:\Users\Inspiron 530\Desktop\GooredFix Backups
[2010/03/22 13:28:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/22 09:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\3do
[2010/03/21 10:32:36 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2010/03/20 22:10:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/20 18:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/03/20 18:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/03/17 18:23:31 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2010/03/17 18:23:31 | 000,110,592 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2010/03/17 18:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2010/03/15 17:18:09 | 000,000,000 | ---D | C] -- C:\Users\Inspiron 530\Documents\BFBC2
[2010/03/15 16:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/03/15 16:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/03/15 16:20:32 | 000,000,000 | ---D | C] -- C:\Users\Inspiron 530\AppData\Roaming\DAEMON Tools Lite
[2010/03/15 16:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/03/09 17:30:31 | 000,000,000 | ---D | C] -- C:\Users\Inspiron 530\Documents\Rainmeter
[2010/03/09 17:30:31 | 000,000,000 | ---D | C] -- C:\Users\Inspiron 530\AppData\Roaming\Rainmeter
[2010/03/09 17:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter
[2010/03/09 16:41:26 | 000,000,000 | ---D | C] -- C:\Users\Inspiron 530\AppData\Roaming\Dell
[2010/03/09 16:40:10 | 000,000,000 | ---D | C] -- C:\Users\Inspiron 530\AppData\Local\Stardock_Corporation
[2010/03/09 16:40:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7322D736-AA5F-4DD0-8E33-EA48318CC276}
[2010/03/09 16:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2010/03/09 16:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/03/09 16:39:33 | 000,000,000 | ---D | C] -- C:\Users\Inspiron 530\AppData\Local\PackageAware

========== Files - Modified Within 14 Days ==========

[2010/03/23 12:06:27 | 006,553,600 | -HS- | M] () -- C:\Users\Inspiron 530\NTUSER.DAT
[2010/03/23 11:34:38 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/23 11:34:38 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/23 11:34:38 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/23 11:31:49 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{796AD6D4-B026-4D3A-B896-0EA0A9A9B22B}.job
[2010/03/23 11:27:50 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/23 11:27:50 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/23 11:27:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/23 11:27:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/23 11:27:44 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/22 22:46:58 | 000,524,288 | -HS- | M] () -- C:\Users\Inspiron 530\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/22 22:46:58 | 000,065,536 | -HS- | M] () -- C:\Users\Inspiron 530\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/22 22:46:42 | 002,615,358 | -H-- | M] () -- C:\Users\Inspiron 530\AppData\Local\IconCache.db
[2010/03/22 16:37:42 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/03/22 13:52:10 | 000,051,712 | ---- | M] () -- C:\Users\Inspiron 530\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/22 13:28:27 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/03/21 10:48:21 | 000,000,041 | ---- | M] () -- C:\Users\Inspiron 530\jagex_runescape_preferences.dat
[2010/03/21 10:47:54 | 000,000,069 | ---- | M] () -- C:\Users\Inspiron 530\jagex_runescape_preferences2.dat
[2010/03/21 09:56:47 | 000,100,432 | ---- | M] () -- C:\Users\Inspiron 530\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/21 09:56:46 | 000,371,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/20 19:17:44 | 000,380,731 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100320-214857.backup
[2010/03/20 19:13:38 | 000,000,761 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100320-191744.backup
[2010/03/20 09:38:23 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/03/17 18:23:31 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2010/03/17 18:23:31 | 000,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2010/03/17 09:37:18 | 000,016,278 | ---- | M] () -- C:\Users\Inspiron 530\Documents\Hotel Booking Concorde.docx
[2010/03/15 17:13:57 | 000,138,056 | ---- | M] () -- C:\Users\Inspiron 530\AppData\Roaming\PnkBstrK.sys
[2010/03/15 17:13:38 | 002,434,856 | ---- | M] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010/03/15 16:21:20 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010/03/10 09:12:26 | 000,013,586 | ---- | M] () -- C:\Users\Inspiron 530\Documents\Iran Air.docx
[2010/03/09 17:30:06 | 000,001,709 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2010/03/09 16:40:10 | 000,001,818 | ---- | M] () -- C:\Users\Inspiron 530\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

========== Files Created - No Company Name ==========

[2010/03/21 10:47:53 | 000,000,069 | ---- | C] () -- C:\Users\Inspiron 530\jagex_runescape_preferences2.dat
[2010/03/21 10:33:07 | 000,000,041 | ---- | C] () -- C:\Users\Inspiron 530\jagex_runescape_preferences.dat
[2010/03/17 09:37:17 | 000,016,278 | ---- | C] () -- C:\Users\Inspiron 530\Documents\Hotel Booking Concorde.docx
[2010/03/16 16:18:59 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/03/15 17:13:38 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010/03/15 16:21:20 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/03/10 09:12:24 | 000,013,586 | ---- | C] () -- C:\Users\Inspiron 530\Documents\Iran Air.docx
[2010/03/09 17:30:06 | 000,001,709 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2010/03/09 16:40:10 | 000,001,818 | ---- | C] () -- C:\Users\Inspiron 530\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/02/22 22:30:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/22 18:19:59 | 000,138,056 | ---- | C] () -- C:\Users\Inspiron 530\AppData\Roaming\PnkBstrK.sys
[2010/02/22 18:19:59 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/02/22 18:19:26 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010/02/19 17:00:06 | 000,001,153 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/02/19 16:04:30 | 000,051,712 | ---- | C] () -- C:\Users\Inspiron 530\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/19 12:42:26 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/02/19 12:42:26 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/02/19 11:23:42 | 000,000,680 | ---- | C] () -- C:\Users\Inspiron 530\AppData\Local\d3d9caps.dat
[2010/02/03 11:22:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/02/03 08:59:04 | 000,050,127 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/02/19 16:50:30 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\ACD Systems
[2010/02/27 23:33:23 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\C__Program Files_MSNRecorderMax_youtubeuploader.exe
[2010/03/15 16:27:18 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\DAEMON Tools Lite
[2010/02/19 20:53:20 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\funkitron
[2010/03/23 11:28:04 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\LimeWire
[2010/02/27 23:31:15 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\MSNRecorderMax
[2010/03/13 21:35:50 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\Rainmeter
[2010/03/23 12:02:53 | 000,000,000 | ---D | M] -- C:\Users\Inspiron 530\AppData\Roaming\uTorrent
[2010/03/22 22:47:15 | 000,030,722 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/03/23 11:31:49 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{796AD6D4-B026-4D3A-B896-0EA0A9A9B22B}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2008/01/21 10:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 10:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 10:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 10:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 10:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 17:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 14:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 14:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 14:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 10:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 10:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 17:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 17:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 17:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/21 10:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 10:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 10:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 17:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 14:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 14:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 10:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 17:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 10:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 10:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 10:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 10:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 14:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 14:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


No Extra file came out.
Scan is complete however.

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:02 AM

Posted 23 March 2010 - 05:16 PM

Congradulations your log is clean!

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.



For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.
Please also have a look at the following links, giving some advice and suggestions for preventing future infections:Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
I recommend you regularly visit the Windows Update Site , you where lagging behind on a few of them!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache!
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Another recommend, is to download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  1. Double-click the Downloaded installer and install the tool to a location of your choice
  2. Via the Startmenu, navigate to HostsMan and run the program.
    1. Click "Hosts" in the menu
    2. Click "Manage Updates" in the submenu
    3. Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    4. Click "Add Update." After that you will only need to click on the following button to retrieve updates:
  3. Click the X to exit the program.
  4. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

Edited by fireman4it, 23 March 2010 - 05:17 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 SeekerOfD

SeekerOfD
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 23 March 2010 - 10:58 PM

Thanks again for the help! You guys are extremely efficient at helping!

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:02 AM

Posted 24 March 2010 - 03:42 PM

You are very Welcome thumbup.gif


This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users