Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect malware


  • Please log in to reply
10 replies to this topic

#1 The B

The B

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Winnipeg, Canada
  • Local time:05:07 AM

Posted 14 January 2011 - 03:08 PM

I have been having problems with google redirects to commercial sites. There seem to be about 4 or 5 different sites. I can try to get the names if they would be helpful.
I have done all preliminary steps. and ran the DDR program which produced the two logs. They are attached as per instructions.
Hope I can resolve this irritating hijack of searchs.
Any help greatly appreciated.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Bernie at 10:51:43.27 on Fri 01/14/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1731 [GMT -6:00]

AV: Kaspersky Internet Security *Enabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
SP: Kaspersky Internet Security *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Password Manager\stpass.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Bernie\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Bernie\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = proxy.wp.shawcable.net:8080
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MRC] "c:\program files\pc tune-up\PCTuneUp.exe" /MBRSTART
uRun: [KasperskyPasswordManager] c:\program files\kaspersky lab\kaspersky password manager\stpass.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [CTRegRun] c:\windows\CTRegRun.EXE
mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\bernie\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\bernie\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\bernie\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\quickcam\eReg.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll, c:\progra~1\kasper~1\kasper~1\adialhk.dll, c:\progra~1\kasper~1\kasper~1\kloehk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\bernie\appdata\roaming\mozilla\firefox\profiles\y1z276jw.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\bernie\appdata\roaming\kaspersky lab\kaspersky password manager\spautofill\components\spAutofill.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Ext: Google Shortcuts: {5C46D283-ABDE-4dce-B83C-08881401921C} - %profile%\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: eSnipe.com SnipeIt!: esnipesnipeit@esnipe.com - %profile%\extensions\esnipesnipeit@esnipe.com
FF - Ext: Password Manager Autofill Engine: {72CA2996-F580-47DF-98FF-0B853D09CEC8} - c:\users\bernie\appdata\roaming\kaspersky lab\kaspersky password manager\spAutofill

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);
============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};c:\program files\cyberlink\powerdvd dx\000.fcl [2009-4-18 41456]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-11-11 208616]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-7-2 234888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9e080ea3ad5cc;Google Update Service (gupdate1c9e080ea3ad5cc);c:\program files\google\update\GoogleUpdate.exe [2009-5-29 133104]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;c:\users\bernie\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\bernie\appdata\local\temp\dx9\SessionLauncher.exe [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================

2011-01-12 20:40:50 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-01-12 20:40:50 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 20:40:49 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-01-12 20:40:49 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-12 20:40:49 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-01-12 20:40:49 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-12 20:40:47 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-06 21:05:33 -------- d-----w- c:\users\bernie\appdata\roaming\Softplicity
2011-01-06 21:05:26 -------- d-----w- c:\program files\TotalAudioConverter
2011-01-06 15:26:01 2 --shatr- c:\windows\winstart.bat
2011-01-06 15:25:50 -------- d-----w- c:\program files\UnHackMe
2011-01-05 21:00:51 -------- d-----w- c:\users\bernie\appdata\roaming\Malwarebytes
2011-01-05 21:00:47 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-26 16:48:28 -------- d-----w- c:\program files\Litsoft

==================== Find3M ====================

2010-12-06 22:10:52 54784 --sha-r- c:\windows\system32\acppageq.dll
2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-13 00:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-21 20:08:42 834048 ----a-w- c:\windows\system32\wininet.dll
2010-10-21 18:30:50 389632 ----a-w- c:\windows\system32\html.iec
2010-10-20 17:41:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 10:53:10.88 ===============

Attached Files


Edited by Noviciate, 14 January 2011 - 03:14 PM.
Added log from attachment.


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:07 AM

Posted 19 January 2011 - 02:59 PM

Hello, and :welcome: to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Watch Topic. By clicking this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. :)

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the "Custom Scans/Fixes" section paste in the below in bold


    netsvc
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav

  • Push the Posted Image button.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into the body of your next reply.

***************************************************

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.log" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and copy/paste its contents in your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try unchecking the Devices box in addition to the others previously requested. Also, try running GMER in Safe Mode.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


~Blade


In your next reply, please include the following:
OTL.txt
Extras.txt
Gmer.log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:07 AM

Posted 23 January 2011 - 02:05 AM

Due to lack of feedback, this topic is now Closed

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:07 AM

Posted 09 February 2011 - 12:18 PM

Topic reopened at OP request.

Please follow the instructions detailed above.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 The B

The B
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Winnipeg, Canada
  • Local time:05:07 AM

Posted 09 February 2011 - 01:30 PM

Blade I have not pasted in any notepad contents because the OTL stops, or gets hung up on 'scanning Firefox settings, I have waited for over an hour to see if there seem to be any changes or text production, but none. As soon as I touch the dialog box I get a message that the 'program is not responding'
I've done this twice. What next" BTW thanks for re-opening the topic, much appreciated----B.

#6 The B

The B
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Winnipeg, Canada
  • Local time:05:07 AM

Posted 10 February 2011 - 01:57 PM

OTL logfile created on: 2/9/2011 3:48:37 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Bernie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
8.00 Gb Paging File | 8.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): c:\pagefile.sys 4987 540000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 495.84 Gb Free Space | 70.97% Space Free | Partition Type: NTFS

Computer Name: BERNIE-PC | User Name: Bernie | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/09 11:27:57 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Bernie\Desktop\OTL.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/02/09 11:27:57 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Bernie\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/21 14:09:44 | 000,025,824 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/06/21 09:47:18 | 000,014,088 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/21 07:20:56 | 000,208,616 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP)
SRV - [2009/04/19 12:34:55 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2009/04/18 14:33:33 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2009/04/10 12:50:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/02 11:47:04 | 000,234,888 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/10/09 08:07:56 | 000,107,912 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/05/14 11:32:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/05/14 11:32:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/05/14 11:31:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV - [2009/04/19 12:34:55 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/04/10 22:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/10 22:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/04/10 10:01:11 | 000,239,120 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2009/04/10 10:01:11 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Stopped] -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2008/12/17 00:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/16 23:54:30 | 000,495,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2008/12/16 20:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/07/21 18:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2008/07/09 18:28:26 | 000,020,496 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2008/06/03 07:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/13 19:02:46 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\klfltdev.sys -- (KLFLTDEV)
DRV - [2008/02/26 10:19:00 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2008/01/20 20:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 20:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 20:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 20:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 20:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 20:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 20:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 20:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 20:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 20:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 20:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 20:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 20:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 20:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 20:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 20:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 20:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 20:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 20:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 20:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 20:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 20:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 20:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 20:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2004/10/07 11:21:22 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-866682669-2464514361-3710100376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-866682669-2464514361-3710100376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-866682669-2464514361-3710100376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-866682669-2464514361-3710100376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-866682669-2464514361-3710100376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.wp.shawcable.net:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {72CA2996-F580-47DF-98FF-0B853D09CEC8}:4.0.116
FF - prefs.js..extensions.enabledItems: esnipesnipeit@esnipe.com:1.1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/18 13:59:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/18 13:59:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009/04/10 10:59:59 | 000,000,000 | ---D | M]

[2009/04/10 12:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernie\AppData\Roaming\Mozilla\Extensions
[2011/02/09 11:49:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernie\AppData\Roaming\Mozilla\Firefox\Profiles\y1z276jw.default\extensions
[2010/04/27 15:44:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bernie\AppData\Roaming\Mozilla\Firefox\Profiles\y1z276jw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/11 07:52:01 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Users\Bernie\AppData\Roaming\Mozilla\Firefox\Profiles\y1z276jw.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
[2010/08/16 15:15:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Bernie\AppData\Roaming\Mozilla\Firefox\Profiles\y1z276jw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/02 10:39:29 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Bernie\AppData\Roaming\Mozilla\Firefox\Profiles\y1z276jw.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/12/21 14:41:16 | 000,000,000 | ---D | M] (eSnipe.com SnipeIt!) -- C:\Users\Bernie\AppData\Roaming\Mozilla\Firefox\Profiles\y1z276jw.default\extensions\esnipesnipeit@esnipe.com
[2011/01/03 13:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/13 09:01:21 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/28 09:10:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/15 06:47:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/16 15:34:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/03 13:02:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/08/22 14:32:24 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
[2010/11/18 14:39:40 | 000,000,000 | ---D | M] (Password Manager Autofill Engine) -- C:\USERS\BERNIE\APPDATA\ROAMING\KASPERSKY LAB\KASPERSKY PASSWORD MANAGER\SPAUTOFILL
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/01/12 19:36:38 | 000,056,976 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-866682669-2464514361-3710100376-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-866682669-2464514361-3710100376-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CTRegRun] C:\Windows\Ctregrun.exe (Creative Technology Ltd )
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor Corporation)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-866682669-2464514361-3710100376-1000..\Run: [KasperskyPasswordManager] C:\Program Files\Kaspersky Lab\Kaspersky Password Manager\stpass.exe (Kaspersky Lab)
O4 - HKU\S-1-5-21-866682669-2464514361-3710100376-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Users\Bernie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bernie\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Bernie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (Leader Technologies/Logitech)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{322ac95c-26be-11de-b9ef-001ec9329fbf}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{e4538984-2607-11de-9f5d-001ec9329fbf}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O33 - MountPoints2\E\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/02/09 11:27:57 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Bernie\Desktop\OTL.exe
[2011/02/08 11:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MemeoCommon
[2011/02/08 11:17:36 | 000,000,000 | ---D | C] -- C:\Users\Bernie\AppData\Roaming\Memeo
[2011/02/08 11:07:08 | 000,000,000 | ---D | C] -- C:\Users\Bernie\AppData\Roaming\Seagate
[2011/02/08 11:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
[2011/02/08 11:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
[2011/02/08 11:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Memeo
[2011/02/08 11:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo
[2011/02/08 11:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2011/02/08 08:24:57 | 000,000,000 | ---D | C] -- C:\Users\Bernie\Desktop\JR
[2011/02/07 15:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/02/07 15:32:45 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Users\Bernie\Desktop\FileFormatConverters.exe
[2011/02/07 09:39:31 | 000,000,000 | ---D | C] -- C:\Users\Bernie\Documents\Smart CD Catalog PRO
[2011/02/07 09:38:51 | 002,262,960 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v13.0.0.ocx
[2011/02/07 09:38:51 | 001,779,632 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.Controls.v13.0.0.ocx
[2011/02/07 09:38:50 | 000,800,688 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.DockingPane.v13.0.0.ocx
[2011/02/07 09:38:50 | 000,526,256 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.SkinFramework.v12.0.2.ocx
[2011/02/07 09:38:50 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2011/02/07 09:38:49 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL
[2011/02/07 09:31:47 | 006,249,994 | ---- | C] (Abaiko Software ) -- C:\Users\Bernie\Desktop\smart-cd-catalog-pro.exe
[2011/01/26 10:35:56 | 000,000,000 | ---D | C] -- C:\Users\Bernie\AppData\Roaming\Apple Computer
[2011/01/26 10:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/26 10:35:28 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/01/26 10:35:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/01/26 10:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/26 10:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/26 10:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/26 10:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/01/21 13:05:46 | 009,644,752 | ---- | C] (Softplicity, Inc. ) -- C:\Users\Bernie\Documents\TotalAudioConverter.exe
[2011/01/18 13:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster
[2011/01/18 13:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Napster Shared
[2011/01/18 13:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Napster
[2011/01/18 13:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\Napster
[2011/01/12 14:40:50 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/01/12 14:40:47 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[1 C:\Users\Bernie\AppData\Local\*.tmp files -> C:\Users\Bernie\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/09 15:46:08 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/09 15:46:08 | 000,103,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/09 15:41:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/09 15:40:37 | 012,282,400 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2011/02/09 15:40:37 | 001,450,016 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat
[2011/02/09 15:40:37 | 000,098,084 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2011/02/09 15:40:37 | 000,007,084 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx
[2011/02/09 15:38:27 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/09 15:38:08 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/09 15:38:08 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/09 15:38:07 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\otlqh.job
[2011/02/09 15:36:23 | 000,706,741 | ---- | M] () -- C:\Users\Bernie\Desktop\Area Perforation.dwg
[2011/02/09 15:09:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/09 14:02:31 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CD2FF3D3-360C-49C4-8E54-059A8142464D}.job
[2011/02/09 11:27:57 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Bernie\Desktop\OTL.exe
[2011/02/09 11:27:32 | 000,034,304 | ---- | M] () -- C:\Users\Bernie\Desktop\Save it to your desktop.doc
[2011/02/09 09:19:09 | 000,026,112 | ---- | M] () -- C:\Users\Bernie\Desktop\Full Hard Disk Recovery.doc
[2011/02/09 06:31:13 | 000,007,620 | ---- | M] () -- C:\Users\Bernie\AppData\Local\d3d9caps.dat
[2011/02/08 16:21:35 | 000,037,376 | ---- | M] () -- C:\Users\Bernie\Desktop\P0x3.doc
[2011/02/08 11:06:54 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2011/02/08 06:14:07 | 000,018,432 | ---- | M] () -- C:\Users\Bernie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/07 16:56:28 | 000,404,992 | ---- | M] () -- C:\Users\Bernie\Desktop\BIF Macro.xls
[2011/02/07 16:21:46 | 000,019,968 | ---- | M] () -- C:\Users\Bernie\Desktop\Macro for Bifurcation.doc
[2011/02/07 15:33:08 | 038,808,920 | ---- | M] (Microsoft Corporation) -- C:\Users\Bernie\Desktop\FileFormatConverters.exe
[2011/02/07 09:38:51 | 000,000,957 | ---- | M] () -- C:\Users\Bernie\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart CD Catalog PRO.lnk
[2011/02/07 09:31:51 | 006,249,994 | ---- | M] (Abaiko Software ) -- C:\Users\Bernie\Desktop\smart-cd-catalog-pro.exe
[2011/02/05 09:22:22 | 000,002,106 | ---- | M] () -- C:\Users\Bernie\Desktop\Nov3005.puz
[2011/02/05 09:22:22 | 000,000,535 | ---- | M] () -- C:\Users\Bernie\Desktop\score.dat
[2011/02/03 11:15:13 | 000,013,824 | ---- | M] () -- C:\Users\Bernie\Desktop\scale of army navy perf.xls
[2011/02/03 10:39:17 | 000,705,179 | ---- | M] () -- C:\Users\Bernie\Desktop\Area Perforation.bak
[2011/02/03 10:24:38 | 006,602,316 | ---- | M] () -- C:\Users\Bernie\Desktop\Army Navy Perforated Image.jpg
[2011/02/03 10:24:38 | 000,704,509 | ---- | M] () -- C:\Users\Bernie\Desktop\Army Navy Perforation.bak
[2011/02/01 15:26:46 | 000,030,720 | ---- | M] () -- C:\Users\Bernie\Desktop\periods.xls
[2011/02/01 15:26:38 | 000,051,200 | ---- | M] () -- C:\Users\Bernie\Desktop\DYNAMIC.XLS
[2011/01/31 16:25:18 | 000,205,824 | ---- | M] () -- C:\Users\Bernie\Desktop\Ch2.doc
[2011/01/29 17:04:56 | 000,019,968 | ---- | M] () -- C:\Users\Bernie\Desktop\Format To Iterate For CHAOS Calculation.doc
[2011/01/29 16:49:47 | 000,215,892 | ---- | M] () -- C:\Users\Bernie\Desktop\chaos.pdf
[2011/01/24 08:42:57 | 000,271,211 | ---- | M] () -- C:\Users\Bernie\Desktop\Smithsonian Apple.jpg
[2011/01/21 13:08:24 | 001,176,576 | ---- | M] () -- C:\Windows\is-VIQ6G.exe
[2011/01/21 13:08:24 | 000,021,031 | ---- | M] () -- C:\Windows\is-VIQ6G.msg
[2011/01/21 13:08:24 | 000,000,390 | ---- | M] () -- C:\Windows\is-VIQ6G.lst
[2011/01/19 13:01:31 | 000,223,489 | ---- | M] () -- C:\Users\Bernie\Desktop\RadioOneWinter2011.pdf
[2011/01/15 14:26:59 | 000,734,457 | ---- | M] () -- C:\Users\Bernie\Desktop\Elliot Erwitt.pdf
[2011/01/15 14:06:08 | 000,016,537 | ---- | M] () -- C:\Users\Bernie\Desktop\Roman14-20.pdf
[2011/01/14 16:14:58 | 000,293,746 | ---- | M] () -- C:\Users\Bernie\Desktop\WeatherBug.Gadget
[2011/01/14 15:45:15 | 000,885,760 | ---- | M] () -- C:\Users\Bernie\Desktop\WindowsSideShowManagedRuntime.msi
[2011/01/14 10:50:38 | 000,624,128 | ---- | M] () -- C:\Users\Bernie\Desktop\dds.com
[2011/01/13 15:24:58 | 000,000,000 | ---- | M] () -- C:\Users\Bernie\defogger_reenable
[2011/01/13 15:23:47 | 000,050,477 | ---- | M] () -- C:\Users\Bernie\Desktop\Defogger.exe
[1 C:\Users\Bernie\AppData\Local\*.tmp files -> C:\Users\Bernie\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/09 15:36:23 | 000,705,179 | ---- | C] () -- C:\Users\Bernie\Desktop\Area Perforation.bak
[2011/02/09 13:05:27 | 000,706,741 | ---- | C] () -- C:\Users\Bernie\Desktop\Area Perforation.dwg
[2011/02/09 11:27:31 | 000,034,304 | ---- | C] () -- C:\Users\Bernie\Desktop\Save it to your desktop.doc
[2011/02/09 09:19:09 | 000,026,112 | ---- | C] () -- C:\Users\Bernie\Desktop\Full Hard Disk Recovery.doc
[2011/02/08 11:06:54 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2011/02/07 16:56:28 | 000,404,992 | ---- | C] () -- C:\Users\Bernie\Desktop\BIF Macro.xls
[2011/02/07 16:21:46 | 000,019,968 | ---- | C] () -- C:\Users\Bernie\Desktop\Macro for Bifurcation.doc
[2011/02/05 05:56:05 | 000,002,106 | ---- | C] () -- C:\Users\Bernie\Desktop\Nov3005.puz
[2011/02/03 10:39:17 | 000,704,509 | ---- | C] () -- C:\Users\Bernie\Desktop\Army Navy Perforation.bak
[2011/02/03 10:39:05 | 000,013,824 | ---- | C] () -- C:\Users\Bernie\Desktop\scale of army navy perf.xls
[2011/02/03 10:24:37 | 006,602,316 | ---- | C] () -- C:\Users\Bernie\Desktop\Army Navy Perforated Image.jpg
[2011/02/01 15:26:46 | 000,030,720 | ---- | C] () -- C:\Users\Bernie\Desktop\periods.xls
[2011/02/01 15:26:38 | 000,051,200 | ---- | C] () -- C:\Users\Bernie\Desktop\DYNAMIC.XLS
[2011/01/31 16:25:18 | 000,205,824 | ---- | C] () -- C:\Users\Bernie\Desktop\Ch2.doc
[2011/01/29 17:04:56 | 000,019,968 | ---- | C] () -- C:\Users\Bernie\Desktop\Format To Iterate For CHAOS Calculation.doc
[2011/01/29 16:49:47 | 000,215,892 | ---- | C] () -- C:\Users\Bernie\Desktop\chaos.pdf
[2011/01/24 08:42:53 | 000,271,211 | ---- | C] () -- C:\Users\Bernie\Desktop\Smithsonian Apple.jpg
[2011/01/23 09:28:15 | 000,000,535 | ---- | C] () -- C:\Users\Bernie\Desktop\score.dat
[2011/01/21 13:08:24 | 001,176,576 | ---- | C] () -- C:\Windows\is-VIQ6G.exe
[2011/01/21 13:08:24 | 000,021,031 | ---- | C] () -- C:\Windows\is-VIQ6G.msg
[2011/01/21 13:08:24 | 000,000,390 | ---- | C] () -- C:\Windows\is-VIQ6G.lst
[2011/01/19 13:01:31 | 000,223,489 | ---- | C] () -- C:\Users\Bernie\Desktop\RadioOneWinter2011.pdf
[2011/01/15 14:26:59 | 000,734,457 | ---- | C] () -- C:\Users\Bernie\Desktop\Elliot Erwitt.pdf
[2011/01/15 14:06:08 | 000,016,537 | ---- | C] () -- C:\Users\Bernie\Desktop\Roman14-20.pdf
[2011/01/14 16:14:58 | 000,293,746 | ---- | C] () -- C:\Users\Bernie\Desktop\WeatherBug.Gadget
[2011/01/14 15:45:15 | 000,885,760 | ---- | C] () -- C:\Users\Bernie\Desktop\WindowsSideShowManagedRuntime.msi
[2011/01/14 10:50:37 | 000,624,128 | ---- | C] () -- C:\Users\Bernie\Desktop\dds.com
[2011/01/13 15:24:58 | 000,000,000 | ---- | C] () -- C:\Users\Bernie\defogger_reenable
[2011/01/13 15:23:47 | 000,050,477 | ---- | C] () -- C:\Users\Bernie\Desktop\Defogger.exe
[2011/01/13 11:26:37 | 000,037,376 | ---- | C] () -- C:\Users\Bernie\Desktop\P0x3.doc
[2010/12/06 16:10:52 | 000,054,784 | RHS- | C] () -- C:\Windows\System32\acppageq.dll
[2010/06/01 07:46:02 | 000,077,447 | ---- | C] () -- C:\Windows\dkxpt.ini
[2009/12/22 11:34:47 | 000,000,035 | ---- | C] () -- C:\Windows\render.ini
[2009/09/17 05:15:33 | 000,013,576 | ---- | C] () -- C:\Windows\System32\syscorecfg256.dll
[2009/09/17 05:15:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/28 13:14:34 | 000,018,432 | ---- | C] () -- C:\Users\Bernie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/21 15:23:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/21 15:16:37 | 000,081,110 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/04/19 12:45:26 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2009/04/19 12:45:25 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2009/04/19 12:45:25 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2009/04/10 14:48:45 | 000,079,360 | ---- | C] () -- C:\Windows\System32\acdbres.dll
[2009/04/10 13:20:55 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2009/04/10 13:16:24 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS61.DLL
[2009/04/10 12:55:11 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009/04/10 12:35:34 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/10 10:25:56 | 000,007,620 | ---- | C] () -- C:\Users\Bernie\AppData\Local\d3d9caps.dat
[2008/12/16 20:58:54 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008/12/16 20:50:56 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLgFT.dll
[2008/06/03 04:35:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2000/09/18 17:50:28 | 000,202,752 | ---- | C] () -- C:\Windows\System32\zlib.dll

========== LOP Check ==========

[2010/05/28 14:24:09 | 000,000,000 | ---D | M] -- C:\Users\Bernie\AppData\Roaming\Alibre Design
[2009/04/20 13:31:38 | 000,000,000 | ---D | M] -- C:\Users\Bernie\AppData\Roaming\Autodesk
[2009/09/11 11:47:16 | 000,000,000 | ---D | M] -- C:\Users\Bernie\AppData\Roaming\Canon
[2011/02/09 15:39:57 | 000,000,000 | ---D | M] -- C:\Users\Bernie\AppData\Roaming\Dropbox
[2009/04/28 11:12:41 | 000,000,000 | ---D | M] -- C:\Users\Bernie\AppData\Roaming\Jasc
[2009/04/18 11:50:55 | 000,000,000 | ---D | M] -- C:\Users\Bernie\AppData\Roaming\Leadertech
[2011/02/08 11:17:36 | 000,000,000 | ---D | M] -- C:\Users\Bernie\AppData\Roaming\Memeo
[2009/06/03 15:30:36 | 000,000,000 | ---D | M] -- C:\Users\Bernie\AppData\Roaming\Nikon
[2011/02/08 11:07:08 | 000,000,000 | ---D | M] -- C:\Users\Bernie\AppData\Roaming\Seagate
[2011/01/06 15:05:33 | 000,000,000 | ---D | M] -- C:\Users\Bernie\AppData\Roaming\Softplicity
[2011/02/09 15:40:26 | 000,000,000 | ---D | M] -- C:\Users\Bernie\AppData\Roaming\uTorrent
[2009/10/07 10:59:12 | 000,000,000 | ---D | M] -- C:\Users\Bernie\AppData\Roaming\YouSendIt
[2011/02/09 15:38:07 | 000,000,312 | -HS- | M] () -- C:\Windows\Tasks\otlqh.job
[2011/02/09 15:40:31 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/02/09 14:02:31 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CD2FF3D3-360C-49C4-8E54-059A8142464D}.job

========== Purity Check ==========



========== Custom Scans ==========


< netsvc >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 20:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/20 20:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 20:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 20:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 20:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/12/06 16:10:52 | 000,054,784 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\System32\acppageq.dll

< %systemroot%\Tasks\*.job /lockedfiles >
[2011/02/09 15:38:07 | 000,000,312 | -HS- | M] () Unable to obtain MD5 -- C:\Windows\Tasks\otlqh.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 21:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 21:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 21:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Alternate Data Streams ==========

@Alternate Data Stream - 789 bytes -> C:\Users\Bernie\Desktop\Emetrix Order Confirmation.eml:OECustomProperty
@Alternate Data Stream - 1221 bytes -> C:\Users\Bernie\Desktop\Smart CD Catalog (Professional Edition, Personal License) - Registration Information.eml:OECustomProperty

< End of report >
OTL Extras logfile created on: 2/9/2011 3:48:37 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Bernie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
8.00 Gb Paging File | 8.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): c:\pagefile.sys 4987 540000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 495.84 Gb Free Space | 70.97% Space Free | Partition Type: NTFS

Computer Name: BERNIE-PC | User Name: Bernie | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-866682669-2464514361-3710100376-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05AD8DC4-9DFE-41F5-B2FC-EC3DACA05156}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{13B61592-6A10-4FCC-AA6D-CE1CB446CE37}" = rport=139 | protocol=6 | dir=out | app=system |
"{18EA2332-9D4D-4FE9-B881-1ADD83E2DE59}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{20CDAD20-7D52-4A82-8B9C-D0C686D137D7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4EC44560-3A04-44B6-86EF-CD33EA6AC7EE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4EE06014-2BEA-43CD-A5E1-280F8AF82721}" = lport=137 | protocol=17 | dir=in | app=system |
"{5078DDFC-AC4E-459E-95C0-AEC9452EF988}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{579834F8-A351-4B01-8F82-6FDFCA931805}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{6250CD36-AD4C-4ED2-9C11-BB4334546173}" = lport=2869 | protocol=6 | dir=in | app=system |
"{68ABCAF9-AA85-4EC2-BEC8-A5285BB7CCDC}" = lport=445 | protocol=6 | dir=in | app=system |
"{72CB1F73-A0EA-45C7-A144-9EB8D1FDBDC8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{78C4E64A-F367-4094-A28E-D32112258842}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{89CFC6BE-C5BD-43F7-B06D-293552B462AC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{8AE8C94E-FEB7-4F84-A6F1-1F244BC5C852}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{913A6027-1997-48D7-801E-49BCBEA70BCC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{91B7E065-78EE-4727-9DD9-AADDEE171993}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{937B4D62-5FB0-42D3-9CAD-5FA2D6FA0AAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9E503940-3965-48EB-864A-7103BF9FB2BE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A0A80112-F890-4B9C-BA29-DBF552AE1780}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A82734EC-B2F4-4BDA-B1D4-A3F4B623F4AE}" = rport=137 | protocol=17 | dir=out | app=system |
"{B1FBED1B-AB4C-4495-81A7-4795DF8C3896}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{B567CC92-C5D8-4DF0-A68B-48A9E7848C76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B96ABCD2-82D5-484C-968C-B647AF92366E}" = lport=139 | protocol=6 | dir=in | app=system |
"{BB677C40-3B22-44B2-A8E4-48E4FDB8427F}" = rport=138 | protocol=17 | dir=out | app=system |
"{D6D4EEE0-5B9D-4CFC-A261-C5AE344F4C19}" = rport=445 | protocol=6 | dir=out | app=system |
"{DBFE7C2D-5334-4D16-A16D-7BE7ABC51999}" = lport=138 | protocol=17 | dir=in | app=system |
"{E36E1F42-38EC-49A8-87C7-1842A8E234A9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F577DFF7-E9D2-4E8F-9F9B-8BE50D004AF0}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0870629F-AAEA-4EFE-B238-04109737F341}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1A6731C5-2AD0-42D0-98B4-FD1AA4FFBDBF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1C1A1141-BEFE-4A3A-A0B8-B8FC727EB3B2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{46834D0E-DBCD-4526-A85C-6DA860F84ECC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47A71A4C-D840-4441-A915-01C6B95DC963}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{529549C2-B2E3-44FC-A398-5D18EF9EB7DF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{58A50BBE-90F0-46B0-8F26-5812CB1BBB3D}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{59D19BFF-43B6-4A94-9876-C385C00FCC14}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{81B89EC1-61E6-42EE-9152-81D51526978D}" = protocol=17 | dir=in | app=c:\users\bernie\appdata\roaming\dropbox\bin\dropbox.exe |
"{8985315D-51F4-44E8-A028-BE13505480F2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{91CE2190-5E49-450B-8A31-961581C66400}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{A9E4CB6E-0E8A-451B-8E1A-F5D8AF6DC89B}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{ACB70096-A29B-4BF8-8CF9-804F814D680F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B672BA03-887C-4059-8A5C-ACE71B36F2FF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BCECD0AC-974A-4BAC-8D7E-B632635DBA8B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D9735C04-3B97-4182-B33C-4F5604D0C934}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{E5E1E0D7-75D4-4432-9B19-9B7EB0545AEE}" = protocol=6 | dir=in | app=c:\users\bernie\appdata\roaming\dropbox\bin\dropbox.exe |
"{E68A35CD-8047-4FFB-867E-35B7AF75A999}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{FACE82F8-CC59-4D2E-843A-A43EA11B2A88}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9601" = CanoScan LiDE 700F Scanner Driver
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{231F68F4-70E4-41A6-BEDA-7E7934169B54}" = Maxtor OneTouch
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 23
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3516C69A-024D-42A8-B948-FFAA7B9CC49A}" = Windows SideShow Managed Runtime 1.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FB3647F-B6A6-46B4-8613-A09BCFAB80F0}" = Roxio Creator Premier 10
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{469EF13B-4AD0-48D7-AF89-6B92278293E2}" = Roxio Creator Premier
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{5653EDEC-7F32-4BAA-82CA-0503AE696E6F}" = Alibre Design
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-0101-0409-0000-0060B0CE6BBA}" = AutoCAD 2002
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CA9483A2-742A-4A72-881D-B81C6B1ACB3E}" = Google SketchUp Pro 7
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DCFBE5A8-555A-4AAD-97E5-936B564557E7}" = YouSendIt Express
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Premier
"{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}" = ArcSoft PhotoStudio 6
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"AccuRender 4.0" = AccuRender 4.0
"Across Lite 2.0" = Across Lite 2.0
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"AnswerWorks" = AnswerWorks Runtime
"Ask Toolbar_is1" = Ask Toolbar
"AudibleManager" = AudibleManager
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"Google Chrome" = Google Chrome
"InstallShield_{231F68F4-70E4-41A6-BEDA-7E7934169B54}" = Maxtor OneTouch
"InstallShield_{DCFBE5A8-555A-4AAD-97E5-936B564557E7}" = YouSendIt Express
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"Kaspersky Password Manager_is1" = Kaspersky Password Manager 4.0.0.133
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Mesh To Solid for AutoCAD_is1" = Mesh To Solid for AutoCAD
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"Ogg Codecs" = Ogg Codecs 0.81.15562
"Picasa 3" = Picasa 3
"PictureProject In Touch Downloader" = PictureProject In Touch Downloader 1.0
"RandyTab" = RandyTab
"Real Lives 2007" = Real Lives 2007
"RealPlayer 12.0" = RealPlayer
"Smart CD Catalog Professional_is1" = Smart CD Catalog 2.56.05 Professional
"SmoothMove™ Pan Viewer 5.0 release 1" = SmoothMove™ Pan Viewer 5.0 release 1
"SysInfo" = Creative System Information
"Total Audio Converter_is1" = TotalAudioConverter
"Volo View Express" = Volo View Express
"West_Point_Bridge_Designer_2007" = West Point Bridge Designer 2007
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WorldCAT®-CIF" = WorldCAT®-CIF
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-866682669-2464514361-3710100376-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/29/2010 8:31:34 AM | Computer Name = Bernie-PC | Source = EventSystem | ID = 4621
Description =

Error - 12/29/2010 10:03:31 AM | Computer Name = Bernie-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/29/2010 3:58:50 PM | Computer Name = Bernie-PC | Source = EventSystem | ID = 4621
Description =

Error - 12/29/2010 4:40:28 PM | Computer Name = Bernie-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/30/2010 1:49:42 AM | Computer Name = Bernie-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/30/2010 10:12:42 AM | Computer Name = Bernie-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/30/2010 3:25:47 PM | Computer Name = Bernie-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/31/2010 6:42:07 AM | Computer Name = Bernie-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/31/2010 11:29:13 AM | Computer Name = Bernie-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/1/2011 10:49:22 AM | Computer Name = Bernie-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2/9/2011 5:43:01 PM | Computer Name = Bernie-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/9/2011 5:43:01 PM | Computer Name = Bernie-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/9/2011 5:43:01 PM | Computer Name = Bernie-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/9/2011 5:43:01 PM | Computer Name = Bernie-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2/9/2011 5:43:01 PM | Computer Name = Bernie-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/9/2011 5:43:01 PM | Computer Name = Bernie-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/9/2011 5:43:04 PM | Computer Name = Bernie-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/9/2011 5:43:04 PM | Computer Name = Bernie-PC | Source = DCOM | ID = 10005
Description =

Error - 2/9/2011 5:43:04 PM | Computer Name = Bernie-PC | Source = DCOM | ID = 10005
Description =

Error - 2/9/2011 5:43:05 PM | Computer Name = Bernie-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-10 12:48:51
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST375063 rev.DE13
Running: hqo02up0.exe; Driver: C:\Users\Bernie\AppData\Local\Temp\pwryipog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x95E0F000, 0x205494, 0xE8000020]
C:\Program Files\CyberLink\PowerDVD DX\000.fcl entry point in "" section [0x857FE000]
.clc C:\Program Files\CyberLink\PowerDVD DX\000.fcl unknown last section [0x857FF000, 0x1000, 0x00000000]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Napster\napster.exe[796] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Napster\napster.exe[796] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[1244] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[1244] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1888] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1888] USER32.dll!SetScrollInfo + 7A8 76517980 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2636] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2636] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2992] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2992] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3128] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3128] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\Dwm.exe[3208] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Dwm.exe[3208] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\taskeng.exe[3276] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[3276] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Windows\Explorer.EXE[3388] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Windows\Explorer.EXE[3388] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[3564] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[3564] USER32.dll!SetScrollInfo + 7A8 76517980 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3592] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3592] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe[3692] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe[3692] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3716] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3716] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe[3736] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe[3736] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3760] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3760] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3804] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3804] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Sidebar\SideBar.exe[3816] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Sidebar\SideBar.exe[3816] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3840] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3840] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Program Files\uTorrent\uTorrent.exe[4144] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Program Files\uTorrent\uTorrent.exe[4144] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Sidebar\SideBar.exe[4192] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Sidebar\SideBar.exe[4192] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Windows\ehome\ehtray.exe[4200] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehtray.exe[4200] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Program Files\Kaspersky Lab\Kaspersky Password Manager\stpass.exe[4536] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Kaspersky Lab\Kaspersky Password Manager\stpass.exe[4536] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Program Files\Skype\Phone\Skype.exe[4580] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Skype\Phone\Skype.exe[4580] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe[4700] KERNEL32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe[4700] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Users\Bernie\AppData\Roaming\Dropbox\bin\Dropbox.exe[4840] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Users\Bernie\AppData\Roaming\Dropbox\bin\Dropbox.exe[4840] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Program Files\Memeo\AutoBackup\InstantBackup.exe[5516] KERNEL32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Memeo\AutoBackup\InstantBackup.exe[5516] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe[5552] KERNEL32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe[5552] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[6072] kernel32.dll!LoadLibraryExW 76399109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[6072] USER32.dll!LoadStringA 76506243 6 Bytes JMP 5F040F5A
---- Processes - GMER 1.0.15 ----

Library C:\ProgramData\Kaspersky (*** hidden *** ) @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [1888] 0x05220000

---- EOF - GMER 1.0.15 ----

#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:07 AM

Posted 10 February 2011 - 03:58 PM

Hello.

Download Combofix from any of the links below but rename it to renamed.exe before saving it to your desktop.


Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
  • Double click on renamed.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


~Blade


In your next reply, please include the following:
ComboFix log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#8 The B

The B
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Winnipeg, Canada
  • Local time:05:07 AM

Posted 11 February 2011 - 05:34 AM

I have downloaded ComboFix and renamed it. Also I have paused protection of Kaspersky Internet Security as per Bleeping Computer instructions but ComboFix Warns that Kaspersky antivirus and Kaspersky antispyware scanners were still working. Are you able to advise how these can be disabled so that I can proceed?

#9 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:07 AM

Posted 11 February 2011 - 12:36 PM

Please proceed with running ComboFix. If you've followed the instructions given then things should be fine.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#10 The B

The B
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Winnipeg, Canada
  • Local time:05:07 AM

Posted 12 February 2011 - 10:33 AM

ComboFix 11-02-09.05 - Bernie 02/12/2011 9:07.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1904 [GMT -6:00]
Running from: c:\users\Bernie\Desktop\renamed.exe
AV: Kaspersky Internet Security *Enabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
FW: Kaspersky Internet Security *Enabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
SP: Kaspersky Internet Security *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Bernie\AppData\Local\Temp\ppcrlui_2536_2
c:\windows\system32\twunk_32.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2011-01-12 to 2011-02-12 )))))))))))))))))))))))))))))))
.

2011-02-12 15:15 . 2011-02-12 15:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-12 15:15 . 2011-02-12 15:15 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-02-11 10:18 . 2011-02-11 10:19 -------- d-----w- C:\renamed
2011-02-10 12:40 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-10 12:40 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-10 12:40 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-10 12:40 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-08 17:21 . 2011-02-08 17:21 -------- d-----w- c:\programdata\MemeoCommon
2011-02-08 17:17 . 2011-02-08 17:17 -------- d-----w- c:\users\Bernie\AppData\Roaming\Memeo
2011-02-08 17:07 . 2011-02-08 17:07 -------- d-----w- c:\users\Bernie\AppData\Roaming\Seagate
2011-02-08 17:06 . 2011-02-08 17:06 -------- d-----w- c:\program files\Common Files\Memeo
2011-02-08 17:06 . 2011-02-08 17:06 -------- d-----w- c:\program files\Memeo
2011-02-08 17:05 . 2011-02-08 17:05 -------- d-----w- c:\program files\Seagate
2011-02-07 21:35 . 2011-02-07 21:35 -------- d-----w- c:\program files\MSECache
2011-02-07 15:38 . 2009-02-09 23:29 2262960 ----a-w- c:\windows\system32\Codejock.CommandBars.v13.0.0.ocx
2011-02-07 15:38 . 2009-02-09 23:29 1779632 ----a-w- c:\windows\system32\Codejock.Controls.v13.0.0.ocx
2011-02-07 15:38 . 2009-02-09 23:29 800688 ----a-w- c:\windows\system32\Codejock.DockingPane.v13.0.0.ocx
2011-02-07 15:38 . 2008-08-22 13:35 526256 ----a-w- c:\windows\system32\Codejock.SkinFramework.v12.0.2.ocx
2011-02-07 15:38 . 2004-03-09 06:00 132880 ----a-w- c:\windows\system32\MSINET.OCX
2011-02-07 15:38 . 1998-06-18 07:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2011-01-26 16:35 . 2011-01-26 16:41 -------- d-----w- c:\users\Bernie\AppData\Roaming\Apple Computer
2011-01-26 16:35 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-26 16:35 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-01-26 16:35 . 2011-01-26 16:35 -------- dc----w- c:\windows\system32\DRVSTORE
2011-01-26 16:34 . 2011-01-26 16:34 -------- d-----w- c:\program files\iPod
2011-01-26 16:34 . 2011-01-26 16:35 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-01-26 16:34 . 2011-01-26 16:35 -------- d-----w- c:\program files\iTunes
2011-01-26 16:34 . 2011-01-26 16:34 -------- d-----w- c:\program files\Apple Software Update
2011-01-21 19:08 . 2011-01-21 19:08 1176576 ----a-w- c:\windows\is-VIQ6G.exe
2011-01-18 19:59 . 2007-01-13 01:36 56976 ----a-w- c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
2011-01-18 19:59 . 2011-01-18 19:59 -------- d-----w- c:\program files\Common Files\Napster Shared
2011-01-18 19:58 . 2011-01-18 20:03 -------- d-----w- c:\programdata\Napster
2011-01-18 19:58 . 2011-01-18 19:59 -------- d-----w- c:\program files\Napster

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-06 15:26 . 2011-01-06 15:26 2 --shatr- c:\windows\winstart.bat
2010-12-28 15:55 . 2011-01-12 20:40 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-12 20:40 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 17:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Bernie\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Bernie\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Bernie\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-12-22 395640]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"KasperskyPasswordManager"="c:\program files\Kaspersky Lab\Kaspersky Password Manager\stpass.exe" [2010-02-25 2755912]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"Sidebar"="c:\program files\Windows Sidebar\SideBar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-05-14 244208]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"CTRegRun"="c:\windows\CTRegRun.EXE" [1999-10-10 41984]
"MaxtorOneTouch"="c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2004-12-22 823296]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-22 198160]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"NapsterShell"="c:\program files\Napster\napster.exe" [2007-01-13 323216]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-06-21 136416]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-06-21 79112]

c:\users\Bernie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bernie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]
Logitech . Product Registration.lnk - c:\program files\Logitech\QuickCam\eReg.exe [2008-11-7 517384]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-23 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2009-6-1 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9e080ea3ad5cc;Google Update Service (gupdate1c9e080ea3ad5cc);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 133104]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-05-14 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-05-14 166384]
R2 SessionLauncher;SessionLauncher;c:\users\Bernie\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-05-14 1120752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-10 33808]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-10 20496]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};c:\program files\CyberLink\PowerDVD DX\000.fcl [2008-02-26 41456]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-06-21 25824]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-06-21 14088]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-14 26640]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 17:14]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 17:14]

2011-02-12 c:\windows\Tasks\User_Feed_Synchronization-{CD2FF3D3-360C-49C4-8E54-059A8142464D}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = proxy.wp.shawcable.net:8080
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\users\Bernie\AppData\Roaming\Mozilla\Firefox\Profiles\y1z276jw.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Ext: Google Shortcuts: {5C46D283-ABDE-4dce-B83C-08881401921C} - %profile%\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: eSnipe.com SnipeIt!: esnipesnipeit@esnipe.com - %profile%\extensions\esnipesnipeit@esnipe.com
FF - Ext: Password Manager Autofill Engine: {72CA2996-F580-47DF-98FF-0B853D09CEC8} - c:\users\Bernie\AppData\Roaming\Kaspersky Lab\Kaspersky Password Manager\spAutofill
pref(dom.disable_open_during_load, true);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(7376)
c:\users\Bernie\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\WMPSideShowGadget.exe
c:\program files\Windows Mail\WindowsMailGadget.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\Windows Mail\WinMail.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-02-12 09:29:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-12 15:28

Pre-Run: 545,208,160,256 bytes free
Post-Run: 546,536,615,936 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4,5
- - End Of File - - 8669874A37DECFF9DDF6267DB433FBE2

#11 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:07 AM

Posted 13 February 2011 - 09:57 PM

Hello.

How is the computer running now?

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users