Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Synthetic Clicks (Still) Work for Sensitive macOS Security Alerts

Featured Deal: Get 73% off of a Sticky Password Premium: Lifetime Subscription Deal

Photo

Redirect and whitesmoke

Started by dpberry , Dec 15 2010 08:22 PM

  • This topic is locked This topic is locked
30 replies to this topic

#1 dpberry

dpberry

  • Members
  • 18 posts
  • OFFLINE
    •  
  • Local time:04:03 AM

Posted 15 December 2010 - 08:22 PM

I am running Windows 7 Pro. Internet Explorer constantly gets redirected when I attempt a search with Google. I also have Whitesmoke and have no idea where it came from. I removed Whitesmoke using Control Panel. Have tried removing virus with Malwarebytes and Microsoft Security Essentials. Identifies some threats and removes them but still have redirect problems.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Doug at 20:16:38.70 on Wed 12/15/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3318.2247 [GMT -5:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Doug\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ca.finance.yahoo.com/
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Power2GoExpress] NA
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [SAOB Monitor] c:\program files\acronis\onlinebackupstandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office

\office14\ONBttnIELinkedNotes.dll
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

============= SERVICES / DRIVERS ===============

R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-12-14 17072]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2010-12-15 752128]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2010-12-14 81920]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-12-15 3975088]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host

components\cv\bin\HostControlService.exe [2010-3-24 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin

\HostStorageService.exe [2010-3-24 27040]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-12-14

60928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-31 235624]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-12-14 42672]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-12-15 163232]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2009-11-3 33832]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-12-14 224424]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-11-24 125696]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15

6114816]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-10 105576]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE

[2010-1-9 4640000]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office

\office14\GROOVE.EXE [2010-3-25 30969208]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\common files\surething shared\stllssvr.exe [2010-12-15 74392]

=============== Created Last 30 ================

2010-12-15 23:31:20 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-12-15 23:30:20 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-12-15 23:30:20 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-12-15 23:30:20 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-12-15 23:30:20 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-12-15 23:30:20 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-12-15 23:23:48 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-12-15 23:19:20 -------- d-----w- c:\users\doug\appdata\roaming\Malwarebytes
2010-12-15 23:19:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-15 23:19:15 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-15 23:19:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 23:19:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-15 22:05:26 -------- d-----w- c:\program files\Foxit Software
2010-12-15 18:20:50 163232 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-12-15 18:20:45 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2010-12-15 18:20:42 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-12-15 18:20:34 170464 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-12-15 14:10:19 -------- d-----w- c:\users\doug\appdata\local\Power2Go
2010-12-15 14:02:00 87608 ----a-w- c:\users\doug\appdata\roaming\inst.exe
2010-12-15 14:02:00 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-12-15 14:02:00 47360 ----a-w- c:\users\doug\appdata\roaming\pcouffin.sys
2010-12-15 14:01:55 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-12-15 14:01:55 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-12-15 14:01:55 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-12-15 14:01:54 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-12-15 14:01:54 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-12-15 14:01:54 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-12-15 14:01:54 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-12-15 14:01:52 -------- d-----w- c:\program files\VSO
2010-12-15 13:58:11 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-15 13:58:11 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-15 13:58:11 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2010-12-15 13:58:11 1 ----a-w- c:\windows\system32\uuddc32.dll
2010-12-15 13:58:10 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-12-15 13:58:10 -------- d-----w- c:\program files\BayGenie
2010-12-15 13:50:55 -------- d-----w- c:\users\doug\appdata\local\MicroVision Applications
2010-12-15 13:50:10 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-12-15 13:50:10 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-12-15 13:50:09 -------- d-----w- c:\program files\common files\SureThing Shared
2010-12-15 13:50:04 -------- d-----w- c:\program files\SureThing CD Labeler 5
2010-12-15 12:22:25 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-12-15 12:22:00 -------- d-----w- c:\windows\PCHEALTH
2010-12-15 12:22:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-12-15 12:20:43 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-12-15 12:20:02 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-12-15 12:19:45 -------- d-----w- c:\users\doug\appdata\local\Microsoft Help
2010-12-15 12:19:05 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-12-15 12:19:01 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-12-15 12:19:00 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-12-15 12:17:55 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-12-15 12:16:57 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-15 12:16:47 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-15 12:16:37 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-12-15 12:16:09 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-12-15 12:15:25 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-12-15 12:15:25 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-12-15 12:15:25 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-12-15 12:12:56 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 05:13:22 -------- d-----w- c:\windows\Panther
2010-12-15 05:12:54 -------- d-----w- c:\windows\system32\oem
2010-12-15 03:37:12 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{3f72d9fd-cb96-4068-864e-

c4d9cff67be1}\mpengine.dll
2010-12-15 03:35:53 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-12-15 03:33:01 -------- d-----w- c:\program files\uTorrent
2010-12-15 03:32:00 -------- d-----w- c:\users\doug\appdata\roaming\uTorrent
2010-12-15 03:28:04 307200 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzppw72.dll
2010-12-15 03:16:39 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{12535e1b-ba0d-4a75-87f1-

376dfbd1f088}\mpengine.dll
2010-12-15 03:16:38 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-15 02:56:19 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-12-15 02:56:18 132608 ----a-w- c:\windows\system32\cabview.dll
2010-12-15 02:47:17 -------- d-----w- c:\progra~2\NVIDIA Corporation
2010-12-15 02:46:57 -------- d-----w- c:\program files\NVIDIA Corporation
2010-12-15 02:46:10 -------- d-----w- c:\program files\DellTPad
2010-12-15 02:45:41 256712 ----a-w- c:\windows\system32\PROUnstl.exe
2010-12-15 02:45:28 74944 ----a-w- c:\windows\system32\NicInstK.dll
2010-12-15 02:45:28 68264 ----a-w- c:\windows\system32\e1kmsg.dll
2010-12-15 02:45:28 224424 ----a-w- c:\windows\system32\drivers\e1k6232.sys
2010-12-15 02:44:48 61440 ----a-w- c:\windows\system32\aestaren.dll
2010-12-15 02:44:48 380928 ----a-w- c:\windows\system32\aestecap.dll
2010-12-15 02:44:48 1953792 ----a-w- c:\windows\system32\stlang.dll
2010-12-15 02:44:48 140288 ----a-w- c:\windows\system32\aestacap.dll
2010-12-15 02:44:48 11870298 ----a-w- c:\windows\system32\idtsg.cpl
2010-12-15 02:44:47 -------- d-----w- c:\windows\system32\SRSLabs
2010-12-15 02:44:20 431616 ----a-w- c:\windows\system32\drivers\stwrt.sys
2010-12-15 02:44:19 942080 ----a-w- c:\windows\system32\stapo.dll
2010-12-15 02:44:19 528384 ------w- c:\windows\system32\stapi32.dll
2010-12-15 02:44:19 405504 ----a-w- c:\windows\system32\stcplx.dll
2010-12-15 02:44:19 175616 ----a-w- c:\windows\system32\st326292.dll
2010-12-15 02:44:18 -------- d-----w- c:\program files\IDT
2010-12-15 02:38:54 405504 ----a-r- c:\users\doug\appdata\roaming\microsoft\installer\{0003c1e0-e0e7-49bb-a0f6-

4ae6d2b09202}\ARPPRODUCTICON.exe
2010-12-15 02:38:50 -------- d-----w- c:\windows\system32\BioAPIFFDB
2010-12-15 02:38:05 -------- d-----w- c:\program files\Dell
2010-12-15 02:35:52 42672 ----a-w- c:\windows\system32\drivers\Accelern.sys
2010-12-15 02:35:52 17072 ----a-w- c:\windows\system32\drivers\stdfltn.sys
2010-12-15 02:35:52 -------- d-----w- c:\program files\STMicroelectronics
2010-12-15 02:34:42 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-12-15 02:33:59 -------- d-----w- c:\users\doug\appdata\roaming\Intel
2010-12-15 02:32:51 -------- d-----w- c:\program files\Cisco
2010-12-15 02:32:49 -------- d-----w- c:\program files\common files\Intel
2010-12-15 02:31:24 -------- d-sh--w- c:\windows\Installer
2010-12-15 02:29:44 -------- d-----w- c:\program files\CONEXANT
2010-12-15 02:27:45 -------- d-----w- c:\program files\Playmaker Pro
2010-12-15 02:27:31 -------- d-----w- c:\windows\system32\wbem\Performance
2010-12-12 21:43:30 -------- d-----w- C:\Transfer
2010-12-11 13:36:48 -------- d-----w- C:\Berry Football Master
2010-12-11 13:34:53 -------- d-----w- C:\_Football
2010-11-24 08:27:11 980992 ----a-w- c:\windows\system32\drivers\HSX_DPV.sys
2010-11-24 08:27:11 94208 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-11-24 08:27:11 8704 ----a-w- c:\windows\system32\drivers\XAudio32.sys
2010-11-24 08:27:11 661504 ----a-w- c:\windows\system32\drivers\HSX_CNXT.sys
2010-11-24 08:27:11 410624 ----a-w- c:\windows\system32\XAudio32.dll
2010-11-24 08:27:11 258048 ----a-w- c:\windows\system32\UCI32M40.dll
2010-11-24 08:27:11 207360 ----a-w- c:\windows\system32\drivers\HSXHWAZL.sys
2010-11-24 08:27:11 12672 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2010-11-24 08:25:54 125696 ----a-w- c:\windows\system32\drivers\Impcd.sys
2010-11-24 08:15:48 28792 ----a-w- c:\windows\system32\NicCo36.dll
2010-11-24 08:15:48 -------- d-----w- C:\drvrtmp
2010-11-24 08:10:07 -------- d-----w- C:\Intel
2010-11-24 08:07:25 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-11-24 08:07:25 114616 ----a-w- c:\windows\system32\Vxdif.dll
2010-11-24 08:07:24 255096 ----a-w- c:\windows\system32\drivers\Apfiltr.sys

==================== Find3M ====================

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST9250410AS rev.D005SDM1 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys stdfltn.sys >>UNKNOWN [0x86A62555]<<
c:\windows\system32\drivers\stdfltn.sys ST Microelectronics Disk Filter Driver for Accelerometer
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86a687b0]; MOV EAX, [0x86a6882c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP

+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82E75458] -> \Device\Harddisk0\DR0[0x86A37030]
3 CLASSPNP[0x8C58359E] -> ntkrnlpa!IofCallDriver[0x82E75458] -> [0x86A362A0]
5 stdfltn[0x8C3DA70C] -> ntkrnlpa!IofCallDriver[0x82E75458] -> \IdeDeviceP0T0L0-0[0x868C0030]
\Driver\atapi[0x86A4E210] -> IRP_MJ_CREATE -> 0x86A62555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH

AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST9250410AS_____________________________D005SDM1#5&eca3041&0&0.0.0#{53f56307-b6bf-11d0-94f2-

00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 20:17:18.00 ===============

BC AdBot (Login to Remove)

 

#2 dpberry

dpberry
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
    •  
  • Local time:04:03 AM

Posted 16 December 2010 - 08:00 AM

Ran TDSSKiller and everything appears to be functioning as normal again. But would appreciate it if someone could review my posted logs and confirm. Attached is the TDSSKiller log.

Attached Files


#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:03 AM

Posted 25 December 2010 - 09:28 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 dpberry

dpberry
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
    •  
  • Local time:04:03 AM

Posted 26 December 2010 - 08:30 PM

I am watching this topic

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:03 AM

Posted 26 December 2010 - 09:21 PM

TDSSKiller certainly removed the rootkit. Please run OTL and post the log to make sure that's all we have here.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#6 dpberry

dpberry
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
    •  
  • Local time:04:03 AM

Posted 26 December 2010 - 09:49 PM

OTL logfile created on: 12/26/2010 9:46:22 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Doug\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 137.89 Gb Free Space | 59.24% Space Free | Partition Type: NTFS

Computer Name: DOUG-DELL | User Name: Doug | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Doug\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Doug\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (InstallFilterService) -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe ()
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\system32\DRIVERS\tdrpm273.sys (Acronis)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (e1kexpress) Intel® -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)
DRV - (Acceler) -- C:\Windows\System32\drivers\Accelern.sys (ST Microelectronics)
DRV - (stdflt) -- C:\Windows\system32\DRIVERS\stdfltn.sys (ST Microelectronics)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (cvusbdrv) -- C:\Windows\System32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (NETw5s32) Intel® -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (PBADRV) -- C:\Windows\system32\DRIVERS\PBADRV.sys (Dell Inc)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.finance.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E 2D DC 16 04 9C CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{CFC19490-8957-4442-99CF-7FC17B52511E}: C:\Windows\system32\config\systemprofile\AppData\Local\{CFC19490-8957-4442-99CF-7FC17B52511E}\ [2010/12/15 18:02:49 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/26 21:42:50 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Doug\Desktop\OTL.exe
[2010/12/20 16:25:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/20 16:25:41 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010/12/20 16:25:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2010/12/18 09:23:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010/12/18 09:04:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\Dell
[2010/12/18 09:04:37 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2010/12/16 09:07:30 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Local\Apps
[2010/12/16 09:07:29 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Local\Deployment
[2010/12/16 08:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/12/15 18:30:20 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/12/15 18:30:20 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/12/15 18:30:20 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/12/15 18:23:48 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010/12/15 18:19:20 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\Malwarebytes
[2010/12/15 18:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/15 17:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/12/15 13:20:50 | 000,163,232 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\afcdp.sys
[2010/12/15 13:20:45 | 000,752,128 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\tdrpm273.sys
[2010/12/15 13:20:42 | 000,600,928 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2010/12/15 13:20:34 | 000,170,464 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2010/12/15 13:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2010/12/15 13:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2010/12/15 13:18:38 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\Acronis
[2010/12/15 13:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2010/12/15 09:10:19 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Local\Power2Go
[2010/12/15 09:10:11 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\CyberLink
[2010/12/15 09:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/12/15 09:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/12/15 09:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2010/12/15 09:02:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Doug\AppData\Roaming\pcouffin.sys
[2010/12/15 09:02:00 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\Vso
[2010/12/15 09:02:00 | 000,000,000 | ---D | C] -- C:\Users\Doug\Documents\PcSetup
[2010/12/15 09:01:55 | 000,273,408 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\Pncrt.dll
[2010/12/15 09:01:55 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv43260.dll
[2010/12/15 09:01:55 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv33260.dll
[2010/12/15 09:01:55 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\sipr3260.dll
[2010/12/15 09:01:54 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc1dmod.dll
[2010/12/15 09:01:54 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2010/12/15 09:01:54 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv23260.dll
[2010/12/15 09:01:54 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\cook3260.dll
[2010/12/15 09:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\VSO
[2010/12/15 08:58:11 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71u.dll
[2010/12/15 08:58:10 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll
[2010/12/15 08:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\BayGenie
[2010/12/15 08:50:56 | 000,000,000 | ---D | C] -- C:\Users\Doug\Documents\My SureThing Projects
[2010/12/15 08:50:55 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Local\MicroVision Applications
[2010/12/15 08:50:10 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp70.dll
[2010/12/15 08:50:10 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll
[2010/12/15 08:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2010/12/15 08:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\SureThing CD Labeler 5
[2010/12/15 08:40:44 | 000,000,000 | ---D | C] -- C:\Users\Doug\Documents\Boat
[2010/12/15 08:39:58 | 000,000,000 | ---D | C] -- C:\Users\Doug\Documents\Manuals
[2010/12/15 08:39:03 | 000,000,000 | ---D | C] -- C:\Users\Doug\Documents\Seadoo
[2010/12/15 08:38:11 | 000,000,000 | ---D | C] -- C:\Users\Doug\Documents\Satellite
[2010/12/15 07:50:35 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\Macromedia
[2010/12/15 07:50:35 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\Adobe
[2010/12/15 07:43:06 | 000,000,000 | ---D | C] -- C:\Users\Doug\Documents\Outlook Files
[2010/12/15 07:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/12/15 07:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/12/15 07:22:00 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/12/15 07:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/12/15 07:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/12/15 07:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/12/15 07:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/12/15 07:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/12/15 07:19:45 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Local\Microsoft Help
[2010/12/15 07:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/12/15 07:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/12/15 07:18:37 | 000,197,632 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll
[2010/12/15 07:18:37 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/12/15 07:18:35 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/12/15 07:18:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/15 07:18:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/12/15 07:18:25 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/15 07:18:25 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/15 07:18:25 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/15 07:18:24 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/15 07:18:24 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/15 07:18:24 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/15 07:18:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/15 07:18:24 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/15 07:18:24 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/15 07:18:24 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/15 07:18:24 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/15 07:18:17 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/12/15 07:18:17 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/12/15 07:18:17 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/12/15 07:18:17 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/12/15 07:18:17 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/12/15 07:18:08 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/15 07:18:08 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/15 07:18:08 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/15 07:18:07 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2010/12/15 07:18:02 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/12/15 07:18:02 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010/12/15 07:17:55 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/12/15 07:17:51 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/12/15 07:17:46 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/15 07:17:46 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/12/15 07:17:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/15 07:17:43 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/12/15 07:17:43 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/12/15 07:17:39 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/12/15 07:17:37 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/12/15 07:17:36 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/12/15 07:17:32 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/12/15 07:17:32 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/12/15 07:17:27 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010/12/15 07:17:25 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/12/15 07:17:25 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/12/15 07:17:25 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/12/15 07:17:19 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/15 07:17:18 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/12/15 07:17:18 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/12/15 07:17:18 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/12/15 07:17:18 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/12/15 07:17:18 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/12/15 07:17:18 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/12/15 07:17:18 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/12/15 07:17:18 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/12/15 07:17:12 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010/12/15 07:17:11 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/12/15 07:17:11 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/12/15 07:17:00 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/12/15 07:16:57 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2010/12/15 07:16:37 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
[2010/12/15 07:12:56 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/15 00:17:26 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/12/15 00:15:15 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/12/15 00:14:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/12/15 00:13:22 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/12/15 00:12:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\oem
[2010/12/14 22:52:30 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\WinRAR
[2010/12/14 22:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/12/14 22:46:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/12/14 22:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010/12/14 22:35:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/12/14 22:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/12/14 22:32:00 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\uTorrent
[2010/12/14 22:16:38 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/12/14 21:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/12/14 21:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/12/14 21:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/12/14 21:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad
[2010/12/14 21:45:41 | 000,256,712 | ---- | C] (Intel Corporation) -- C:\Windows\System32\PROUnstl.exe
[2010/12/14 21:45:28 | 000,224,424 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\e1k6232.sys
[2010/12/14 21:45:28 | 000,074,944 | ---- | C] (Intel Corporation) -- C:\Windows\System32\NicInstK.dll
[2010/12/14 21:45:28 | 000,068,264 | ---- | C] (Intel Corporation) -- C:\Windows\System32\e1kmsg.dll
[2010/12/14 21:44:48 | 011,870,298 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtsg.cpl
[2010/12/14 21:44:48 | 001,953,792 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stlang.dll
[2010/12/14 21:44:48 | 000,380,928 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\aestecap.dll
[2010/12/14 21:44:48 | 000,140,288 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\aestacap.dll
[2010/12/14 21:44:48 | 000,061,440 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\aestaren.dll
[2010/12/14 21:44:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\SRSLabs
[2010/12/14 21:44:20 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys
[2010/12/14 21:44:19 | 000,942,080 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
[2010/12/14 21:44:19 | 000,528,384 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2010/12/14 21:44:19 | 000,405,504 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
[2010/12/14 21:44:19 | 000,175,616 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\st326292.dll
[2010/12/14 21:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2010/12/14 21:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom Corporation
[2010/12/14 21:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Broadcom
[2010/12/14 21:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/12/14 21:39:14 | 000,026,608 | ---- | C] (Dell Inc) -- C:\Windows\System32\drivers\PBADRV.sys
[2010/12/14 21:39:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/12/14 21:39:08 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2010/12/14 21:39:08 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2010/12/14 21:39:08 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2010/12/14 21:38:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\BioAPIFFDB
[2010/12/14 21:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/12/14 21:35:52 | 000,042,672 | ---- | C] (ST Microelectronics) -- C:\Windows\System32\drivers\Accelern.sys
[2010/12/14 21:35:52 | 000,017,072 | ---- | C] (ST Microelectronics) -- C:\Windows\System32\drivers\stdfltn.sys
[2010/12/14 21:35:52 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/12/14 21:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\STMicroelectronics
[2010/12/14 21:34:42 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2010/12/14 21:33:59 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\Intel
[2010/12/14 21:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2010/12/14 21:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2010/12/14 21:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2010/12/14 21:31:24 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/12/14 21:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/12/14 21:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/12/14 21:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Playmaker Pro
[2010/12/14 21:25:15 | 000,000,000 | R--D | C] -- C:\Users\Doug\Searches
[2010/12/14 21:25:15 | 000,000,000 | -H-D | C] -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/12/14 21:25:04 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\Identities
[2010/12/14 21:25:00 | 000,000,000 | R--D | C] -- C:\Users\Doug\Contacts
[2010/12/14 21:24:43 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Local\VirtualStore
[2010/12/14 21:24:41 | 000,000,000 | --SD | C] -- C:\Users\Doug\AppData\Roaming\Microsoft
[2010/12/14 21:24:41 | 000,000,000 | R--D | C] -- C:\Users\Doug\Videos
[2010/12/14 21:24:41 | 000,000,000 | R--D | C] -- C:\Users\Doug\Saved Games
[2010/12/14 21:24:41 | 000,000,000 | R--D | C] -- C:\Users\Doug\Pictures
[2010/12/14 21:24:41 | 000,000,000 | R--D | C] -- C:\Users\Doug\Music
[2010/12/14 21:24:41 | 000,000,000 | R--D | C] -- C:\Users\Doug\Links
[2010/12/14 21:24:41 | 000,000,000 | R--D | C] -- C:\Users\Doug\Favorites
[2010/12/14 21:24:41 | 000,000,000 | R--D | C] -- C:\Users\Doug\Downloads
[2010/12/14 21:24:41 | 000,000,000 | R--D | C] -- C:\Users\Doug\My Documents
[2010/12/14 21:24:41 | 000,000,000 | R--D | C] -- C:\Users\Doug\Desktop
[2010/12/14 21:24:41 | 000,000,000 | -HSD | C] -- C:\Users\Doug\AppData\Local\Temporary Internet Files
[2010/12/14 21:24:41 | 000,000,000 | -HSD | C] -- C:\Users\Doug\Templates
[2010/12/14 21:24:41 | 000,000,000 | -HSD | C] -- C:\Users\Doug\Start Menu
[2010/12/14 21:24:41 | 000,000,000 | -HSD | C] -- C:\Users\Doug\SendTo
[2010/12/14 21:24:41 | 000,000,000 | -HSD | C] -- C:\Users\Doug\Recent
[2010/12/14 21:24:41 | 000,000,000 | -HSD | C] -- C:\Users\Doug\PrintHood
[2010/12/14 21:24:41 | 000,000,000 | -HSD | C] -- C:\Users\Doug\NetHood
[2010/12/14 21:24:41 | 000,000,000 | -HSD | C] -- C:\Users\Doug\Documents\My Videos
[2010/12/14 21:24:41 | 000,000,000 | -HSD | C] -- C:\Users\Doug\Documents\My Pictures
[2010/12/14 21:24:41 | 000,000,000 | -HSD | C] -- C:\Users\Doug\Documents\My Music
[2010/12/14 21:24:41 | 000,000,000 | -HSD | C] -- C:\Users\Doug\My Documents
[2010/12/14 21:24:41 | 000,000,000 | -HSD | C] -- C:\Users\Doug\Local Settings
[2010/12/14 21:24:41 | 000,000,000 | -HSD | C] -- C:\Users\Doug\AppData\Local\History
[2010/12/14 21:24:41 | 000,000,000 | -HSD | C] -- C:\Users\Doug\Cookies
[2010/12/14 21:24:41 | 000,000,000 | -HSD | C] -- C:\Users\Doug\Application Data
[2010/12/14 21:24:41 | 000,000,000 | -HSD | C] -- C:\Users\Doug\AppData\Local\Application Data
[2010/12/14 21:24:41 | 000,000,000 | -H-D | C] -- C:\Users\Doug\AppData
[2010/12/14 21:24:41 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Local\Temp
[2010/12/14 21:24:41 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Local\Microsoft
[2010/12/14 21:24:41 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\Media Center Programs
[2010/12/12 16:43:30 | 000,000,000 | ---D | C] -- C:\Transfer
[2010/12/11 08:36:48 | 000,000,000 | ---D | C] -- C:\Berry Football Master
[2010/12/11 08:34:53 | 000,000,000 | ---D | C] -- C:\_Football
[2010/12/10 08:42:14 | 000,000,000 | RH-D | C] -- C:\MSOCache

========== Files - Modified Within 30 Days ==========

[2010/12/26 21:42:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Doug\Desktop\OTL.exe
[2010/12/26 20:16:05 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/26 20:16:05 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/26 20:11:58 | 000,617,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/26 20:11:58 | 000,104,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/26 20:07:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/26 20:07:30 | 2609,262,592 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/24 13:34:45 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/12/24 13:34:45 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/12/20 16:39:45 | 000,001,897 | ---- | M] () -- C:\Users\Doug\Desktop\Microsoft Security Essentials.lnk
[2010/12/20 16:26:57 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2010/12/18 17:23:19 | 000,001,212 | ---- | M] () -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/12/15 19:12:34 | 000,449,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/15 18:23:36 | 000,002,661 | ---- | M] () -- C:\Users\Doug\Desktop\Microsoft Word 2010.lnk
[2010/12/15 18:23:36 | 000,002,623 | ---- | M] () -- C:\Users\Doug\Desktop\Microsoft Excel 2010.lnk
[2010/12/15 13:20:51 | 000,163,232 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\afcdp.sys
[2010/12/15 13:20:45 | 000,752,128 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\tdrpm273.sys
[2010/12/15 13:20:43 | 000,600,928 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2010/12/15 13:20:34 | 000,170,464 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2010/12/15 13:20:29 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image Home 2011.lnk
[2010/12/15 09:14:54 | 000,038,415 | ---- | M] () -- C:\Users\Doug\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/12/15 09:07:49 | 000,001,231 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink Power2Go.lnk
[2010/12/15 09:04:32 | 000,001,041 | ---- | M] () -- C:\Users\Doug\AppData\Roaming\vso_ts_preview.xml
[2010/12/15 09:02:01 | 000,087,608 | ---- | M] () -- C:\Users\Doug\AppData\Roaming\inst.exe
[2010/12/15 09:02:00 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Doug\AppData\Roaming\pcouffin.sys
[2010/12/15 09:02:00 | 000,007,887 | ---- | M] () -- C:\Users\Doug\AppData\Roaming\pcouffin.cat
[2010/12/15 09:02:00 | 000,001,144 | ---- | M] () -- C:\Users\Doug\AppData\Roaming\pcouffin.inf
[2010/12/15 09:01:59 | 000,001,178 | ---- | M] () -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2010/12/15 09:01:58 | 000,001,186 | ---- | M] () -- C:\Users\Doug\Desktop\ConvertX to DVD 4.lnk
[2010/12/15 08:58:11 | 000,001,998 | ---- | M] () -- C:\Users\Doug\Desktop\BayGenie eBay Auction Sniper Pro Edition.lnk
[2010/12/15 08:50:51 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\SureThing CD Labeler Deluxe 5.lnk
[2010/12/15 07:43:08 | 000,001,101 | ---- | M] () -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/12/15 07:35:55 | 000,003,029 | ---- | M] () -- C:\Users\Doug\Desktop\Microsoft Outlook 2010.lnk
[2010/12/15 07:33:14 | 000,002,919 | ---- | M] () -- C:\Users\Doug\Desktop\Microsoft Access 2010.lnk
[2010/12/15 07:31:01 | 000,000,184 | ---- | M] () -- C:\Windows\AutoKMS.ini
[2010/12/15 00:18:34 | 000,040,833 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/12/15 00:17:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2010/12/15 00:14:11 | 248,736,514 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/14 22:54:26 | 000,001,161 | ---- | M] () -- C:\Users\Doug\Desktop\PlayMaker Pro Football 4.1.LNK
[2010/12/14 22:41:18 | 000,001,811 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/12/14 22:33:01 | 000,000,937 | ---- | M] () -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/12/14 22:03:34 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/12/14 21:59:15 | 000,001,407 | ---- | M] () -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/14 21:46:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2010/12/14 21:39:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_cvusbdrv_01005.Wdf
[2010/12/14 21:26:27 | 000,001,230 | ---- | M] () -- C:\Users\Doug\Desktop\Calculator.lnk
[2010/12/14 21:26:21 | 000,001,304 | ---- | M] () -- C:\Users\Doug\Desktop\Notepad.lnk
[2010/12/14 21:26:15 | 000,001,228 | ---- | M] () -- C:\Users\Doug\Desktop\Windows Explorer.lnk
[2010/12/07 09:24:36 | 000,438,595 | ---- | M] () -- C:\Users\Doug\Documents\Phonebook_Datapilot_Doug_120710.dpb

========== Files Created - No Company Name ==========

[2010/12/20 16:39:45 | 000,001,897 | ---- | C] () -- C:\Users\Doug\Desktop\Microsoft Security Essentials.lnk
[2010/12/20 16:26:57 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2010/12/18 17:23:19 | 000,001,212 | ---- | C] () -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/12/15 13:20:29 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image Home 2011.lnk
[2010/12/15 13:18:13 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/12/15 13:18:05 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/12/15 09:14:54 | 000,038,415 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/12/15 09:07:49 | 000,001,231 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink Power2Go.lnk
[2010/12/15 09:03:03 | 000,001,041 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\vso_ts_preview.xml
[2010/12/15 09:02:24 | 000,000,034 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\pcouffin.log
[2010/12/15 09:02:00 | 000,087,608 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\inst.exe
[2010/12/15 09:02:00 | 000,007,887 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\pcouffin.cat
[2010/12/15 09:02:00 | 000,001,144 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\pcouffin.inf
[2010/12/15 09:01:59 | 000,001,178 | ---- | C] () -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2010/12/15 09:01:58 | 000,001,186 | ---- | C] () -- C:\Users\Doug\Desktop\ConvertX to DVD 4.lnk
[2010/12/15 08:58:11 | 000,001,998 | ---- | C] () -- C:\Users\Doug\Desktop\BayGenie eBay Auction Sniper Pro Edition.lnk
[2010/12/15 08:58:11 | 000,000,001 | ---- | C] () -- C:\Windows\System32\uuddc32.dll
[2010/12/15 08:50:13 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\SureThing CD Labeler Deluxe 5.lnk
[2010/12/15 08:49:06 | 000,277,622 | ---- | C] () -- C:\Users\Doug\Documents\Winnipeg Contract Buyout Terms_DBerry.pdf
[2010/12/15 08:49:06 | 000,031,744 | ---- | C] () -- C:\Users\Doug\Documents\Winnipeg Contract Release_q2g301!.DOC
[2010/12/15 08:49:06 | 000,020,480 | ---- | C] () -- C:\Users\Doug\Documents\Winnipeg Roster Salary Cap Guide.xls
[2010/12/15 08:48:47 | 000,058,941 | ---- | C] () -- C:\Users\Doug\Documents\Wii Softmod Guide - Wiihacks.docx
[2010/12/15 08:48:47 | 000,013,967 | ---- | C] () -- C:\Users\Doug\Documents\Wii Motion Plus video Sports Plus.docx
[2010/12/15 08:47:58 | 000,011,585 | ---- | C] () -- C:\Users\Doug\Documents\Using 2WIRE router.docx
[2010/12/15 08:47:29 | 000,012,312 | ---- | C] () -- C:\Users\Doug\Documents\Toronto Final Letter.docx
[2010/12/15 08:47:29 | 000,011,535 | ---- | C] () -- C:\Users\Doug\Documents\Toronto Followup Letter 2.docx
[2010/12/15 08:47:29 | 000,011,042 | ---- | C] () -- C:\Users\Doug\Documents\Toronto thank you.docx
[2010/12/15 08:47:02 | 000,010,675 | ---- | C] () -- C:\Users\Doug\Documents\Sub Panel.docx
[2010/12/15 08:46:43 | 000,010,263 | ---- | C] () -- C:\Users\Doug\Documents\RBC Direct Invest Change Address.docx
[2010/12/15 08:46:42 | 003,466,730 | ---- | C] () -- C:\Users\Doug\Documents\Retirement plan from Kerry 01042010.pdf
[2010/12/15 08:46:21 | 000,017,856 | ---- | C] () -- C:\Users\Doug\Documents\Program Grand Cherokee Remote.docx
[2010/12/15 08:46:13 | 000,438,595 | ---- | C] () -- C:\Users\Doug\Documents\Phonebook_Datapilot_Doug_120710.dpb
[2010/12/15 08:44:37 | 000,017,029 | ---- | C] () -- C:\Users\Doug\Documents\GRAPENUT ICE CREAM.docx
[2010/12/15 08:44:29 | 000,197,291 | ---- | C] () -- C:\Users\Doug\Documents\Garmin POI Loader Guide.docx
[2010/12/15 08:44:11 | 000,024,064 | ---- | C] () -- C:\Users\Doug\Documents\Fidelity Investment.doc
[2010/12/15 08:43:26 | 000,018,489 | ---- | C] () -- C:\Users\Doug\Documents\Dad - Live like you are dying.docx
[2010/12/15 08:43:08 | 000,012,436 | ---- | C] () -- C:\Users\Doug\Documents\CIRCIUIT BOX.xlsx
[2010/12/15 08:42:31 | 000,104,704 | ---- | C] () -- C:\Users\Doug\Documents\Canada NON-Residents Income Tax.pdf
[2010/12/15 08:42:31 | 000,013,472 | ---- | C] () -- C:\Users\Doug\Documents\Buying a Used Corvette.docx
[2010/12/15 08:42:31 | 000,010,735 | ---- | C] () -- C:\Users\Doug\Documents\Canada Tax Residency Final appeal.docx
[2010/12/15 07:43:08 | 000,001,101 | ---- | C] () -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/12/15 07:35:55 | 000,003,029 | ---- | C] () -- C:\Users\Doug\Desktop\Microsoft Outlook 2010.lnk
[2010/12/15 07:33:19 | 000,002,623 | ---- | C] () -- C:\Users\Doug\Desktop\Microsoft Excel 2010.lnk
[2010/12/15 07:33:14 | 000,002,919 | ---- | C] () -- C:\Users\Doug\Desktop\Microsoft Access 2010.lnk
[2010/12/15 07:33:03 | 000,002,661 | ---- | C] () -- C:\Users\Doug\Desktop\Microsoft Word 2010.lnk
[2010/12/15 07:31:01 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2010/12/15 00:17:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2010/12/15 00:14:11 | 248,736,514 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/12/15 00:12:54 | 000,000,025 | RH-- | C] () -- C:\Windows\DELL_version
[2010/12/14 22:54:26 | 000,001,161 | ---- | C] () -- C:\Users\Doug\Desktop\PlayMaker Pro Football 4.1.LNK
[2010/12/14 22:41:18 | 000,001,811 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/12/14 22:33:01 | 000,000,937 | ---- | C] () -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/12/14 22:03:34 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/12/14 21:59:15 | 000,001,407 | ---- | C] () -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/14 21:46:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2010/12/14 21:45:41 | 000,001,904 | ---- | C] () -- C:\Windows\System32\SetupBD.din
[2010/12/14 21:45:28 | 000,003,138 | ---- | C] () -- C:\Windows\System32\e1k6232.din
[2010/12/14 21:39:30 | 000,308,624 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll
[2010/12/14 21:39:30 | 000,206,216 | ---- | C] () -- C:\Windows\System32\bipbsp.dll
[2010/12/14 21:39:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_cvusbdrv_01005.Wdf
[2010/12/14 21:39:14 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2010/12/14 21:26:27 | 000,001,230 | ---- | C] () -- C:\Users\Doug\Desktop\Calculator.lnk
[2010/12/14 21:26:21 | 000,001,304 | ---- | C] () -- C:\Users\Doug\Desktop\Notepad.lnk
[2010/12/14 21:26:15 | 000,001,228 | ---- | C] () -- C:\Users\Doug\Desktop\Windows Explorer.lnk
[2010/12/14 21:24:41 | 000,000,290 | ---- | C] () -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/12/14 21:24:41 | 000,000,272 | ---- | C] () -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2006/06/30 12:58:44 | 000,176,128 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2006/06/30 12:58:44 | 000,126,976 | ---- | C] () -- C:\Windows\System32\bioapi100.dll

========== LOP Check ==========

[2010/12/16 20:42:29 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Acronis
[2010/12/21 20:44:53 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\uTorrent
[2010/12/15 09:04:32 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Vso
[2010/12/24 13:34:45 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/12/24 13:34:45 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2009/07/13 23:53:46 | 000,007,168 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 12/26/2010 9:46:22 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Doug\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 137.89 Gb Free Space | 59.24% Space Free | Partition Type: NTFS

Computer Name: DOUG-DELL | User Name: Doug | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe 5
"{5A26B7C0-55B1-4DA8-A693-E51380497A5E}" = Dell ControlVault Host Components Installer
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel® PROSet/Wireless WiFi Software
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BayGenie eBay Auction Sniper Pro Edition_is1" = BayGenie eBay Auction Sniper Pro Edition 3.3.1.6
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"ImgBurn" = ImgBurn
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PlayMaker Pro Canadian Football" = PlayMaker Pro Canadian Football
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® Network Connections Drivers
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/14/2010 10:36:41 PM | Computer Name = Doug-Dell | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\dell\drivers\R260223\bcmwltry.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/14/2010 10:36:41 PM | Computer Name = Doug-Dell | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\dell\drivers\R260223\wltray.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/14/2010 10:37:02 PM | Computer Name = Doug-Dell | Source = Dell - System Update | ID = 777
Description = Update failed Package: Setup.exe Description: Previous version: NA,
New version: Log file: C:\Dell\UpdatePackage\log\bcmwl.log Exit code: 111

Error - 12/15/2010 8:03:32 PM | Computer Name = Doug-Dell | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 136c Start
Time: 01cb9cb496dd17a2 Termination Time: 15 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: e329f713-08a7-11e0-b84f-0026b9f5a069

Error - 12/18/2010 7:54:36 PM | Computer Name = Doug-Dell | Source = Microsoft Office 14 | ID = 2001
Description = Microsoft Outlook: Rejected Safe Mode action : Outlook failed to start
correctly last time. Starting Outlook in safe mode will help you correct or isolate
a startup problem in order to successfully start the program. Some functionality
may be disabled in this mode. Do you want to start Outlook in safe mode?.

Error - 12/19/2010 9:50:05 PM | Computer Name = Doug-Dell | Source = Microsoft Office 14 | ID = 2001
Description = Microsoft Outlook: Rejected Safe Mode action : Outlook failed to launch
in safe mode. Do you want to start repair?.

Error - 12/21/2010 6:05:38 PM | Computer Name = Doug-Dell | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16700 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 150 Start
Time: 01cba158dcc34ea5 Termination Time: 0 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

[ System Events ]
Error - 12/26/2010 8:49:46 AM | Computer Name = Doug-Dell | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy14.

Error - 12/26/2010 8:49:48 AM | Computer Name = Doug-Dell | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy5.

Error - 12/26/2010 8:49:49 AM | Computer Name = Doug-Dell | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy14.

Error - 12/26/2010 8:49:51 AM | Computer Name = Doug-Dell | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy5.

Error - 12/26/2010 8:49:52 AM | Computer Name = Doug-Dell | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy14.

Error - 12/26/2010 8:49:54 AM | Computer Name = Doug-Dell | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy22.

Error - 12/26/2010 8:49:56 AM | Computer Name = Doug-Dell | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy22.

Error - 12/26/2010 8:49:58 AM | Computer Name = Doug-Dell | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy22.

Error - 12/26/2010 8:49:59 AM | Computer Name = Doug-Dell | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy22.

Error - 12/26/2010 8:50:01 AM | Computer Name = Doug-Dell | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy22.


< End of report >

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:03 AM

Posted 27 December 2010 - 06:27 PM

Remnants of a TDSS attack. Please open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:files
C:\Windows\tasks\At*.job
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Now rerun the OTL program as a scan to produce a log as you did the first time.
Posted Image
m0le is a proud member of UNITE

#8 dpberry

dpberry
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
    •  
  • Local time:04:03 AM

Posted 28 December 2010 - 04:35 PM

========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.18.0 log created on 12282010_163353

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:03 AM

Posted 28 December 2010 - 05:26 PM

We are going to run chkdsk which will verify and repair the file system

Step One: Click Windows, type chkdsk

Step Two: Right click the chkdsk.exe file and right-click the mouse

Step Three: Choose Run as Adminstrator

Step Four: Run the chkdsk utility by typing in the following command:

chkdsk /f /r

NOTE: The /f command automatically fixes any errors encountered, the /r command locates bad sectors and recovers readable information.

Step Five: A reboot is normally required for the chkdsk program to lock the disk and run correctly (this is typical on machines that have only one volume), so simply restart the computer and chkdsk will run automatically. When it's finished, (This process can take quite a while depending on the size of your disk, etc.), it will boot back to normal Windows.

On Rebooting the PC you will see the disk being checked.

This process will take, on average, about an hour.

A great tutorial for this is here
Posted Image
m0le is a proud member of UNITE

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:03 AM

Posted 30 December 2010 - 07:32 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,

m0le
Posted Image
m0le is a proud member of UNITE

#11 dpberry

dpberry
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
    •  
  • Local time:04:03 AM

Posted 30 December 2010 - 08:04 PM

Everything seems to be working great. Wanted to test it for a couple of days. Thank you very much.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:03 AM

Posted 30 December 2010 - 08:07 PM

No problem. :)

Let's do a quick clear up...

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

1. Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.

2. In the left pane, click System protection. If you're prompted for an administrator password or confirmation, type the
password or provide confirmation.

3. Click the System Protection tab, and then click Create.

4. In the System Protection dialog box, type a description, and then click Create.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it dpberry, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#13 dpberry

dpberry
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
    •  
  • Local time:04:03 AM

Posted 31 December 2010 - 09:00 AM

I am getting redirected by every Google search to totally unrelated sites. I am posting the DDS logs.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Doug at 8:50:57.19 on Fri 12/31/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2943.1704 [GMT -5:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\InstantBurn\Win2K\IBurn.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Doug\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Button Manager\BM.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroBroker.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Doug\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ca.finance.yahoo.com/
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [cdloader] "c:\users\doug\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [SansaDispatch] c:\users\doug\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [pdfFactory Pro Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [InstantBurn] c:\progra~1\cyberl~1\instan~1\win2k\IBurn.exe
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventr~1.lnk - c:\program files\the print shop 23\Remind.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpbutt~1.lnk - c:\program files\hp\button manager\BM.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {BB608966-BC14-4875-9F63-853E5851A2B6} - hxxp://download.microsoft.com/download/C/3/0/C30CEB8E-483C-471A-B066-1E8B13AAD093/pmupd806.exe
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2009-12-1 902432]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-21 165584]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2009-12-6 15784]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/02 11:41:56];c:\program files\cyberlink\powerdvd9\000.fcl [2009-9-1 87536]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2009-12-1 2326920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-21 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-21 50768]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-8-28 20376]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-21 40384]
R2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-23 127352]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2009-12-6 163368]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-9-9 14976]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2010-1-4 104960]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2009-12-1 159168]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-1-4 17408]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-21 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-21 40384]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-8-17 193640]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 NETGEARUCOMP;NETGEAR Network USB Composite Device;c:\windows\system32\drivers\NETGEARUCOMP.sys [2009-10-28 14336]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PCAMp50.sys [2006-11-28 28224]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2009-12-1 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2009-12-1 11088]
S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2007-12-14 5120]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\common files\surething shared\stllssvr.exe [2006-11-1 74392]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2009-1-7 47360]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-17 1343400]

=============== Created Last 30 ================

2010-12-31 12:53:09 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-12-31 12:52:08 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-12-31 12:52:08 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-12-31 12:52:08 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-12-31 12:52:08 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-12-31 12:52:08 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-12-31 00:14:26 -------- d-----w- C:\$WINDOWS.~LS
2010-12-31 00:12:51 -------- d-----w- C:\$UPGRADE.~OS
2010-12-31 00:05:14 -------- d-----w- C:\$WINDOWS.~BT
2010-12-30 14:20:07 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-12-30 14:20:06 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-12-30 14:20:05 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-12-30 14:20:05 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-12-30 14:18:59 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-12-30 14:06:47 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-12-30 14:06:45 132608 ----a-w- c:\windows\system32\cabview.dll
2010-12-30 13:26:58 -------- d-sh--w- C:\found.000
2010-12-22 01:40:11 -------- d-----w- c:\windows\Panther
2010-12-22 01:37:33 -------- d-----w- c:\program files\Microsoft Games
2010-12-22 00:39:21 57344 ----a-w- c:\users\doug\appdata\roaming\host
2010-12-22 00:00:50 -------- d-----w- c:\windows\system32\wbem\Performance
2010-12-21 22:47:11 -------- d-----w- c:\windows\system32\URTTEMP
2010-12-21 22:46:13 -------- d-----w- c:\windows\system32\sda
2010-12-21 22:45:39 -------- d-----w- c:\program files\Realtek
2010-12-21 22:45:38 -------- d-----w- c:\windows\system32\RTCOM
2010-12-21 22:44:15 -------- d-sh--w- c:\windows\Installer
2010-12-21 22:44:00 -------- d-----w- c:\progra~2\NVIDIA Corporation
2010-12-21 22:43:57 -------- d-----w- c:\program files\NVIDIA Corporation
2010-12-21 22:43:50 604776 ----a-w- c:\windows\system32\nvuninst.exe
2010-12-21 15:13:12 -------- d-s---w- C:\ComFix
2010-12-21 13:52:13 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-21 13:51:24 38848 ----a-w- c:\windows\avastSS.scr
2010-12-21 13:51:22 -------- d-----w- c:\progra~2\Alwil Software
2010-12-21 13:06:05 -------- d-----w- c:\program files\Total Uninstall 5
2010-12-21 13:05:51 -------- d-----w- c:\progra~2\Martau
2010-12-21 12:45:19 -------- d-----w- c:\program files\VS Revo Group
2010-12-21 12:36:48 -------- dc----w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-20 02:00:45 -------- d-----w- c:\program files\Search Toolbar
2010-12-20 02:00:09 126464 --sha-r- c:\windows\system32\C_20838A.dll
2010-12-19 20:10:30 0 --sh--w- c:\windows\SA38F75C6.tmp
2010-12-08 13:53:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-08 13:53:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-08 13:53:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-08 13:53:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-08 13:53:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-08 13:53:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-08 13:53:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-07 19:59:16 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{0dfb5d79-9a13-4905-b837-b317d79e482c}\mpengine.dll

==================== Find3M ====================

2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 03:00:24 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-10-19 20:51:33 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll
2009-01-13 19:45:08 81920 ----a-w- c:\program files\common files\WIZ1x0SR_105SR_CFG.exe
2008-11-19 02:19:16 336 ----a-w- c:\program files\temp995.bat
2006-12-01 10:54:32 626688 ----a-w- c:\program files\common files\MSVCR80.dll

============= FINISH: 8:53:25.46 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/21/2010 6:57:46 PM
System Uptime: 12/31/2010 8:01:40 AM (0 hours ago)

Motherboard: ASUSTek Computer INC. | | NARRA
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 153.154 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
Q: is FIXED (NTFS) - 932 GiB total, 731.138 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&2A517153&0&3
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&2A517153&0&3
Service:

==== System Restore Points ===================

RP4: 12/31/2010 7:42:31 AM - Windows Update

==== Installed Programs ======================

.NET Utilities
µTorrent
32 Bit HP CIO Components Installer
ACDSee 10 Photo Manager
Acronis True Image Home
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft WebCam Companion 3
AutoUpdate
avast! Free Antivirus
AVI to DVD Converter
BayGenie eBay Auction Sniper Pro Edition 3.3.1.0
BlackBerry Desktop Software 4.2
BufferChm
C5500
CCScore
CinemaNow Media Manager
Cisco Network Magic
CloneCD
ConvertXtoDVD 4.0.3.313
CyberLink DVD Menu Template Pack
CyberLink InstantBurn
CyberLink LabelPrint
CyberLink Media Suite
CyberLink MediaShow
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerBackup
CyberLink PowerDirector
CyberLink PowerDVD 9
CyberLink PowerDVD Copy
CyberLink PowerProducer
CyberLink WaveEditor
DataPilot
Destinations
DeviceDiscovery
DivX
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
DocProc
DocProcQFolder
Driver Genius Professional Edition v9.0.0.182
DriverAgent by eSupport.com
DVDFab 6.0.2.0 (June 24, 2009)
EMC 10 Content
Enhanced Multimedia Keyboard Solution
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
F4100
F4100_Help
Garmin City Navigator North America NT 2010.20
Garmin Communicator Plugin
Garmin MapSource
Garmin USB Drivers
Garmin WebUpdater
GPBaseService2
Hardware Diagnostic Tools
HP Advisor
HP Button Manager
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 13.0
HP Deskjet All-In-One Software 8.0
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Imaging Device Functions 13.0
HP On-Screen Caps/Num/Scroll Lock Indicator
HP Photosmart C5500 All-In-One Driver Software 13.0 Rel. 4
HP Photosmart Essential 3.5
HP Picasso Media Center Add-In
HP Product Detection
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HP Webcam User's Guide
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
ImgBurn
InFlac 1.1.1
Java™ 6 Update 15
Kodak EasyShare software
LaCie USB2 Storage Driver
LG USB Modem driver
LightScribe System Software
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Harmony Remote Software 7
Magic FLAC to MP3 Converter 3.71
Magic ISO Maker v5.4 (build 0251)
magicJack Outlook Add-In 1.0.3.521
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Move Networks Media Player for Internet Explorer
Mp3tag v2.45a
MSN Money Investment Toolbox
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 5.0
My HP Games
netbrdg
Network Magic
NVIDIA Display Control Panel
NVIDIA Drivers
OCR Software by I.R.I.S. 11.0
OfotoXMI
OGA Notifier 2.0.0048.0
Partition Wizard Home Edition 4.2
pdfFactory Pro
PFConfig 1.0.275
PowerISO
PS_AIO_04_C5500_Software_Min
Pure Networks Platform
Python 2.4.3
Quicken WillMaker Plus 2009
QuickTime
Rawether
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Remote Control USB Driver
Rhapsody Player Engine
Roxio Activation Module
Sansa Updater
Satellite Finder 4.0
Scan
Search Toolbar
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SFR
SHASTA
Shockwave
Shop for HP Supplies
skin0001
SKINXSDK
Skype web features
Skype™ 4.1
SmartWebPrinting
Soft Data Fax Modem with SmartCP
SolutionCenter
staticcr
Status
SureThing CD Labeler Deluxe 5
SureThing CD Labeler Deluxe 5.0.593.0
Susteen Launcher
TaxCut Connecticut 2008
TaxCut Massachusetts 2008
TaxCut Premium + State + Efile 2008
The Print Shop 23
The Rosetta Stone
Toolbox
Total Uninstall 5.5.1
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2466076)
User State Migration Tools version 3.0.1
Virtual Earth 3D (Beta)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
WBFS Manager 3.0
WebEx Support Manager for Internet Explorer
WebReg
Winamp
Windows 7 Upgrade Advisor
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Live ID Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
WIRELESS
WIZ1x0_105SR Configtool
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/31/2010 8:52:23 AM, Error: nvstor32 [3] - Data error on device. Device: \Device\RaidPort0 Model: SAMSUNG SP2504C Firmware Version: VT10 Serial Number: S0WQJ1GP308484 Port: 0
12/31/2010 7:46:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB981332).
12/31/2010 7:44:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
12/30/2010 9:10:59 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.

==== End Of File ===========================

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,960 posts
  • OFFLINE
    •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:03 AM

Posted 31 December 2010 - 05:46 PM

Hello dpberry,

I merged your new topic to your previously existing topic. Please note, it is imperative that you not do things on your own and that you let your helper know what you are doing and not simply disappear.

Back to you m0le,
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#15 dpberry

dpberry
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
    •  
  • Local time:04:03 AM

Posted 31 December 2010 - 06:07 PM

The second set is on my other computer so that is why I had started a new topic. But I can follow it here as well.
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·