Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All browsers redirecting, search bars highjacked, Google search results not coming up, etc.


  • This topic is locked This topic is locked
27 replies to this topic

#1 Spadurgan

Spadurgan

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 06 November 2010 - 12:41 AM

Hello,

My name is Jude, and I am in need of some help.

For a month now I have tried to fix these problems by myself, but I now realize I need help to get this fixed.

Here is the timeline, and what is still occurring, which I cannot figure out how to fix.

About a month ago, the computer became nearly unusable. I ran SpyBot and Malware Bytes, which found 49 malware and 23 other problems. The two problems did their job. I then ran AVG, found a few viruses, and took care of them as well.

The computer itself was better, but not the browsers...

Internet Explorer refused to load, and although Firefox would, it constantly was opening a new tab to some other website...

Then I found that even Firefox didn't want to load... So I tried clicking numerous times (once every time the "wait circle" would stop and no browser would appear) until either IE or Firefox would eventually come up. Looking in Task Manager, I would (and still do) find several instances of Explorer, iExplore, and Firefox loaded into memory.

I then found that my search (Google in Firefox, Bing in IE) was hijacked, leading to a different website and opening more tabs again!

----------Jumping to today----------------

I have tried everything I can think of, and more.. I even updated Firefox, uninstalled IE7 and then installed IE8 (64 bit will load up, but not regular IE). The update fixed the Google search, and yet..

When I do a search with Google, often times the top results will not show the link (I have to copy the http address and paste it in the bar). Also, when trying to go to most blogs or Google sites, it is numerously redirected to other sites..

And while browsing or working, randomly tabs will open to other websites (unless I catch them in time).

Today, however, scared me the most. While working on a WordPress site for a client, I went to do Keyword research with Google and purchase some icons from PSD-Graphics. Out of the blue, Google Keyword Tool would not load, and all graphics disappeared from any sites I was at or going to (as if the formatting was turned off). Then when I typed in an address and pressed enter, nothing would happen besides the tab flashing - I rebooted and (for now) everything seems to be okay, except for the original complaints.

**Malware Bytes, SpyBot and AVG find NOTHING** But I know something is terribly wrong.

Anyone who can help me bring my Windows 7 (64 bit) PC back to its healthy state, I would be forever grateful. I use this computer as my livelihood, and I don't want to have to reformat and start over with a new install...

Thanks for the assistance to come!

-- Jude --

PS -> I do have HijackThis, and will upload a log upon request. Just let me know!

Just in case this will provide any more clues, here is my most recent HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:07:59 PM, on 11/6/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Joe\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\EditPlus 3\editplus.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Joe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100723234005.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: MediaMall Server - MediaMall Technologies, Inc. - C:\Program Files (x86)\MediaMall\MediaMallServer.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Users\Joe\AppData\Local\TVersity\Media Server\MediaServer.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15343 bytes

Merged posts. ~ OB

Edited by Orange Blossom, 07 November 2010 - 02:11 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:48 PM

Posted 14 November 2010 - 06:59 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Spadurgan

Spadurgan
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 15 November 2010 - 03:12 PM

Thank you, Elise, for taking up my case. It is highly appreciated, and I know all the volunteers are quite busy!

Clear Description Of What Is Happening & What I Have Done Thus Far

I ran Malwarebytes, Spy-Bot S&D, as well as AVG virus scan. Although all find things to correct, the main problems still exist. Running them again produces no further results.

The problems I experience are:

  • Internet Explorer will not load (unless 64-Bit version). I even attempted to update to version 8, but still will not load
  • Firefox is spotty at loading, sometimes loading immediately, other times loading on the third or fourth try
  • With Firefox loaded, as I surf or check gmail, a random new tab opens up to ad websites
  • Sometimes, the new tab will also crash Firefox
  • I used to not be able to use the Google search bar in Firefox, but after update (this was before you asked me not to) the search bar is fixed. However...
  • When using Google search, strange occurances: The PPC ads disappear, the first few results' links will also randomly disappear
  • When going to the wide majority of blogs via search, Firefox forces a redirect to sometimes ads, sometimes other search engines. I have to fight to get to my page
  • If Firefox does not redirect, it will look to load the page, but nothing will show. I then have to select the web address and press enter to get it to show
  • Finally, (away from browser issues) I have trouble using services such as PlayOn or TVersity - and also found that my shared printer will not work. I believe that somehow the network access is being blocked.

OTL Logs

OTL.txt

OTL logfile created on: 11/15/2010 12:42:29 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Joe\Business\BBlanc\PPT
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 54.00% Memory free
11.00 Gb Paging File | 9.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 922.57 Gb Total Space | 684.74 Gb Free Space | 74.22% Space Free | Partition Type: NTFS

Computer Name: JOE-PC-DELL | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/15 12:37:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Business\BBlanc\PPT\OTL.exe
PRC - [2010/11/02 21:37:43 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/11/02 21:37:42 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/25 15:01:26 | 000,049,152 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files (x86)\MediaMall\PlayOn.exe
PRC - [2010/10/25 15:01:25 | 004,325,232 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe
PRC - [2010/10/11 11:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 11:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/09/28 02:30:07 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/09/22 17:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/09/21 10:33:36 | 000,083,440 | ---- | M] (Google) -- C:\Users\Joe\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/09/16 13:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/15 04:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 00:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/10 14:10:58 | 002,349,776 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/07/24 23:26:02 | 000,884,736 | ---- | M] () -- C:\Users\Joe\AppData\Local\TVersity\Media Server\MediaServer.exe
PRC - [2010/07/06 08:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/03/31 09:42:56 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2010/03/06 03:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/03/04 10:28:08 | 000,658,656 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/07/13 18:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2010/11/15 12:37:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Business\BBlanc\PPT\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 18:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/13 18:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009/07/13 18:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll
MOD - [2009/07/13 18:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/13 18:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2009/07/13 18:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/04 00:51:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/27 16:16:24 | 000,244,840 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/04/27 16:16:24 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/03/23 23:59:44 | 000,031,232 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\qmpehsoe.dll -- (qmpehsoe)
SRV:64bit: - [2010/01/05 16:04:02 | 000,199,032 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/10/25 15:01:25 | 004,325,232 | ---- | M] (MediaMall Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2010/10/11 11:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/28 02:30:07 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/10 00:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/24 23:26:02 | 000,884,736 | ---- | M] () [Auto | Running] -- C:\Users\Joe\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/07/06 08:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/05/21 20:11:36 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 10:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010/09/07 02:48:58 | 000,381,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010/09/07 02:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010/09/07 02:48:52 | 000,305,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/09/07 02:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010/08/19 20:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/08/19 20:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010/08/04 01:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/08/04 01:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/08/04 00:15:46 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/29 11:22:14 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2010/07/27 07:14:24 | 006,465,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 9000(UVC)
DRV:64bit: - [2010/07/27 07:12:16 | 000,339,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/07/12 11:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/27 16:16:24 | 000,528,616 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/04/27 16:16:24 | 000,440,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/04/27 16:16:24 | 000,279,752 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/04/27 16:16:24 | 000,189,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/04/27 16:16:24 | 000,121,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/04/27 16:16:24 | 000,093,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/04/27 16:16:24 | 000,075,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/04/27 16:16:24 | 000,062,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2009/10/24 00:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/30 23:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/06 05:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522



IE - HKU\S-1-5-21-895014978-280803970-528338707-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-895014978-280803970-528338707-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-895014978-280803970-528338707-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-895014978-280803970-528338707-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-895014978-280803970-528338707-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://g.msn.com/USCON/1"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: refspoof@mozdev.org:0.9.5
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.6.7
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4
FF - prefs.js..extensions.enabledItems: flvripper@harsha:1.9.9
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/08/28 21:11:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/10/27 08:47:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/02 21:37:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/05 22:04:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/09/18 00:08:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/10/09 22:51:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Namoroka (64-bit) 3.6.3\extensions\\Components: C:\Program Files (x86)\Namoroka (64-bit)\components [2010/10/21 20:13:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Namoroka (64-bit) 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Namoroka (64-bit)\plugins [2010/10/21 20:13:57 | 000,000,000 | ---D | M]

[2010/07/23 15:50:58 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions
[2010/07/23 15:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/14 15:26:48 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\yu0cipdx.default\extensions
[2010/11/14 15:26:40 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\yu0cipdx.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/11/01 19:12:36 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\yu0cipdx.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/08/16 10:23:56 | 000,000,000 | ---D | M] (Swag Bucks Toolbar) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\yu0cipdx.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2010/10/16 06:20:26 | 000,000,000 | ---D | M] (ZoneAlarm Security Toolbar) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\yu0cipdx.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2010/09/29 14:48:13 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\yu0cipdx.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/10/16 06:43:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\yu0cipdx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/04 13:53:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\yu0cipdx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/09 22:48:24 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\yu0cipdx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/09/18 00:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\yu0cipdx.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010/11/14 15:26:38 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\yu0cipdx.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/11/05 18:03:50 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\yu0cipdx.default\extensions\flvripper@harsha
[2010/08/07 10:52:41 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\yu0cipdx.default\extensions\refspoof@mozdev.org
[2010/08/05 20:34:08 | 000,000,923 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\yu0cipdx.default\searchplugins\conduit.xml
[2010/10/16 01:12:13 | 000,002,250 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\yu0cipdx.default\searchplugins\secure-google.xml
[2010/09/01 17:25:32 | 000,004,140 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\yu0cipdx.default\searchplugins\youtube.xml
[2010/10/21 19:29:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/04 14:49:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/21 19:29:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/04/27 16:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2010/03/27 17:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/07 09:06:22 | 000,002,077 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/10/27 07:45:35 | 000,424,827 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 14637 more lines...
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20100530173446.dll (McAfee, Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20100723234005.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-895014978-280803970-528338707-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-895014978-280803970-528338707-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-895014978-280803970-528338707-1000..\Run: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe (MediaMall Technologies, Inc.)
O4 - HKU\S-1-5-21-895014978-280803970-528338707-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-895014978-280803970-528338707-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: netflix.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.145.248.4 69.145.232.4 69.145.49.30
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-895014978-280803970-528338707-1000\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-895014978-280803970-528338707-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 15:30:40 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\ERS Game Studios
[2010/11/14 15:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haunted Halls - Green Hills Sanitarium Collector's Edition
[2010/11/11 22:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hidden Mysteries Vampire Secrets
[2010/11/11 18:24:00 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\FlyWheelGames
[2010/11/11 18:23:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Incredible Adventures of my Mom
[2010/11/11 15:23:04 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\DayTerium
[2010/11/09 22:06:57 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\BigFishGames
[2010/11/08 12:06:45 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010/11/08 12:06:42 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\SCE
[2010/11/08 12:06:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/11/08 12:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Online Entertainment
[2010/11/07 20:36:17 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\PlayPond
[2010/11/07 15:54:02 | 000,000,000 | ---D | C] -- C:\Users\Joe\Grafix
[2010/11/05 14:49:27 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll
[2010/11/05 14:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haali
[2010/11/05 14:49:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2010/11/05 14:49:14 | 000,438,272 | ---- | C] (Gabest) -- C:\Windows\SysWow64\Mpeg2DecFilter.ax
[2010/11/05 14:49:14 | 000,290,816 | ---- | C] (SourceTec Software Co., LTD) -- C:\Windows\SysWow64\stFLVSource.ax
[2010/11/05 14:49:14 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/11/05 14:49:14 | 000,217,088 | ---- | C] (-) -- C:\Windows\SysWow64\CoreFLACDecoder.ax
[2010/11/05 14:49:14 | 000,147,456 | ---- | C] (SourceTec) -- C:\Windows\SysWow64\stQTSource.ax
[2010/11/05 14:49:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SourceTec
[2010/11/05 14:49:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sothink Video Converter
[2010/11/05 10:28:06 | 000,000,000 | ---D | C] -- C:\Users\Joe\Moviestorm
[2010/11/05 10:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moviestorm-1.4
[2010/11/03 15:54:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AAALOGO2010
[2010/10/30 18:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/10/27 09:13:49 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/10/27 08:50:30 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\AVG10
[2010/10/27 08:47:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/10/27 08:47:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2010/10/27 08:47:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/10/27 08:47:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2010/10/27 08:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/10/27 08:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/26 08:52:43 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\MikeConway_FindClosure
[2010/10/25 18:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2010/10/23 13:39:24 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/21 20:13:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Namoroka (64-bit)
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/15 12:33:12 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-895014978-280803970-528338707-1000UA.job
[2010/11/15 12:28:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/15 08:33:59 | 099,251,660 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/11/15 06:08:52 | 000,000,865 | ---- | M] () -- C:\Windows\SysWow64\tversity.cookies
[2010/11/14 22:28:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/14 21:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/11/14 21:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/11/14 21:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/11/14 20:33:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-895014978-280803970-528338707-1000Core.job
[2010/11/14 20:00:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/11/14 15:33:45 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/11/14 15:28:30 | 000,002,685 | ---- | M] () -- C:\Users\Joe\Desktop\Haunted Halls - Green Hills Sanitarium Collector's Edition.lnk
[2010/11/13 05:02:56 | 000,001,456 | ---- | M] () -- C:\Users\Joe\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/11/12 02:17:00 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/12 02:17:00 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/11 15:38:20 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/11 15:38:20 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/11 15:38:20 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/11 15:33:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/11 15:33:42 | 334,737,407 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/08 22:13:32 | 000,002,270 | ---- | M] () -- C:\Users\Joe\Desktop\DC Universe Online.lnk
[2010/11/08 22:07:05 | 005,269,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/08 12:06:34 | 000,002,170 | ---- | M] () -- C:\Users\Joe\Desktop\DC Universe Online Beta.lnk
[2010/11/05 14:49:17 | 000,001,103 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink Video Converter.lnk
[2010/11/05 14:49:17 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Sothink Video Converter.lnk
[2010/11/03 15:54:46 | 000,000,961 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\AAA Logo 2010.lnk
[2010/11/03 15:54:46 | 000,000,937 | ---- | M] () -- C:\Users\Joe\Desktop\AAA Logo 2010.lnk
[2010/11/02 21:46:49 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk
[2010/10/31 22:27:41 | 000,006,656 | ---- | M] () -- C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/31 22:22:36 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010/10/30 18:55:04 | 000,002,965 | ---- | M] () -- C:\Users\Joe\Desktop\HiJackThis.lnk
[2010/10/29 03:15:29 | 000,000,020 | ---- | M] () -- C:\Windows\SysNative\DIRECTENCODE.DLL
[2010/10/27 08:47:46 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/27 08:47:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2010/10/27 08:47:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2010/10/27 07:45:35 | 000,424,827 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/10/25 18:17:30 | 000,001,435 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/23 10:58:06 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\PlayOn.lnk
[2010/10/22 09:58:11 | 000,007,618 | ---- | M] () -- C:\Users\Joe\AppData\Local\Resmon.ResmonCfg
[2010/10/21 20:13:59 | 000,001,979 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Namoroka (64-bit).lnk
[2010/10/21 19:05:58 | 000,015,166 | ---- | M] () -- C:\ProgramData\.wtav
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/15 08:33:59 | 099,251,660 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/11/14 15:28:30 | 000,002,685 | ---- | C] () -- C:\Users\Joe\Desktop\Haunted Halls - Green Hills Sanitarium Collector's Edition.lnk
[2010/11/08 22:13:32 | 000,002,270 | ---- | C] () -- C:\Users\Joe\Desktop\DC Universe Online.lnk
[2010/11/08 12:06:34 | 000,002,170 | ---- | C] () -- C:\Users\Joe\Desktop\DC Universe Online Beta.lnk
[2010/11/05 14:49:17 | 000,001,103 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink Video Converter.lnk
[2010/11/05 14:49:17 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Sothink Video Converter.lnk
[2010/11/05 14:49:14 | 000,070,656 | ---- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2010/11/03 15:54:46 | 000,000,961 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\AAA Logo 2010.lnk
[2010/11/03 15:54:46 | 000,000,937 | ---- | C] () -- C:\Users\Joe\Desktop\AAA Logo 2010.lnk
[2010/10/30 18:55:04 | 000,002,965 | ---- | C] () -- C:\Users\Joe\Desktop\HiJackThis.lnk
[2010/10/29 03:15:29 | 000,000,020 | ---- | C] () -- C:\Windows\SysNative\DIRECTENCODE.DLL
[2010/10/27 08:47:46 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/27 08:47:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2010/10/27 08:47:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2010/10/25 18:13:36 | 000,001,435 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/25 18:06:17 | 000,072,533 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010/10/25 18:06:17 | 000,072,533 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010/10/23 10:58:06 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\PlayOn.lnk
[2010/10/21 20:13:59 | 000,001,979 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Namoroka (64-bit).lnk
[2010/10/18 11:03:20 | 000,015,166 | ---- | C] () -- C:\ProgramData\.wtav
[2010/10/14 00:01:25 | 000,006,656 | ---- | C] () -- C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/07 00:35:51 | 000,004,710 | ---- | C] () -- C:\Windows\ips.INI
[2010/09/22 00:12:25 | 000,001,456 | ---- | C] () -- C:\Users\Joe\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/09/10 18:38:59 | 000,000,150 | ---- | C] () -- C:\Windows\Readiris.ini
[2010/09/09 18:51:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/08/31 14:17:46 | 000,007,618 | ---- | C] () -- C:\Users\Joe\AppData\Local\Resmon.ResmonCfg
[2010/08/26 20:27:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/07 15:36:12 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/07 15:09:07 | 000,000,206 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\wklnhst.dat
[2010/07/30 12:04:18 | 000,758,018 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/07/30 12:04:18 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/07/27 07:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/07/27 07:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2010/09/15 03:01:54 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2010/09/15 03:01:54 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2010/08/15 01:41:43 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Artisteer
[2010/10/27 08:50:30 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\AVG10
[2010/09/01 13:17:15 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Blender Foundation
[2010/10/12 13:15:45 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/16 06:23:23 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\CheckPoint
[2010/10/02 14:59:59 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2010/11/11 15:24:34 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\DayTerium
[2010/08/05 17:16:31 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Digiarty
[2010/10/16 06:43:26 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\dimdim
[2010/11/13 00:31:28 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\EditPlus 3
[2010/11/14 15:30:40 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\ERS Game Studios
[2010/11/11 18:24:00 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\FlyWheelGames
[2010/08/31 20:18:35 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Hona
[2010/09/01 13:17:16 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\IObit
[2010/06/19 18:00:03 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\iolo
[2010/09/17 20:04:11 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\MAGIX
[2010/09/28 12:09:06 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\PACE Anti-Piracy
[2010/11/07 20:36:17 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\PlayPond
[2010/08/27 14:36:48 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Snapter Images
[2010/08/28 22:11:04 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/07/30 12:11:04 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\TeamViewer
[2010/10/14 20:30:29 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\TechSmith
[2010/08/07 15:09:09 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Template
[2010/07/23 15:26:26 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Thunderbird
[2010/11/08 22:05:07 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\uTorrent
[2010/06/03 08:42:34 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\WeatherBug
[2010/11/14 20:00:00 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/11/14 21:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/11/14 21:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/11/14 21:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/11/14 15:33:45 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/11/09 10:16:24 | 000,016,130 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/07/13 18:39:48 | 000,141,312 | ---- | M] ()(C:\Windows\SysNative\us?rinit.exe) -- C:\Windows\SysNative\usеrinit.exe
[2009/07/13 16:50:33 | 000,141,312 | ---- | C] ()(C:\Windows\SysNative\us?rinit.exe) -- C:\Windows\SysNative\usеrinit.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 906 bytes -> C:\Users\Joe\AppData\Local\lvgoauuQzx:Y1cJBzlvvFamu61HEFEXahELPCHOFx
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A66A990E

< End of report >

Extras.txt

OTL Extras logfile created on: 11/15/2010 12:42:29 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Joe\Business\BBlanc\PPT
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 54.00% Memory free
11.00 Gb Paging File | 9.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 922.57 Gb Total Space | 684.74 Gb Free Space | 74.22% Space Free | Partition Type: NTFS

Computer Name: JOE-PC-DELL | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-895014978-280803970-528338707-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = jsfile] -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe (Adobe Systems, Inc.)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Users\Joe\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Users\Joe\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{319B58E8-4C80-4912-8EA7-24A9658120C6}" = AVG 2011
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5BF8A577-B334-49BE-A7B2-349C1F1B0C58}" = AVG 2011
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{E06357A3-5F44-B1AE-F4BA-9DAC26A209C9}" = ccc-utility64
"{F00A3A54-C293-8F64-7C6D-9A4C09106FD8}" = Antivirus 2010
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D29B7E9-CDFF-807D-1D4E-FFB77D809836}" = CCC Help Italian
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FD155A3-DF78-43ee-84B0-3CC86BA962F2}_is1" = Sothink Video Converter
"{144D9816-818D-C36E-33A0-889A19C5EDA6}" = CCC Help Portuguese
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16C315AA-1027-4530-92E1-C47CA832E330}" = Xara Designer Pro 6 Content Pack
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{187AA9B3-A568-4C9C-91A1-EF02A5E59DD5}" = PlayOn
"{18BED011-2EEF-1148-E90C-D6556565B2EC}" = CCC Help Polish
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1C63AA59-66B2-418C-BDF5-53A534DA5690}_is1" = Sothink SWF to Video Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C2435C-5B06-2E12-5087-116D8EF658B8}" = CCC Help Korean
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26791563-0BDF-1FBE-CC21-994A09559CCE}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 22
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{3A25676C-038C-504A-FA32-F971B36BF7EE}" = Catalyst Control Center Graphics Previews Vista
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B8FF075-F41B-89DD-41F7-B90A6A01B8F8}" = Catalyst Control Center Graphics Full New
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{44453D07-5BDB-45F8-E3DF-20A7F76407D0}" = CCC Help Czech
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{466E1C7A-AEAF-2F55-26E2-A727B761AAB0}" = CCC Help Dutch
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F93ABBE-5A1D-4D56-94CB-022F109FDE4D}" = Adobe Presenter 7
"{50ED6ABB-078C-8B17-1181-DC6DDB4E52DC}" = Catalyst Control Center InstallProxy
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{56E55229-CBE7-211E-0CD1-AB3712AF177A}" = CCC Help Danish
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5CE2D957-59C2-4489-481E-2E38EAE59762}" = CCC Help Spanish
"{5DEB2BA0-0E1F-D5CB-A0C4-F738590BE973}" = Catalyst Control Center Core Implementation
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}" = Python 2.6.6
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675371D-22CD-F426-DC4C-9DDF594D0BBE}" = CCC Help Chinese Traditional
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6839108F-BC82-30BC-776F-D635EDA2B3D4}" = CCC Help Russian
"{6B1ADEE1-1595-82C4-6FB9-97B65F68E9EE}" = CCC Help Swedish
"{6B206787-2964-D9D8-A1F6-7D98B6BCD7F9}" = CCC Help Hungarian
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{6EFA70F2-D6C3-4ECA-BEA9-C1A31277C63A}_is1" = FLV Converter 3.2
"{73EFFD76-009E-A554-AA1F-106DBE475525}" = CCC Help French
"{775FCAEB-C804-02B9-135F-D9A189A1CCDC}" = CCC Help English
"{77D41B26-31DE-4EBA-F974-26D67B728FDB}" = CCC Help Turkish
"{786CF17A-66A5-4A35-B24A-178D3B39F86A}_is1" = Womble EasyDVD 1.0.1.23 (01/2010)
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{833FE2B0-DCD7-8995-6374-F69F1A84055F}" = CCC Help German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D0BED50-BD2B-5EBA-7F04-5513F1B9EC74}" = CCC Help Thai
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98C7AEBC-350A-52D6-6886-76FB98C6A503}" = Catalyst Control Center Graphics Full Existing
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_940" = Adobe Acrobat 9.4.0 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6214EA9-7BE8-4A91-B8B3-45F42F90188F}" = Readiris Pro 12
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE6F906F-9F86-5CED-E122-8C6A162295B8}" = Skins
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7163400-6A4A-467E-A31B-3841C33F6F5D}" = Xara Designer Pro 6
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1E89604-DFBE-2DF8-BE82-A0076107AA32}" = CCC Help Finnish
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50D9AC2-EB3C-3161-FF97-4E800D106D0E}" = CCC Help Norwegian
"{E65DADC9-D6B1-6706-41DE-FA19149869E5}" = Catalyst Control Center Graphics Light
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EBF60699-3D2E-6677-D504-5B4846171C8E}" = ccc-core-static
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4044E58-9707-2918-1DA9-D3E400F0B699}" = CCC Help Japanese
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F70ACEA1-05C5-6D98-9C0C-F3AD818E1E33}" = CCC Help Chinese Standard
"{F835D378-5073-8C86-70EF-9A3B739F9897}" = CCC Help Greek
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FFD3A1EB-F550-3309-7AFE-17E4BB778423}" = Catalyst Control Center Localization All
"3032-5837-0324-8793" = Moviestorm Early Access
"7-Zip" = 7-Zip 4.65
"AAA Logo 3.10 Business_is1" = AAA Logo Business Edition 3.10
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Presenter 7" = Adobe Presenter 7
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Amor SWF to Video Converter_is1" = Amor SWF to Video Converter 2.7.0
"Artensoft Photo Mosaic Wizard_is1" = Artensoft Photo Mosaic Wizard
"Artisteer 2" = Artisteer 2
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Blender" = Blender (remove only)
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dell Dock" = Dell Dock
"DivX Setup.divx.com" = DivX Setup
"EditPlus 3" = EditPlus 3
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"Flash to Video Converter Professional_is1" = Flash to Video Converter Professional 1.4.1
"GoToAssist" = GoToAssist 8.0.0.514
"HaaliMkx" = Haali Media Splitter
"Haunted Halls - Green Hills Sanitarium Collector's Edition Just For Fun Games" = Haunted Halls - Green Hills Sanitarium Collector's Edition Just For Fun Games
"Hidden Mysteries Vampire Secrets Just For Fun Games" = Hidden Mysteries Vampire Secrets Just For Fun Games
"Imagelys Picture Styles 6.1" = Imagelys Picture Styles 6.1
"Incredible Adventures of my Mom Just For Fun Games" = Incredible Adventures of my Mom Just For Fun Games
"iWisoft Flash SWF to Video Converter_is1" = iWisoft Flash SWF to Video Converter 3.4
"MAGIX_MSI_XtremePro6" = Xara Designer Pro 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1.1)" = Mozilla Thunderbird (3.1.1)
"Namoroka (64-bit) (3.6.3)" = Namoroka (64-bit) (3.6.3)
"pepakura_designer3en" = Pepakura Designer 3
"pepakura_viewer3en" = Pepakura Viewer 3
"Snapter_is1" = snapter
"TeamViewer 5" = TeamViewer 5
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.2
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 5.9.2
"Womble EasyDVD" = Womble EasyDVD 1.0.1.23 (01/2010)
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-895014978-280803970-528338707-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
"SOE-DC Universe Online Beta" = DC Universe Online

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/25/2010 8:38:13 PM | Computer Name = Joe-PC-Dell | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 15b8 Start
Time: 01cb74a5e2406592 Termination Time: 8 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: 4d8f7e0c-e099-11df-8f43-00262d20f170

Error - 10/25/2010 8:43:11 PM | Computer Name = Joe-PC-Dell | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 7

Error - 10/25/2010 9:11:46 PM | Computer Name = Joe-PC-Dell | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 7

Error - 10/25/2010 9:16:45 PM | Computer Name = Joe-PC-Dell | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 7

Error - 10/26/2010 3:00:54 AM | Computer Name = Joe-PC-Dell | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 10/26/2010 3:02:05 AM | Computer Name = Joe-PC-Dell | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 10/27/2010 2:51:03 AM | Computer Name = Joe-PC-Dell | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 10/27/2010 2:52:15 AM | Computer Name = Joe-PC-Dell | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 10/27/2010 11:30:44 AM | Computer Name = Joe-PC-Dell | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

Error - 10/27/2010 11:30:44 AM | Computer Name = Joe-PC-Dell | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

[ Media Center Events ]
Error - 10/7/2010 7:56:27 AM | Computer Name = Joe-PC-Dell | Source = MCUpdate | ID = 0
Description = 5:56:26 AM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 10/7/2010 7:56:27 AM | Computer Name = Joe-PC-Dell | Source = MCUpdate | ID = 0
Description = 5:56:27 AM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 10/7/2010 7:56:29 AM | Computer Name = Joe-PC-Dell | Source = MCUpdate | ID = 0
Description = 5:56:28 AM - Failed to retrieve Broadband (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 10/7/2010 4:03:22 PM | Computer Name = Joe-PC-Dell | Source = MCUpdate | ID = 0
Description = 2:03:22 PM - Failed to retrieve Directory (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 10/7/2010 4:03:23 PM | Computer Name = Joe-PC-Dell | Source = MCUpdate | ID = 0
Description = 2:03:23 PM - Failed to retrieve NetTV (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 10/7/2010 4:03:24 PM | Computer Name = Joe-PC-Dell | Source = MCUpdate | ID = 0
Description = 2:03:24 PM - Failed to retrieve MCESpotlight (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 10/7/2010 4:03:25 PM | Computer Name = Joe-PC-Dell | Source = MCUpdate | ID = 0
Description = 2:03:25 PM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 10/7/2010 4:03:25 PM | Computer Name = Joe-PC-Dell | Source = MCUpdate | ID = 0
Description = 2:03:25 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 10/7/2010 4:03:26 PM | Computer Name = Joe-PC-Dell | Source = MCUpdate | ID = 0
Description = 2:03:26 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 10/7/2010 4:03:28 PM | Computer Name = Joe-PC-Dell | Source = MCUpdate | ID = 0
Description = 2:03:27 PM - Failed to retrieve Broadband (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


[ System Events ]
Error - 10/15/2010 11:05:40 PM | Computer Name = Joe-PC-Dell | Source = Service Control Manager | ID = 7031
Description = The User Profile Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 10/15/2010 11:05:40 PM | Computer Name = Joe-PC-Dell | Source = Service Control Manager | ID = 7031
Description = The Task Scheduler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/15/2010 11:05:40 PM | Computer Name = Joe-PC-Dell | Source = Service Control Manager | ID = 7031
Description = The System Event Notification Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 10/15/2010 11:05:40 PM | Computer Name = Joe-PC-Dell | Source = Service Control Manager | ID = 7031
Description = The Shell Hardware Detection service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 10/15/2010 11:05:40 PM | Computer Name = Joe-PC-Dell | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 10/15/2010 11:05:40 PM | Computer Name = Joe-PC-Dell | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 10/15/2010 11:05:40 PM | Computer Name = Joe-PC-Dell | Source = Service Control Manager | ID = 7031
Description = The Windows Update service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/15/2010 11:06:40 PM | Computer Name = Joe-PC-Dell | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Server service, but this action
failed with the following error: %%1056

Error - 10/15/2010 11:07:40 PM | Computer Name = Joe-PC-Dell | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 10/15/2010 11:07:40 PM | Computer Name = Joe-PC-Dell | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Computer Browser service,
but this action failed with the following error: %%1056


< End of report >

Rootkit Unhooker

Unfortunately, when I tried to run this after install, I only get this error message:

Error loading driver, NTSTATUS code 0xC000036B



-- Hope this helps you out, and I thank you for helping me!

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:48 PM

Posted 15 November 2010 - 04:17 PM

Hi, indeed some malware showing here. Lets see if we can fix it. :)

OTL FIX
------------
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :otl
    SRV:64bit: - [2010/03/23 23:59:44 | 000,031,232 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\qmpehsoe.dll -- (qmpehsoe)
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    IE - HKU\S-1-5-21-895014978-280803970-528338707-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    
    :files
    c:\windows\tasks\at*.job
    
    :commands
    [emptytemp]
    [resethosts]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Spadurgan

Spadurgan
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 15 November 2010 - 04:36 PM

Here you go! :thumbup2:

OTL Fix Report

All processes killed
========== OTL ==========
Service qmpehsoe stopped successfully!
Service qmpehsoe deleted successfully!
C:\Windows\SysNative\qmpehsoe.dll moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-895014978-280803970-528338707-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== FILES ==========
c:\windows\tasks\At1.job moved successfully.
c:\windows\tasks\At2.job moved successfully.
c:\windows\tasks\At3.job moved successfully.
c:\windows\tasks\At4.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33282 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Joe
->Temp folder emptied: 28268529 bytes
->Temporary Internet Files folder emptied: 121257369 bytes
->Java cache emptied: 9254071 bytes
->FireFox cache emptied: 98278692 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 81624 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24794 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 427053 bytes
RecycleBin emptied: 18663 bytes

Total Files Cleaned = 246.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.3 log created on 11152010_142746

Files\Folders moved on Reboot...
C:\Users\Joe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.

Registry entries deleted on Reboot...

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:48 PM

Posted 15 November 2010 - 04:42 PM

Please let me know how things are running now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Spadurgan

Spadurgan
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 15 November 2010 - 04:56 PM

Firefox loaded much faster, but looking in the Task Manager, there are still multiple instances.

Also, Internet Explorer is still not loading.

However, searching with Google appears to be fixed, and as of yet have not had any new tabs opening up on me.

-----

Now I don't know if this is related, but during reboot, Windows was all black with the mouse cursor in the middle for a couple minutes. Then, the background, icons, and bottom bar loaded.

Edited by Spadurgan, 15 November 2010 - 04:56 PM.


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:48 PM

Posted 16 November 2010 - 03:59 AM

Did you try to uninstall IE9 and reinstall it? You can find IE9 in Add/Remove programs under the installed updates.

Please launch Malwarebytes Antimalware, update it and run a full scan. Post me the resulting log.

Please launch Firefox with the safe mode option and see if that takes care of the problem. If so, it means one of the FF add ons is the culprit.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Spadurgan

Spadurgan
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 18 November 2010 - 02:39 PM

Sorry, was without Internet for a couple of days while they upgraded.

Will do as you said and upload log(s) tonight. Thank you!

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:48 PM

Posted 18 November 2010 - 03:03 PM

No problem, post back when ready. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Spadurgan

Spadurgan
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 21 November 2010 - 10:43 PM

Hello Elise,

Since last we spoke, the opening of a tab and loading a page I did not call up has returned. However, the redirecting and the Google search issues are gone.

Also, when running in Safe Mode, the opening tab has stopped... [edit] This is NOT correct - it is STILL occurring - even in Safe Mode! :angry:

As for the uninstalling and reinstalling of IE, unfortunately it still will not load without multiple clicks, which load several iexplore's and firefox's into memory...

Finally, as requested, the MalwareByte's Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5044

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

11/21/2010 8:29:00 PM
mbam-log-2010-11-21 (20-29-00).txt

Scan type: Quick scan
Objects scanned: 149374
Time elapsed: 4 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


-- Is there anything else I can do to get my computer back? :wacko: Thanks! :thumbsup:

Edited by Spadurgan, 21 November 2010 - 11:58 PM.


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:48 PM

Posted 22 November 2010 - 05:32 AM

Hi again,

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.Link 1
Link 2
Link 3
  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:48 PM

Posted 25 November 2010 - 06:42 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Spadurgan

Spadurgan
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 25 November 2010 - 11:14 PM

Hello Elise,

I am still here, and below is the requested log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 570
Logical Drives Mask: 0x000007fc

Kernel Drivers (total 164):
0x03009000 \SystemRoot\system32\ntoskrnl.exe
0x035E5000 \SystemRoot\system32\hal.dll
0x00BAF000 \SystemRoot\system32\kdcom.dll
0x00CAF000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CBC000 \SystemRoot\system32\PSHED.dll
0x00CD0000 \SystemRoot\system32\CLFS.SYS
0x00D2E000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DEE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E04000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E5B000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E64000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E6E000 \SystemRoot\system32\DRIVERS\pci.sys
0x00EA1000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00EAE000 \SystemRoot\System32\drivers\partmgr.sys
0x00EC3000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00ED8000 \SystemRoot\System32\drivers\volmgrx.sys
0x00F34000 \SystemRoot\System32\drivers\mountmgr.sys
0x00F4E000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00F57000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00F81000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00F8C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00F9C000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00FA7000 \SystemRoot\system32\drivers\fltmgr.sys
0x01014000 \SystemRoot\system32\drivers\fileinfo.sys
0x01028000 \SystemRoot\system32\drivers\mfehidk.sys
0x010A7000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0123A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010B4000 \SystemRoot\System32\Drivers\msrpc.sys
0x013DD000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01112000 \SystemRoot\System32\Drivers\cng.sys
0x01200000 \SystemRoot\System32\drivers\pcw.sys
0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01488000 \SystemRoot\system32\drivers\ndis.sys
0x0157A000 \SystemRoot\system32\drivers\NETIO.SYS
0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\System32\drivers\tcpip.sys
0x0142B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01185000 \SystemRoot\system32\drivers\mfewfpk.sys
0x01475000 \SystemRoot\system32\drivers\TDI.SYS
0x01859000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x018A5000 \SystemRoot\System32\Drivers\spldr.sys
0x018AD000 \SystemRoot\System32\drivers\rdyboost.sys
0x018E7000 \SystemRoot\System32\Drivers\mup.sys
0x018F9000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01902000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0193C000 \SystemRoot\system32\DRIVERS\disk.sys
0x01952000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01982000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x0198C000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x01996000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x019AC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x019D6000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x019E5000 \SystemRoot\System32\Drivers\Null.SYS
0x019EE000 \SystemRoot\System32\Drivers\Beep.SYS
0x01800000 \SystemRoot\System32\drivers\vga.sys
0x0180E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01833000 \SystemRoot\System32\drivers\watchdog.sys
0x01843000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0184C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0199E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x019F5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x015DA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0121B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02C21000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x02C82000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02CC7000 \SystemRoot\system32\drivers\afd.sys
0x02D51000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D5A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02D80000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02D96000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x02DA7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02DB6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02DD1000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03EE4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03F35000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03F41000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03F4C000 \SystemRoot\System32\drivers\discache.sys
0x03F5B000 \SystemRoot\System32\Drivers\dfsc.sys
0x03F79000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03F8A000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x03FD9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03E00000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03E15000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04851000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04096000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0418A000 \SystemRoot\System32\drivers\dxgmms1.sys
0x041D0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04211000 \SystemRoot\system32\DRIVERS\athrx.sys
0x0438E000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0439B000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x043EC000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04200000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x04000000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04056000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04067000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04077000 \SystemRoot\system32\drivers\povrtdev.sys
0x04FBF000 \SystemRoot\system32\drivers\portcls.sys
0x04800000 \SystemRoot\system32\drivers\drmk.sys
0x03E5C000 \SystemRoot\system32\drivers\ks.sys
0x0420B000 \SystemRoot\system32\drivers\ksthunk.sys
0x04822000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03E9F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04082000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x011C8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03EC3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02C00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02DE5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04838000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x015EB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x043F9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x01000000 \SystemRoot\system32\DRIVERS\umbus.sys
0x050CD000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05127000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0513C000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x05A0B000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0515D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05BF8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0517A000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x0518B000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x05197000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x051B2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x051C0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05A00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x051D9000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05000000 \SystemRoot\system32\drivers\mfeavfk.sys
0x0502D000 \SystemRoot\system32\drivers\mfefirek.sys
0x01E1E000 \SystemRoot\system32\DRIVERS\lvuvc64.sys
0x02447000 \SystemRoot\system32\drivers\usbaudio.sys
0x02462000 \SystemRoot\system32\DRIVERS\lvrs64.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x024C2000 \SystemRoot\System32\drivers\Dxapi.sys
0x024CE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004E0000 \SystemRoot\System32\TSDDD.dll
0x00790000 \SystemRoot\System32\cdd.dll
0x00890000 \SystemRoot\System32\ATMFD.DLL
0x024DC000 \SystemRoot\system32\drivers\luafv.sys
0x024FF000 \SystemRoot\system32\drivers\WudfPf.sys
0x02520000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02535000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02588000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0259B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x025B3000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x054DD000 \SystemRoot\system32\drivers\HTTP.sys
0x055A5000 \SystemRoot\system32\DRIVERS\bowser.sys
0x055C3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05400000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0542D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0547B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0549E000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x068AC000 \SystemRoot\system32\drivers\peauth.sys
0x06952000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0695D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0698A000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0699C000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x06800000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08C20000 \SystemRoot\System32\DRIVERS\srv.sys
0x08CB6000 \SystemRoot\System32\Drivers\fastfat.SYS
0x08CEC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x08D8E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x08D9B000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77010000 \Windows\System32\ntdll.dll
0x478F0000 \Windows\System32\smss.exe
0xFF330000 \Windows\System32\apisetschema.dll

Processes (total 103):
0 System Idle Process
4 System
304 C:\Windows\System32\smss.exe
516 C:\PROGRA~2\AVG\AVG10\avgchsva.exe
748 csrss.exe
812 C:\Windows\System32\wininit.exe
820 csrss.exe
868 C:\Windows\System32\services.exe
896 C:\Windows\System32\lsass.exe
912 C:\Windows\System32\winlogon.exe
928 C:\Windows\System32\lsm.exe
492 C:\Windows\System32\svchost.exe
744 C:\Windows\System32\svchost.exe
480 C:\Windows\System32\atiesrxx.exe
1044 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1296 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\atieclxx.exe
1384 C:\Program Files\Dell\DellDock\DockLogin.exe
1512 C:\Windows\System32\svchost.exe
1744 C:\Windows\System32\svchost.exe
1752 C:\Windows\System32\taskhost.exe
1860 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1964 C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
2028 C:\Windows\System32\dwm.exe
1520 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
1700 C:\Windows\explorer.exe
2012 C:\Windows\System32\taskeng.exe
1176 C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
2112 C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe
2260 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2396 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
2444 C:\Windows\System32\svchost.exe
2512 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
2560 C:\Users\Joe\AppData\Local\TVersity\Media Server\MediaServer.exe
2580 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
2716 C:\Windows\System32\svchost.exe
2796 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2904 C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
2988 C:\Program Files (x86)\AVG\AVG10\avgemca.exe
3000 C:\Windows\System32\conhost.exe
3240 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
3440 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
4032 C:\Program Files (x86)\Orb Networks\Orb\bin\OrbLauncher.exe
3452 C:\Program Files (x86)\Orb Networks\Orb\bin\Orb.exe
3692 C:\Program Files (x86)\Orb Networks\Orb\bin\OrbjetManager.exe
3700 C:\Windows\System32\conhost.exe
4460 C:\Windows\System32\svchost.exe
4848 WUDFHost.exe
4544 C:\Windows\System32\rundll32.exe
3360 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
3020 C:\Windows\System32\conhost.exe
3544 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
4548 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
5140 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
5220 C:\Program Files (x86)\MediaMall\PlayOn.exe
5232 C:\Program Files (x86)\Windows Sidebar\sidebar.exe
5296 C:\Program Files\Dell\DellDock\DellDock.exe
5672 C:\Program Files (x86)\iTunes\iTunesHelper.exe
5924 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
5984 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
6032 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
6132 C:\Program Files (x86)\AVG\AVG10\avgtray.exe
5812 C:\Program Files\Windows Media Player\wmpnetwk.exe
4500 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4792 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
6408 C:\Windows\System32\conhost.exe
7136 C:\Program Files\iPod\bin\iPodService.exe
6704 C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
5888 C:\Windows\System32\svchost.exe
5032 C:\Windows\System32\wuauclt.exe
6276 C:\PROGRA~2\AVG\AVG10\avgrsa.exe
6324 C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
3684 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4704 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
5760 C:\Users\Joe\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
7216 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3336 C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
7728 C:\Program Files (x86)\Internet Explorer\iexplore.exe
7192 C:\Program Files (x86)\Internet Explorer\iexplore.exe
7272 C:\Program Files (x86)\Internet Explorer\iexplore.exe
7748 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4876 C:\Program Files (x86)\MediaMall\MediaMallServer.exe
4468 C:\Windows\splwow64.exe
6004 C:\Windows\explorer.exe
680 C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
7504 C:\Windows\System32\msiexec.exe
8160 DSUpd.exe
4976 conhost.exe
6780 C:\Windows\System32\SearchIndexer.exe
6924 C:\Windows\System32\vds.exe
1692 C:\Windows\System32\SearchProtocolHost.exe
5836 C:\Windows\System32\spoolsv.exe
7200 C:\Windows\System32\audiodg.exe
3388 C:\Windows\System32\SearchFilterHost.exe
3384 C:\Windows\System32\notepad.exe
7460 C:\Windows\System32\VSSVC.exe
6580 C:\Windows\System32\svchost.exe
4860 C:\Windows\servicing\TrustedInstaller.exe
5808 C:\Users\Joe\Business\BBlanc\ITIM\Twitter-Vids\MBRCheck.exe
1196 C:\Windows\System32\conhost.exe
5972 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`3c600000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1001FAES-75W7A0, Rev: 05.01D05

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 0C0E7F154151469D03B17DE3B60CAFCFD0398D69


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Edited by Spadurgan, 26 November 2010 - 05:24 AM.


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:48 PM

Posted 26 November 2010 - 11:40 AM

Looks like we're dealing with a nasty rootkit here.

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users