Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
9 replies to this topic

#1 hnsi

hnsi

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 06 October 2010 - 09:19 PM

Today I started getting multiple warnings from AVG Free 9.0. I ran MalwareBytes and AVG and MalwareBytes found 14 infections. After that I restarted my computer and at the startup it told me that "wupdate.exe" wanted to make changes. I did not allow that. The "wupdate.exe" file was in my C:/WINDOWS/sysWOW64 directory. I deleted it.

Now I am not getting any Warnings, but My Google searches are all messed up. The redirect to all these crazy sites - nothing bad, no adult sites or porn, just not where I want to go...

I downloaded some stuff earlier today so I feel sure it is related to those downloads.

I feel as stupid as ever!

-hnsi

Today I started getting multiple warnings from AVG Free 9.0. I ran MalwareBytes and AVG and MalwareBytes found 14 infections. After that I restarted my computer and at the startup it told me that "wupdate.exe" wanted to make changes. I did not allow that. The "wupdate.exe" file was in my C:/WINDOWS/sysWOW64 directory. I deleted it.

Now I am not getting any Warnings, but My Google searches are all messed up. The redirect to all these crazy sites - nothing bad, no adult sites or porn, just not where I want to go...

I downloaded some stuff earlier today so I feel sure it is related to those downloads.

I feel as stupid as ever!

EDIT: I NOW FEEL MOTR STUPID BECAUSE I DID NOT PASTE AND ATTACH MY LOGS, BUT HERE THEY ARE. THERE IS NO GMER LOG BECAUSE i AM RUNNING A 64-BIT VERSION OF WINDOWS AND I HAVE BEEN TOLD HERE BEFORE THAT GMER DOES NOT WORK WITH 64-BUT.


DDS.TXT LOG


DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by MALLETTE at 23:41:22.99 on Sat 10/09/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3764.2553 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\astsrv.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\lxdxcoms.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\MALLETTE\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/webhp?rls=ig
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5740&r=273606105126l0328z155t5861d512
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5740&r=273606105126l0328z155t5861d512
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5740&r=273606105126l0328z155t5861d512
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [wupdate] %SystemRoot%\system32\wupdate.exe
StartupFolder: C:\Users\MALLETTE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: avgrssta.dll
Hosts: 212.117.178.25 www.google.com
Hosts: 212.117.163.43 search.yahoo.com

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-8-23 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-8-23 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-8-23 317520]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-8-23 921952]
R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-8-23 308136]
R2 lxdx_device;lxdx_device;C:\Windows\system32\lxdxcoms.exe -service --> C:\Windows\system32\lxdxcoms.exe -service [?]
R2 nlsX86cc;Nalpeiron Licensing Service V6;C:\Windows\system32\nlssrv32.exe --> C:\Windows\system32\nlssrv32.exe [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-4 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-12-10 151936]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-12-10 244736]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-8-6 320040]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]
S2 !SASCORE;SAS Core Service;"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" --> C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [?]
S2 ASTSRV;AST HighEnd Service;C:\Windows\system32\ASTSRV.EXE --> C:\Windows\system32\ASTSRV.EXE [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\Windows\system32\srvany.exe --> C:\Windows\system32\srvany.exe [?]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-7-22 40448]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-12-10 52264]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-12-10 35104]
S3 MEMSWEEP2;MEMSWEEP2;C:\Windows\System32\D813.tmp [2010-8-4 6144]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-11 305448]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-17 1255736]
S4 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-12-10 844320]
S4 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
S4 nlscc;Nalpeiron X64 Service;C:\Windows\System32\nlsInterface.EXE [2010-6-18 72192]
S4 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-9-24 62720]
S4 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
S4 SCPDFReadSpool;SolidConverterPDFReadSpool;C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDFV6\SolidConverterPDFServicex64.exe [2009-10-23 320512]
S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-4 2320920]
S4 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-4 240160]

=============== Created Last 30 ================

2010-10-09 05:19:31 -------- d-----w- C:\PROGRA~3\lx_Cats
2010-10-09 05:19:22 177664 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\lxdxdrpp.dll
2010-10-06 18:45:31 241664 ----a-w- C:\Windows\Yputua.exe
2010-10-06 18:45:06 141 ----a-w- C:\Users\MALLETTE\AppData\Roaming\asdsada.bat
2010-10-06 18:44:53 -------- d-----w- C:\Users\MALLETTE\AppData\Roaming\Genieo
2010-10-06 18:44:10 -------- d-----w- C:\PROGRA~3\Update
2010-10-06 15:55:08 -------- d-----w- C:\Program Files\Common Files\Topaz Labs
2010-10-06 15:36:02 -------- d-----w- C:\PROGRA~3\boost_interprocess_MALLETTE
2010-10-06 15:35:14 -------- d-----w- C:\Program Files (x86)\Topaz Labs
2010-10-06 15:35:14 -------- d-----w- C:\Program Files (x86)\Common Files\Topaz Labs
2010-10-06 05:13:59 227840 ----a-w- C:\Windows\SysWow64\Deco_32.dll
2010-10-06 05:08:40 61440 ----a-w- C:\Windows\SysWow64\nlssrv32.exe
2010-10-06 05:06:33 -------- d-----w- C:\Users\MALLETTE\AppData\Roaming\DAEMON Tools Lite
2010-10-06 04:53:40 -------- d-----w- C:\Temp
2010-10-06 04:49:19 -------- d-----w- C:\PROGRA~3\Nik Software
2010-10-05 19:48:09 -------- d-----w- C:\Program Files (x86)\Photodex Presenter
2010-10-05 19:47:56 -------- d-----w- C:\Program Files (x86)\Photodex
2010-10-05 19:47:14 -------- d-----w- C:\Users\MALLETTE\AppData\Roaming\Photodex
2010-10-05 19:47:13 -------- d-----w- C:\PROGRA~3\Photodex
2010-10-02 20:09:36 -------- d-----w- C:\Program Files\Oloneo PhotoEngine
2010-10-01 18:11:35 -------- d-----w- C:\Program Files (x86)\Joboshare
2010-09-29 23:39:16 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-09-29 23:39:16 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-09-29 23:38:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-29 23:38:45 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-29 23:38:43 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-09-29 23:38:43 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-09-21 00:50:35 6144 ----a-w- C:\Windows\SysWow64\ff_acm.acm
2010-09-21 00:50:35 60273 ----a-w- C:\Windows\SysWow64\pthreadGC2.dll
2010-09-21 00:50:35 57344 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2010-09-21 00:50:34 98304 ----a-w- C:\Windows\SysWow64\L3CODECX.AX
2010-09-21 00:50:34 372736 ----a-w- C:\Windows\SysWow64\xvid.ax
2010-09-21 00:50:33 -------- d-----w- C:\Program Files (x86)\Cucusoft
2010-09-21 00:47:13 -------- d-----w- C:\Users\MALLETTE\AppData\Roaming\GetRightToGo
2010-09-20 19:54:37 -------- d-----w- C:\Program Files (x86)\AliveMedia
2010-09-19 18:55:33 -------- d-----w- C:\Users\MALLETTE\AppData\Roaming\EDrawings
2010-09-19 18:55:33 -------- d-----w- C:\Users\MALLETTE\AppData\Roaming\DassaultSystemes
2010-09-19 18:55:33 -------- d-----w- C:\Users\MALLETTE\AppData\Local\DassaultSystemes
2010-09-19 18:55:33 -------- d-----w- C:\PROGRA~3\DassaultSystemes
2010-09-19 18:54:26 -------- d-----w- C:\Program Files (x86)\Common Files\SolidWorks Shared
2010-09-19 18:54:15 -------- d-----w- C:\Program Files (x86)\Common Files\eDrawings2010
2010-09-14 19:53:10 -------- d-----w- C:\312429d4fad9a43e918e
2010-09-14 19:50:52 558592 ----a-w- C:\Windows\System32\spoolsv.exe

==================== Find3M ====================

2010-08-23 17:51:45 13048 ----a-w- C:\Windows\System32\avgrssta.dll
2010-08-23 17:51:44 317520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2010-08-23 17:51:40 269904 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2010-08-23 17:51:39 35536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2010-08-10 10:15:58 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-08-10 10:15:58 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-07-27 23:55:50 95520 ----a-w- C:\Windows\System32\dnssd.dll
2010-07-27 23:55:50 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2010-07-27 23:55:50 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2010-07-27 23:55:50 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2010-07-27 23:44:10 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2010-07-27 23:44:10 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2010-07-27 23:44:10 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2010-07-27 23:44:10 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2010-07-20 03:15:48 8192 ----a-w- C:\Windows\SysWow64\srvany.exe

============= FINISH: 23:42:23.33 ===============


Thanks

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 10 October 2010 - 03:52 PM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:17 AM

Posted 15 October 2010 - 01:59 PM

LimeWire

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Copy-paste following contents into custom scan -area:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 hnsi

hnsi
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 15 October 2010 - 02:33 PM

Here are the 2 logs from OTL:


OTL.txt


OTL logfile created on: 10/15/2010 2:19:26 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\MALLETTE\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 69.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.30 Gb Total Space | 157.33 Gb Free Space | 55.15% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: MALLETTE-LAPTOP | User Name: MALLETTE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\MALLETTE\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\MALLETTE\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (nlsX86cc) -- C:\Windows\SysNative\nlssrv32.exe File not found
SRV:64bit: - (KMService) -- C:\Windows\SysNative\srvany.exe File not found
SRV:64bit: - (ASTSRV) -- C:\Windows\SysNative\ASTSRV.EXE File not found
SRV:64bit: - (astcc) -- C:\Windows\SysNative\astsrv.exe File not found
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SRV:64bit: - (nlscc) -- C:\Windows\SysNative\nlsInterface.EXE (Nalpeiron Ltd.)
SRV:64bit: - (lxdx_device) -- C:\Windows\SysNative\lxdxcoms.exe ( )
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_062a651.dll ()
SRV - (SolidWorks Licensing Service) -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (ASTSRV) -- C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (astcc) -- C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (SCPDFReadSpool) -- C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDFV6\SolidConverterPDFServicex64.exe (Solid Documents, LLC)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\D813.tmp (Sophos Plc)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...28z155t5861d512
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...28z155t5861d512
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...28z155t5861d512
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...28z155t5861d512

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...28z155t5861d512
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp?rls=ig
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/09/07 20:20:07 | 000,000,000 | ---D | M] -- C:\Users\MALLETTE\AppData\Roaming\Mozilla\Extensions
[2010/09/07 20:20:07 | 000,000,000 | ---D | M] -- C:\Users\MALLETTE\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/09/29 06:21:48 | 000,002,074 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,890 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 212.117.178.25 www.google.com
O1 - Hosts: 212.117.163.43 search.yahoo.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [wupdate] C:\Windows\SysWow64\wupdate.exe File not found
O4 - Startup: C:\Users\MALLETTE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/x64/RACtrl.cab (Performance Viewer Activex Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.60.78.10 208.60.78.12
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{bc735711-a5c5-11df-b076-00262d7358d5}\Shell - "" = AutoRun
O33 - MountPoints2\{bc735711-a5c5-11df-b076-00262d7358d5}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/10/15 14:12:44 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\MALLETTE\Desktop\OTL.exe
[2010/10/14 16:51:23 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 16:51:23 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 16:51:22 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 16:51:22 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/14 16:51:22 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 16:51:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/14 16:51:22 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 16:51:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 16:51:22 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/14 16:51:22 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/14 16:51:21 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/14 16:51:21 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 16:51:21 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/14 16:51:21 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/14 16:50:01 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 16:49:59 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 16:49:58 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 16:49:58 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 16:49:29 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 16:45:24 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 16:45:22 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 16:45:22 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/14 16:45:22 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/14 16:45:22 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 16:45:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 16:45:15 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 16:45:15 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 16:45:13 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/11 16:39:20 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\.JxBrowser
[2010/10/11 16:39:19 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\.null
[2010/10/11 16:38:58 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\.digilabs
[2010/10/11 16:30:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Photo Creations (Mpix Press Edition)
[2010/10/10 00:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\PhotomatixPro4
[2010/10/10 00:15:52 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\AppData\Roaming\HDRsoft
[2010/10/09 00:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\lx_Cats
[2010/10/09 00:18:31 | 000,514,048 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxih.exe
[2010/10/09 00:18:30 | 001,734,144 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxserv.dll
[2010/10/09 00:18:30 | 001,472,512 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxcomc.dll
[2010/10/09 00:18:30 | 001,319,936 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxusb1.dll
[2010/10/09 00:18:30 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxhbn3.dll
[2010/10/09 00:18:30 | 001,039,872 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxcoms.exe
[2010/10/09 00:18:30 | 000,977,920 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxpmui.dll
[2010/10/09 00:18:30 | 000,884,736 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxlmpm.dll
[2010/10/09 00:18:30 | 000,598,528 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxcfg.exe
[2010/10/09 00:18:30 | 000,578,560 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxcomm.dll
[2010/10/09 00:18:30 | 000,545,792 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxinpa.dll
[2010/10/09 00:18:30 | 000,509,952 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxiesc.dll
[2010/10/09 00:18:30 | 000,047,104 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxprox.dll
[2010/10/06 13:44:53 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\AppData\Roaming\Genieo
[2010/10/06 13:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/10/06 13:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/10/06 13:31:55 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/10/06 10:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Topaz Labs
[2010/10/06 10:36:02 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess_MALLETTE
[2010/10/06 10:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Topaz Labs
[2010/10/06 10:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Topaz Labs
[2010/10/06 00:13:59 | 000,227,840 | ---- | C] (Iterated Systems, Inc.) -- C:\Windows\SysWow64\Deco_32.dll
[2010/10/06 00:08:40 | 000,061,440 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\SysWow64\nlssrv32.exe
[2010/10/06 00:06:33 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\AppData\Roaming\DAEMON Tools Lite
[2010/10/05 23:53:40 | 000,000,000 | ---D | C] -- C:\Temp
[2010/10/05 23:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Nik Software
[2010/10/05 14:48:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photodex Presenter
[2010/10/05 14:48:09 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\AppData\Roaming\Netscape
[2010/10/05 14:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photodex
[2010/10/05 14:47:14 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\AppData\Roaming\Photodex
[2010/10/05 14:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Photodex
[2010/10/02 15:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\Oloneo PhotoEngine
[2010/10/01 13:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Joboshare
[2010/09/20 19:51:39 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\Documents\Cucusoft iPhone ringtone
[2010/09/20 19:51:28 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\Documents\Cucusoft
[2010/09/20 19:50:35 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll
[2010/09/20 19:50:34 | 000,098,304 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\L3CODECX.AX
[2010/09/20 19:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cucusoft
[2010/09/20 19:47:13 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\AppData\Roaming\GetRightToGo
[2010/09/20 19:10:24 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMCT232.OCX
[2010/09/20 19:10:23 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDesign.dll
[2010/09/20 19:10:23 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudFile.dll
[2010/09/20 19:10:23 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioInfos.dll
[2010/09/20 19:10:23 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioVisu.dll
[2010/09/20 19:10:23 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudPlayer.dll
[2010/09/20 19:10:23 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioRecord.dll
[2010/09/20 19:10:23 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDisplay.dll
[2010/09/20 19:10:23 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTL32.OCX
[2010/09/20 19:10:23 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCFR.DLL
[2010/09/20 19:10:23 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6FR.DLL
[2010/09/20 19:10:23 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL
[2010/09/20 19:10:23 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mscc2fr.dll
[2010/09/20 19:10:23 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CMDLGFR.DLL
[2010/09/20 19:10:23 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTFR.DLL
[2010/09/20 19:10:23 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetfr.DLL
[2010/09/20 19:10:22 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\AppData\Roaming\FreeAudioPack
[2010/09/20 14:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AliveMedia
[2010/09/20 10:34:45 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\Desktop\Ringtones
[2010/09/19 13:55:33 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\AppData\Roaming\EDrawings
[2010/09/19 13:55:33 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\AppData\Roaming\DassaultSystemes
[2010/09/19 13:55:33 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\AppData\Local\DassaultSystemes
[2010/09/19 13:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DassaultSystemes
[2010/09/19 13:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SolidWorks Shared
[2010/09/19 13:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\eDrawings2010
[2010/06/20 21:30:44 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\MALLETTE\AppData\Roaming\pcouffin.sys
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/15 14:12:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\MALLETTE\Desktop\OTL.exe
[2010/10/15 10:23:09 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/15 10:23:09 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/15 10:19:31 | 066,426,323 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/10/15 10:15:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/15 10:15:29 | 2960,523,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/14 17:53:55 | 004,992,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/14 16:58:29 | 000,750,572 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/14 16:58:29 | 000,631,224 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/14 16:58:29 | 000,109,310 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/11 21:15:35 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/11 16:31:29 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\My Photo Creations (Mpix Press Edition).lnk
[2010/10/10 00:15:54 | 000,001,795 | ---- | M] () -- C:\Users\MALLETTE\Desktop\Photomatix Pro 4.0 (64-bit).lnk
[2010/10/09 23:36:24 | 000,000,020 | ---- | M] () -- C:\Users\MALLETTE\defogger_reenable
[2010/10/09 00:19:31 | 000,000,154 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/10/06 23:02:09 | 000,010,491 | ---- | M] () -- C:\Users\MALLETTE\Documents\$$$.docx
[2010/10/06 13:45:19 | 000,241,664 | ---- | M] () -- C:\Windows\Yputua.exe
[2010/10/06 13:45:06 | 000,000,141 | ---- | M] () -- C:\Users\MALLETTE\AppData\Roaming\asdsada.bat
[2010/10/06 13:42:34 | 000,749,728 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/06 13:39:01 | 000,196,264 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/10/05 16:50:26 | 000,191,990 | ---- | M] () -- C:\Users\MALLETTE\Documents\pleapetition_lafco.pdf
[2010/10/05 16:31:55 | 000,001,175 | ---- | M] () -- C:\Users\MALLETTE\Desktop\TURN OFF INTERNET CS5.lnk
[2010/10/04 23:21:45 | 000,001,189 | ---- | M] () -- C:\Users\MALLETTE\AppData\Roaming\vso_ts_preview.xml
[2010/10/02 15:09:42 | 000,000,901 | ---- | M] () -- C:\Users\MALLETTE\Desktop\Oloneo PhotoEngine.lnk
[2010/10/01 13:11:36 | 000,001,197 | ---- | M] () -- C:\Users\MALLETTE\Desktop\Joboshare iPod Video Converter.lnk
[2010/10/01 13:01:49 | 000,036,864 | ---- | M] () -- C:\Users\MALLETTE\Documents\September2010_travel.xls
[2010/10/01 12:38:03 | 000,035,840 | ---- | M] () -- C:\Users\MALLETTE\Documents\August2010_travelsupplement.xls
[2010/09/20 14:54:39 | 000,001,124 | ---- | M] () -- C:\Users\MALLETTE\Desktop\Alive iPhone Video Converter.lnk
[2010/09/19 13:54:28 | 000,000,000 | ---- | M] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/09/19 13:54:21 | 000,002,147 | ---- | M] () -- C:\Users\MALLETTE\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks eDrawings 2010.lnk
[2010/09/19 13:54:21 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\SolidWorks eDrawings 2010.lnk
[2010/09/19 13:48:43 | 000,524,352 | ---- | M] () -- C:\Users\MALLETTE\Desktop\GLSBYPLAN.dwg
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/11 16:31:29 | 000,001,238 | ---- | C] () -- C:\Users\Public\Desktop\My Photo Creations (Mpix Press Edition).lnk
[2010/10/10 00:15:54 | 000,001,795 | ---- | C] () -- C:\Users\MALLETTE\Desktop\Photomatix Pro 4.0 (64-bit).lnk
[2010/10/09 23:36:24 | 000,000,020 | ---- | C] () -- C:\Users\MALLETTE\defogger_reenable
[2010/10/09 00:19:31 | 000,000,154 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/10/09 00:18:39 | 000,299,520 | ---- | C] () -- C:\Windows\SysNative\lxdxgrd.dll
[2010/10/09 00:18:31 | 000,109,056 | ---- | C] () -- C:\Windows\SysNative\lxdxvs.dll
[2010/10/06 13:45:31 | 000,241,664 | ---- | C] () -- C:\Windows\Yputua.exe
[2010/10/06 13:45:06 | 000,000,141 | ---- | C] () -- C:\Users\MALLETTE\AppData\Roaming\asdsada.bat
[2010/10/06 13:42:34 | 000,749,728 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/06 13:39:01 | 000,196,264 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/10/05 16:50:25 | 000,191,990 | ---- | C] () -- C:\Users\MALLETTE\Documents\pleapetition_lafco.pdf
[2010/10/05 16:31:55 | 000,001,175 | ---- | C] () -- C:\Users\MALLETTE\Desktop\TURN OFF INTERNET CS5.lnk
[2010/10/02 15:09:42 | 000,000,901 | ---- | C] () -- C:\Users\MALLETTE\Desktop\Oloneo PhotoEngine.lnk
[2010/10/01 13:11:36 | 000,001,197 | ---- | C] () -- C:\Users\MALLETTE\Desktop\Joboshare iPod Video Converter.lnk
[2010/10/01 13:01:48 | 000,036,864 | ---- | C] () -- C:\Users\MALLETTE\Documents\September2010_travel.xls
[2010/10/01 12:38:03 | 000,035,840 | ---- | C] () -- C:\Users\MALLETTE\Documents\August2010_travelsupplement.xls
[2010/09/20 19:50:35 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/09/20 19:50:35 | 000,006,144 | ---- | C] () -- C:\Windows\SysWow64\ff_acm.acm
[2010/09/20 19:50:34 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2010/09/20 19:10:23 | 000,116,296 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx
[2010/09/20 14:54:39 | 000,001,124 | ---- | C] () -- C:\Users\MALLETTE\Desktop\Alive iPhone Video Converter.lnk
[2010/09/19 13:54:28 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/09/19 13:54:21 | 000,002,147 | ---- | C] () -- C:\Users\MALLETTE\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks eDrawings 2010.lnk
[2010/09/19 13:54:21 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\SolidWorks eDrawings 2010.lnk
[2010/09/19 13:48:43 | 000,524,352 | ---- | C] () -- C:\Users\MALLETTE\Desktop\GLSBYPLAN.dwg
[2010/09/18 00:39:03 | 000,010,491 | ---- | C] () -- C:\Users\MALLETTE\Documents\$$$.docx
[2010/09/06 10:58:03 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2010/09/06 10:58:03 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2010/08/23 11:25:31 | 000,007,605 | ---- | C] () -- C:\Users\MALLETTE\AppData\Local\Resmon.ResmonCfg
[2010/06/20 21:32:14 | 000,001,189 | ---- | C] () -- C:\Users\MALLETTE\AppData\Roaming\vso_ts_preview.xml
[2010/06/20 21:31:31 | 000,000,034 | ---- | C] () -- C:\Users\MALLETTE\AppData\Roaming\pcouffin.log
[2010/06/20 21:30:44 | 000,099,384 | ---- | C] () -- C:\Users\MALLETTE\AppData\Roaming\inst.exe
[2010/06/20 21:30:44 | 000,007,859 | ---- | C] () -- C:\Users\MALLETTE\AppData\Roaming\pcouffin.cat
[2010/06/20 21:30:44 | 000,001,167 | ---- | C] () -- C:\Users\MALLETTE\AppData\Roaming\pcouffin.inf
[2010/01/15 08:27:56 | 000,295,936 | ---- | C] () -- C:\Windows\SysWow64\Viveza2FC32.dll
[2009/12/10 14:24:54 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/12/10 14:08:30 | 000,008,276 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe3.log
[2009/12/10 14:07:32 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/12/10 14:07:32 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009/12/10 13:55:29 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009/12/10 13:55:29 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/12/10 13:55:06 | 000,001,597 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/11/04 19:21:23 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/11/04 19:21:23 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/11/04 19:21:23 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/07/27 15:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/10/15 10:15:29 | 2960,523,264 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/10/15 10:15:34 | 3947,364,352 | -HS- | M] () -- C:\pagefile.sys
[2009/12/03 02:02:52 | 000,002,200 | RHS- | M] () -- C:\Patch.rev
[2010/06/16 17:58:33 | 000,000,216 | RHS- | M] () -- C:\Preload.rev
[2009/12/10 14:05:56 | 000,003,048 | ---- | M] () -- C:\RHDSetup.log
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >



---------------------------------------------------------------------------



EXTRAS.txt

OTL Extras logfile created on: 10/15/2010 2:19:26 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\MALLETTE\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy


4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 69.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.30 Gb Total Space | 157.33 Gb Free Space | 55.15% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: MALLETTE-LAPTOP | User Name: MALLETTE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06B60360-9DBD-4593-90A0-FD237F0845A2}" = Topaz DeNoise 5 (64-bit)
"{1387BA33-3FAC-49E9-B545-0E8D3BBC550B}" = Adobe Photoshop Lightroom 3 64-bit
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8D93BD99-EECF-4812-B3BA-B8A2E7FEEA11}" = Topaz Simplify 3 (64-bit)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A981E64B-0F10-45D9-BD5C-A4DF7B87E218}" = Topaz Detail 2 (64-bit)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D9EA591C-2ED0-4E91-BF5F-A6B4B1CCEFC7}" = Topaz ReMask 2 (64-bit)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA85C599-2569-4C48-9AA6-2B8D8F029FA7}" = Topaz Clean 3 (64-bit)
"{FB237A35-F491-4AC1-95E0-85118D6751D9}" = Topaz Adjust 4 (64-bit)
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Alien Skin Exposure 3" = Alien Skin Exposure 3
"Autopano Giga" = Autopano Giga
"ImagenomicPortraiturePlugin" = Imagenomic Portraiture 2.3 Plug-in (build 2308)
"ImagenomicRealGrainPlugin" = Imagenomic RealGrain 1.1 Plug-in (build 1103)
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Oloneo PhotoEngine" = Oloneo PhotoEngine
"PhotomatixPro4.0x64_is1" = Photomatix Pro version 4.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{33697061-4A80-4269-BC6A-C3AE7D12BC6A}" = My Photo Creations (Mpix Press Edition)
"{36DC64E1-6A0A-44B9-8C09-F11BE120BC8A}" = The Panorama Factory V4 m32 Edition with Batch Processing
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{56BFAA6E-2BCC-4AED-9233-84731E66B205}" = Solid Converter PDF
"{59679381-3F22-4A40-A7AD-890242D74DF4}" = Plug-in Suite 5.1
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}" = Topaz Clean 3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1EBF29-7CF8-471E-B90B-95FF36AC8248}" = Topaz Simplify 3
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{97E4720E-DD47-4E08-ADD7-D256D79AFDC3}" = FastPictureViewer Codec Pack 2.2R2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E82D1DB-3AFB-4D18-A221-081F1B4B4789}" = Topaz DeNoise 5
"{9FDC7042-CB9F-4336-A14C-DF10F53762E2}" = Topaz Adjust 4
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.0 MUI
"{BCFFAF65-50B7-4419-AFCA-A7BA797E2C3D}" = Topaz ReMask 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C8B31B99-1D1A-4B8E-AFC6-AECB2EE08FC6}" = SolidWorks eDrawings 2010
"{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}" = Topaz Detail 2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.10.324
"{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Akamai" = Akamai NetSession Interface
"Alive iPhone Video Converter_is1" = Alive iPhone Video Converter (version 1.2.8.2)
"AVG9Uninstall" = AVG Free 9.0
"Belarc Advisor" = Belarc Advisor 8.1
"Bokeh" = Alien Skin Bokeh
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 3.0 Complete" = Color Efex Pro 3.0 Complete
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dfine 2.0" = Dfine 2.0
"Dfine 2.0 Stand-Alone" = Dfine 2.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Eye Candy 6" = Alien Skin Eye Candy 6
"FXhome PhotoKey 3 Pro" = FXhome PhotoKey 3 Pro (remove only)
"GridVista" = Acer GridVista
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader
"JDownloader" = JDownloader
"Joboshare iPod Video Converter" = Joboshare iPod Video Converter
"LimeWire" = LimeWire 5.5.14
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.2
"Photodex Presenter" = Photodex Presenter
"PTGui" = PTGui Pro 8.3.10
"Sharpener Pro 3.0" = Sharpener Pro 3.0
"Sharpener Pro 3.0 Stand-Alone" = Sharpener Pro 3.0
"Silver Efex Pro for Stand-Alone" = Silver Efex Pro
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"Viveza 2" = Viveza 2
"Viveza Stand-Alone" = Viveza
"VLC media player" = VLC media player 1.1.0
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"myHomey" = Homey

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/9/2010 5:56:36 PM | Computer Name = MALLETTE-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5085

Error - 10/9/2010 5:56:37 PM | Computer Name = MALLETTE-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/9/2010 5:56:37 PM | Computer Name = MALLETTE-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6099

Error - 10/9/2010 5:56:37 PM | Computer Name = MALLETTE-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6099

Error - 10/10/2010 2:01:50 AM | Computer Name = MALLETTE-LAPTOP | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\Windows\winsxs\amd64_microsoft-windows-m..corruptedfilerepair_31bf3856ad364e35_6.1.7600.16385_none_5cd4e58f34e57306\MsiCofire.dll".Error
in manifest or policy file "c:\Windows\winsxs\amd64_microsoft-windows-m..corruptedfilerepair_31bf3856ad364e35_6.1.7600.16385_none_5cd4e58f34e57306\MsiCofire.dll"
on line 2. Invalid Xml syntax.

Error - 10/12/2010 11:15:51 AM | Computer Name = MALLETTE-LAPTOP | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\Windows\winsxs\amd64_microsoft-windows-m..corruptedfilerepair_31bf3856ad364e35_6.1.7600.16385_none_5cd4e58f34e57306\MsiCofire.dll".Error
in manifest or policy file "c:\Windows\winsxs\amd64_microsoft-windows-m..corruptedfilerepair_31bf3856ad364e35_6.1.7600.16385_none_5cd4e58f34e57306\MsiCofire.dll"
on line 2. Invalid Xml syntax.

Error - 10/12/2010 4:41:37 PM | Computer Name = MALLETTE-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/12/2010 4:41:37 PM | Computer Name = MALLETTE-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1076

Error - 10/12/2010 4:41:37 PM | Computer Name = MALLETTE-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1076

Error - 10/12/2010 4:41:38 PM | Computer Name = MALLETTE-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ System Events ]
Error - 10/2/2010 3:33:18 PM | Computer Name = MALLETTE-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The AST HighEnd Service service terminated with the following error:
%%183

Error - 10/2/2010 5:52:58 PM | Computer Name = MALLETTE-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The SAS Core Service service failed to start due to the following
error: %%2

Error - 10/2/2010 5:52:59 PM | Computer Name = MALLETTE-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The AST HighEnd Service service terminated with the following error:
%%183

Error - 10/3/2010 8:26:35 PM | Computer Name = MALLETTE-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The SAS Core Service service failed to start due to the following
error: %%2

Error - 10/3/2010 8:26:37 PM | Computer Name = MALLETTE-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The AST HighEnd Service service terminated with the following error:
%%183

Error - 10/3/2010 11:37:55 PM | Computer Name = MALLETTE-LAPTOP | Source = bowser | ID = 8003
Description =

Error - 10/4/2010 10:07:52 AM | Computer Name = MALLETTE-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The SAS Core Service service failed to start due to the following
error: %%2

Error - 10/4/2010 10:07:52 AM | Computer Name = MALLETTE-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The AST HighEnd Service service terminated with the following error:
%%183

Error - 10/4/2010 9:28:00 PM | Computer Name = MALLETTE-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The SAS Core Service service failed to start due to the following
error: %%2

Error - 10/4/2010 9:28:01 PM | Computer Name = MALLETTE-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The AST HighEnd Service service terminated with the following error:
%%183


< End of report >


#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:17 AM

Posted 15 October 2010 - 03:43 PM

Hi again,

Start OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    [2010/09/29 06:21:48 | 000,002,074 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [wupdate] C:\Windows\SysWow64\wupdate.exe File not found
    [2010/10/06 13:45:19 | 000,241,664 | ---- | M] () -- C:\Windows\Yputua.exe
    [2010/10/06 13:45:06 | 000,000,141 | ---- | M] () -- C:\Users\MALLETTE\AppData\Roaming\asdsada.bat
    :Commands
    [emptytemp]
    [resethosts]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the result log



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 22.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Update MBAM and run a full scan with it (let the found items be removed). Post back its report & a fresh OTL.txt log.


Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 hnsi

hnsi
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 15 October 2010 - 10:37 PM

All processes killed
========== OTL ==========
C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wupdate deleted successfully.
File C:\Windows\Yputua.exe not found.
C:\Users\MALLETTE\AppData\Roaming\asdsada.bat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MALLETTE
->Temp folder emptied: 286630359 bytes
->Temporary Internet Files folder emptied: 170971522 bytes
->Java cache emptied: 11667642 bytes
->Flash cache emptied: 35930 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 12288 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49471680 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 495.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.15.2 log created on 10152010_223053

Files\Folders moved on Reboot...
C:\Users\MALLETTE\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


#6 hnsi

hnsi
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 15 October 2010 - 11:51 PM

MBAM LOG REPORT

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4844

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/15/2010 11:38:54 PM
mbam-log-2010-10-15 (23-38-54).txt

Scan type: Full scan (C:\|)
Objects scanned: 279001
Time elapsed: 53 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


------------------------------------------------------------------------------------------------------------------


OTL.txt


OTL logfile created on: 10/15/2010 11:46:48 PM - Run 2
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\MALLETTE\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 69.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.30 Gb Total Space | 163.57 Gb Free Space | 57.33% Space Free | Partition Type: NTFS
Drive D: | 5.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MALLETTE-LAPTOP | User Name: MALLETTE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\MALLETTE\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\MALLETTE\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (nlsX86cc) -- C:\Windows\SysNative\nlssrv32.exe File not found
SRV:64bit: - (KMService) -- C:\Windows\SysNative\srvany.exe File not found
SRV:64bit: - (ASTSRV) -- C:\Windows\SysNative\ASTSRV.EXE File not found
SRV:64bit: - (astcc) -- C:\Windows\SysNative\astsrv.exe File not found
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SRV:64bit: - (nlscc) -- C:\Windows\SysNative\nlsInterface.EXE (Nalpeiron Ltd.)
SRV:64bit: - (lxdx_device) -- C:\Windows\SysNative\lxdxcoms.exe ( )
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_062a651.dll ()
SRV - (SolidWorks Licensing Service) -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (ASTSRV) -- C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (astcc) -- C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (SCPDFReadSpool) -- C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDFV6\SolidConverterPDFServicex64.exe (Solid Documents, LLC)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\D813.tmp File not found
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...28z155t5861d512
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...28z155t5861d512
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...28z155t5861d512
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...28z155t5861d512

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...28z155t5861d512
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp?rls=ig
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/09/07 20:20:07 | 000,000,000 | ---D | M] -- C:\Users\MALLETTE\AppData\Roaming\Mozilla\Extensions
[2010/09/07 20:20:07 | 000,000,000 | ---D | M] -- C:\Users\MALLETTE\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/10/15 22:32:07 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\MALLETTE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/x64/RACtrl.cab (Performance Viewer Activex Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{bc735711-a5c5-11df-b076-00262d7358d5}\Shell - "" = AutoRun
O33 - MountPoints2\{bc735711-a5c5-11df-b076-00262d7358d5}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/15 23:42:09 | 000,189,216 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/10/15 23:42:09 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/10/15 23:42:09 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/10/15 22:30:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/15 14:12:44 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\MALLETTE\Desktop\OTL.exe
[2010/10/14 16:51:23 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 16:51:23 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 16:51:22 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 16:51:22 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/14 16:51:22 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 16:51:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/14 16:51:22 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 16:51:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 16:51:22 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/14 16:51:22 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/14 16:51:21 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/14 16:51:21 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 16:51:21 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/14 16:51:21 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/14 16:50:01 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 16:49:59 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 16:49:58 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 16:49:58 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 16:49:29 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 16:45:24 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 16:45:22 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 16:45:22 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/14 16:45:22 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/14 16:45:22 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 16:45:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 16:45:15 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 16:45:15 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 16:45:13 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/11 16:39:20 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\.JxBrowser
[2010/10/11 16:39:19 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\.null
[2010/10/11 16:38:58 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\.digilabs
[2010/10/11 16:30:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Photo Creations (Mpix Press Edition)
[2010/10/10 00:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\PhotomatixPro4
[2010/10/10 00:15:52 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\AppData\Roaming\HDRsoft
[2010/10/09 00:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\lx_Cats
[2010/10/09 00:18:31 | 000,514,048 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxih.exe
[2010/10/09 00:18:30 | 001,734,144 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxserv.dll
[2010/10/09 00:18:30 | 001,472,512 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxcomc.dll
[2010/10/09 00:18:30 | 001,319,936 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxusb1.dll
[2010/10/09 00:18:30 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxhbn3.dll
[2010/10/09 00:18:30 | 001,039,872 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxcoms.exe
[2010/10/09 00:18:30 | 000,977,920 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxpmui.dll
[2010/10/09 00:18:30 | 000,884,736 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxlmpm.dll
[2010/10/09 00:18:30 | 000,598,528 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxcfg.exe
[2010/10/09 00:18:30 | 000,578,560 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxcomm.dll
[2010/10/09 00:18:30 | 000,545,792 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxinpa.dll
[2010/10/09 00:18:30 | 000,509,952 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxiesc.dll
[2010/10/09 00:18:30 | 000,047,104 | ---- | C] ( ) -- C:\Windows\SysNative\lxdxprox.dll
[2010/10/06 13:44:53 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\AppData\Roaming\Genieo
[2010/10/06 13:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/10/06 13:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/10/06 13:31:55 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/10/06 10:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Topaz Labs
[2010/10/06 10:36:02 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess_MALLETTE
[2010/10/06 10:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Topaz Labs
[2010/10/06 10:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Topaz Labs
[2010/10/06 00:13:59 | 000,227,840 | ---- | C] (Iterated Systems, Inc.) -- C:\Windows\SysWow64\Deco_32.dll
[2010/10/06 00:08:40 | 000,061,440 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\SysWow64\nlssrv32.exe
[2010/10/06 00:06:33 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\AppData\Roaming\DAEMON Tools Lite
[2010/10/05 23:53:40 | 000,000,000 | ---D | C] -- C:\Temp
[2010/10/05 23:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Nik Software
[2010/10/05 14:48:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photodex Presenter
[2010/10/05 14:48:09 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\AppData\Roaming\Netscape
[2010/10/05 14:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photodex
[2010/10/05 14:47:14 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\AppData\Roaming\Photodex
[2010/10/05 14:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Photodex
[2010/10/02 15:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\Oloneo PhotoEngine
[2010/09/20 19:51:39 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\Documents\Cucusoft iPhone ringtone
[2010/09/20 19:51:28 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\Documents\Cucusoft
[2010/09/20 19:50:35 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll
[2010/09/20 19:50:34 | 000,098,304 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\L3CODECX.AX
[2010/09/20 19:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cucusoft
[2010/09/20 19:47:13 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\AppData\Roaming\GetRightToGo
[2010/09/20 19:10:24 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMCT232.OCX
[2010/09/20 19:10:23 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDesign.dll
[2010/09/20 19:10:23 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudFile.dll
[2010/09/20 19:10:23 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioInfos.dll
[2010/09/20 19:10:23 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioVisu.dll
[2010/09/20 19:10:23 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudPlayer.dll
[2010/09/20 19:10:23 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioRecord.dll
[2010/09/20 19:10:23 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDisplay.dll
[2010/09/20 19:10:23 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTL32.OCX
[2010/09/20 19:10:23 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCFR.DLL
[2010/09/20 19:10:23 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6FR.DLL
[2010/09/20 19:10:23 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL
[2010/09/20 19:10:23 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mscc2fr.dll
[2010/09/20 19:10:23 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CMDLGFR.DLL
[2010/09/20 19:10:23 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTFR.DLL
[2010/09/20 19:10:23 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetfr.DLL
[2010/09/20 19:10:22 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\AppData\Roaming\FreeAudioPack
[2010/09/20 10:34:45 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\Desktop\Ringtones
[2010/09/19 13:55:33 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\AppData\Roaming\EDrawings
[2010/09/19 13:55:33 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\AppData\Roaming\DassaultSystemes
[2010/09/19 13:55:33 | 000,000,000 | ---D | C] -- C:\Users\MALLETTE\AppData\Local\DassaultSystemes
[2010/09/19 13:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DassaultSystemes
[2010/09/19 13:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SolidWorks Shared
[2010/09/19 13:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\eDrawings2010
[2010/06/20 21:30:44 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\MALLETTE\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/10/15 23:48:08 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/15 23:48:08 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/15 23:41:50 | 000,189,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/10/15 23:41:50 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/10/15 23:41:50 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/10/15 23:41:49 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010/10/15 23:40:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/15 23:40:25 | 2960,523,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/15 22:32:07 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/10/15 22:30:30 | 066,440,372 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/10/15 14:12:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\MALLETTE\Desktop\OTL.exe
[2010/10/14 17:53:55 | 004,992,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/14 16:58:29 | 000,750,572 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/14 16:58:29 | 000,631,224 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/14 16:58:29 | 000,109,310 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/11 21:15:35 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/11 16:31:29 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\My Photo Creations (Mpix Press Edition).lnk
[2010/10/10 00:15:54 | 000,001,795 | ---- | M] () -- C:\Users\MALLETTE\Desktop\Photomatix Pro 4.0 (64-bit).lnk
[2010/10/09 23:36:24 | 000,000,020 | ---- | M] () -- C:\Users\MALLETTE\defogger_reenable
[2010/10/09 00:19:31 | 000,000,154 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/10/06 23:02:09 | 000,010,491 | ---- | M] () -- C:\Users\MALLETTE\Documents\$$$.docx
[2010/10/06 13:42:34 | 000,749,728 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/06 13:39:01 | 000,196,264 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/10/05 16:50:26 | 000,191,990 | ---- | M] () -- C:\Users\MALLETTE\Documents\pleapetition_lafco.pdf
[2010/10/05 16:31:55 | 000,001,175 | ---- | M] () -- C:\Users\MALLETTE\Desktop\TURN OFF INTERNET CS5.lnk
[2010/10/04 23:21:45 | 000,001,189 | ---- | M] () -- C:\Users\MALLETTE\AppData\Roaming\vso_ts_preview.xml
[2010/10/02 15:09:42 | 000,000,901 | ---- | M] () -- C:\Users\MALLETTE\Desktop\Oloneo PhotoEngine.lnk
[2010/10/01 13:01:49 | 000,036,864 | ---- | M] () -- C:\Users\MALLETTE\Documents\September2010_travel.xls
[2010/10/01 12:38:03 | 000,035,840 | ---- | M] () -- C:\Users\MALLETTE\Documents\August2010_travelsupplement.xls
[2010/09/19 13:54:28 | 000,000,000 | ---- | M] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/09/19 13:54:21 | 000,002,147 | ---- | M] () -- C:\Users\MALLETTE\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks eDrawings 2010.lnk
[2010/09/19 13:54:21 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\SolidWorks eDrawings 2010.lnk
[2010/09/19 13:48:43 | 000,524,352 | ---- | M] () -- C:\Users\MALLETTE\Desktop\GLSBYPLAN.dwg

========== Files Created - No Company Name ==========

[2010/10/11 16:31:29 | 000,001,238 | ---- | C] () -- C:\Users\Public\Desktop\My Photo Creations (Mpix Press Edition).lnk
[2010/10/10 00:15:54 | 000,001,795 | ---- | C] () -- C:\Users\MALLETTE\Desktop\Photomatix Pro 4.0 (64-bit).lnk
[2010/10/09 23:36:24 | 000,000,020 | ---- | C] () -- C:\Users\MALLETTE\defogger_reenable
[2010/10/09 00:19:31 | 000,000,154 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/10/09 00:18:39 | 000,299,520 | ---- | C] () -- C:\Windows\SysNative\lxdxgrd.dll
[2010/10/09 00:18:31 | 000,109,056 | ---- | C] () -- C:\Windows\SysNative\lxdxvs.dll
[2010/10/06 13:42:34 | 000,749,728 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/06 13:39:01 | 000,196,264 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/10/05 16:50:25 | 000,191,990 | ---- | C] () -- C:\Users\MALLETTE\Documents\pleapetition_lafco.pdf
[2010/10/05 16:31:55 | 000,001,175 | ---- | C] () -- C:\Users\MALLETTE\Desktop\TURN OFF INTERNET CS5.lnk
[2010/10/02 15:09:42 | 000,000,901 | ---- | C] () -- C:\Users\MALLETTE\Desktop\Oloneo PhotoEngine.lnk
[2010/10/01 13:01:48 | 000,036,864 | ---- | C] () -- C:\Users\MALLETTE\Documents\September2010_travel.xls
[2010/10/01 12:38:03 | 000,035,840 | ---- | C] () -- C:\Users\MALLETTE\Documents\August2010_travelsupplement.xls
[2010/09/20 19:50:35 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/09/20 19:50:35 | 000,006,144 | ---- | C] () -- C:\Windows\SysWow64\ff_acm.acm
[2010/09/20 19:50:34 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2010/09/20 19:10:23 | 000,116,296 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx
[2010/09/19 13:54:28 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/09/19 13:54:21 | 000,002,147 | ---- | C] () -- C:\Users\MALLETTE\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks eDrawings 2010.lnk
[2010/09/19 13:54:21 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\SolidWorks eDrawings 2010.lnk
[2010/09/19 13:48:43 | 000,524,352 | ---- | C] () -- C:\Users\MALLETTE\Desktop\GLSBYPLAN.dwg
[2010/09/18 00:39:03 | 000,010,491 | ---- | C] () -- C:\Users\MALLETTE\Documents\$$$.docx
[2010/09/06 10:58:03 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2010/09/06 10:58:03 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2010/08/23 11:25:31 | 000,007,605 | ---- | C] () -- C:\Users\MALLETTE\AppData\Local\Resmon.ResmonCfg
[2010/06/20 21:32:14 | 000,001,189 | ---- | C] () -- C:\Users\MALLETTE\AppData\Roaming\vso_ts_preview.xml
[2010/06/20 21:31:31 | 000,000,034 | ---- | C] () -- C:\Users\MALLETTE\AppData\Roaming\pcouffin.log
[2010/06/20 21:30:44 | 000,099,384 | ---- | C] () -- C:\Users\MALLETTE\AppData\Roaming\inst.exe
[2010/06/20 21:30:44 | 000,007,859 | ---- | C] () -- C:\Users\MALLETTE\AppData\Roaming\pcouffin.cat
[2010/06/20 21:30:44 | 000,001,167 | ---- | C] () -- C:\Users\MALLETTE\AppData\Roaming\pcouffin.inf
[2010/01/15 08:27:56 | 000,295,936 | ---- | C] () -- C:\Windows\SysWow64\Viveza2FC32.dll
[2009/12/10 14:24:54 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/12/10 14:08:30 | 000,008,276 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe3.log
[2009/12/10 14:07:32 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/12/10 14:07:32 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009/12/10 13:55:29 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009/12/10 13:55:29 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/12/10 13:55:06 | 000,001,597 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/11/04 19:21:23 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/11/04 19:21:23 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/11/04 19:21:23 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

< End of report >


#7 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:17 AM

Posted 16 October 2010 - 03:59 AM

Hi,

Does redirecting still happen?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#8 hnsi

hnsi
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 16 October 2010 - 11:20 AM

Appears to be working correctly now! smile.gif

#9 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:17 AM

Posted 16 October 2010 - 12:50 PM

Good. Let's see the final steps then smile.gif


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.

  • Double-click OTL.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. Click the start button (at the lower left hand corner of your screen)
    2. Click run
    3. In the dialog box, type services.msc
    4. hit enter, then locate dns client
    5. Highlight it, then double-click it.
    6. On the dropdown box, change the setting from automatic to manual.
    7. Click ok
  • Download and run Secunia Personal Software Inspector (PSI) and fix its findings.


  • Just a final reminder for you. I am trying to stress these two points.
    UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
    Make sure all of your security programs are up to date.
    Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


    Once again, please post and tell me how things are going with your system... problems etc.

    Have a great day,
    Blade cool.gif

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #10 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:05:17 AM

    Posted 23 October 2010 - 04:22 AM

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

    If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

    Everyone else please begin a New Topic.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users