Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browsers Hijacked


  • This topic is locked This topic is locked
21 replies to this topic

#1 bandit12

bandit12

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 28 February 2011 - 08:42 AM

Dear Sir

I have a problem with all my browsers (IE, Chrome and Safari) redirecting to advertising sites.

I also get new browser windows pop up occasionally.

I have run up-to-date versions of Malwarebytes, Spybot and MS Security Essential, without success. Also, I am unable to run Windows Update as my browsers will not take me to the page.

Here are the contents of DDS.txt:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Home at 12:55:02.29 on 28/02/2011
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_18

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dldocoms.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Garmin\ANT Agent\ANT Agent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Safari\Safari.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Cobian Backup 10\Cobian.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\Windows\system32\vssvc.exe
C:\Users\Home\AppData\Local\Temp\4rgl62xv.tmp\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k bthaudiosvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k netsvcs

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uWindow Title = Wookies and Wankles Internet Explorer
uDefault_Page_URL = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll__BHODemonDisabled
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [Google Update] "c:\users\home\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ANT Agent] c:\garmin\ant agent\ANT Agent.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: garmin.com\buy
Trusted Zone: garmin.com\connect
Trusted Zone: garmin.com\mygarmin
Trusted Zone: live.com\cid-3483bccb32b36b8a.office
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB
DPF: {06305358-99CE-4C47-B59C-939B76856C2B} - hxxp://download.microsoft.com/download/5/B/5/5B5610B8-BBAB-45CF-B61A-DD29147ED3E3/pmupd806.exe
DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} - hxxp://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader4.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\kace\kontai~1\AviLdr.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R? BthAudioHF;BthAudioHF Service
R? csr_a2dp;Bluetooth AV Profile
R? gupdate1c990ee130a5430;Google Update Service (gupdate1c990ee130a5430)
R? MpNWMon;Microsoft Malware Protection Network Driver
R? TomTomHOMEService;TomTomHOMEService
S? AESTFilters;Andrea ST Filters Service
S? cbVSCService;Cobian Backup 10 Volume Shadow Copy service
S? ctxusbm;Citrix USB Monitor Driver
S? dldo_device;dldo_device
S? HFGService;Handsfree Headset Service
S? IntcHdmiAddService;Intel® High Definition Audio HDMI Service
S? MpFilter;Microsoft Malware Protection Driver
S? MpKslb8c346f3;MpKslb8c346f3
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection

=============== Created Last 30 ================

2011-02-28 08:22:37 -------- d-----w- c:\users\home\appdata\local\Safe mirror
2011-02-28 08:22:01 -------- d-----w- c:\program files\Cobian Backup 10
2011-02-28 08:07:54 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{dfc40033-7bb2-4cf0-93e3-62ed85d7bc49}\MpKslb8c346f3.sys
2011-02-28 00:03:36 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{88627be0-11a5-4fbb-b787-0a42070a1c87}\gapaengine.dll
2011-02-28 00:03:07 5943120 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{dfc40033-7bb2-4cf0-93e3-62ed85d7bc49}\mpengine.dll
2011-02-27 23:53:45 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-27 23:53:28 98184 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2011-02-27 23:53:28 902024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-02-27 23:53:28 595456 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2011-02-27 23:53:28 438272 ----a-w- c:\windows\system32\IKEEXT.DLL
2011-02-27 23:53:28 328704 ----a-w- c:\windows\system32\BFE.DLL
2011-02-27 23:53:28 220040 ----a-w- c:\windows\system32\drivers\netio.sys
2011-02-27 09:22:54 -------- d-----w- c:\progra~2\iGfBiFm06300
2011-02-07 21:07:10 -------- d-----w- c:\users\home\appdata\roaming\TCXConverter
2011-02-07 21:07:10 -------- d-----w- c:\program files\TCX Converter
2011-02-02 22:08:39 -------- d-----w- c:\program files\iPod
2011-02-02 22:08:36 -------- d-----w- c:\program files\iTunes
2011-02-02 22:05:20 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-02-02 22:05:20 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-02-02 22:05:20 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-02-02 22:05:20 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-02-02 22:05:20 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-02-02 22:05:20 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-02-02 22:05:20 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

==================== Find3M ====================

2010-12-14 18:51:20 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6001 Disk: SAMSUNG_ rev.HH10 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86879735]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8687f990]; MOV EAX, [0x8687fa0c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x822C205F] -> \Device\Harddisk0\DR0[0x85AEAAC8]
3 CLASSPNP[0x87FAA745] -> ntkrnlpa!IofCallDriver[0x822C205F] -> [0x86933588]
\Driver\iaStor[0x863E42C8] -> IRP_MJ_CREATE -> 0x86879735
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskSAMSUNG_HM160HI_________________________HH100-11#4&24818531&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 12:57:02.43 ===============

....and I have attached the Attach.zip and ark.txt files.

Many thanks for your help!!

Kind regards

Bandit12

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:57 AM

Posted 28 February 2011 - 01:39 PM

Bandit12,

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTM

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Processes
    :Services
    :Reg
    :Files
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [resethosts]
    [createrestorepoint]
    
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 bandit12

bandit12
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 28 February 2011 - 03:31 PM

Hi ST

Many thanks for helping me out!

Here are the logs:
TDSSKiller

2011/02/28 19:44:17.0484 3152 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/28 19:44:17.0700 3152 ================================================================================
2011/02/28 19:44:17.0700 3152 SystemInfo:
2011/02/28 19:44:17.0700 3152
2011/02/28 19:44:17.0700 3152 OS Version: 6.0.6001 ServicePack: 1.0
2011/02/28 19:44:17.0700 3152 Product type: Workstation
2011/02/28 19:44:17.0700 3152 ComputerName: HOME-PC
2011/02/28 19:44:17.0701 3152 UserName: Home
2011/02/28 19:44:17.0701 3152 Windows directory: C:\Windows
2011/02/28 19:44:17.0701 3152 System windows directory: C:\Windows
2011/02/28 19:44:17.0701 3152 Processor architecture: Intel x86
2011/02/28 19:44:17.0701 3152 Number of processors: 2
2011/02/28 19:44:17.0701 3152 Page size: 0x1000
2011/02/28 19:44:17.0701 3152 Boot type: Normal boot
2011/02/28 19:44:17.0701 3152 ================================================================================
2011/02/28 19:44:18.0369 3152 Initialize success
2011/02/28 19:44:23.0119 5536 ================================================================================
2011/02/28 19:44:23.0119 5536 Scan started
2011/02/28 19:44:23.0119 5536 Mode: Manual;
2011/02/28 19:44:23.0119 5536 ================================================================================
2011/02/28 19:44:23.0759 5536 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/02/28 19:44:23.0828 5536 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/02/28 19:44:23.0944 5536 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/02/28 19:44:24.0033 5536 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/02/28 19:44:24.0109 5536 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/02/28 19:44:24.0301 5536 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
2011/02/28 19:44:24.0389 5536 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/02/28 19:44:24.0558 5536 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/02/28 19:44:24.0630 5536 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/28 19:44:24.0692 5536 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/02/28 19:44:24.0747 5536 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/02/28 19:44:24.0798 5536 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/02/28 19:44:24.0851 5536 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/02/28 19:44:24.0918 5536 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/02/28 19:44:24.0985 5536 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/02/28 19:44:25.0057 5536 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/02/28 19:44:25.0101 5536 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/02/28 19:44:25.0153 5536 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/28 19:44:25.0190 5536 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/02/28 19:44:25.0352 5536 BCM43XX (abd543e555bc0453bf52664936df4dcd) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/02/28 19:44:25.0429 5536 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/02/28 19:44:25.0520 5536 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/02/28 19:44:25.0581 5536 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/28 19:44:25.0643 5536 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/28 19:44:25.0710 5536 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/28 19:44:25.0771 5536 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/28 19:44:25.0823 5536 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/28 19:44:25.0866 5536 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/28 19:44:25.0905 5536 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/28 19:44:25.0995 5536 BthAudioHF (ccda90025047b16709c7e484e6d6ff2c) C:\Windows\system32\DRIVERS\BthAudioHF.sys
2011/02/28 19:44:26.0082 5536 BthEnum (e5145a9dec2a863de262d40eff7d793a) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/02/28 19:44:26.0125 5536 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/28 19:44:26.0170 5536 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/02/28 19:44:26.0235 5536 BTHPORT (9f299c5274672900591e7c616d725f56) C:\Windows\system32\Drivers\BTHport.sys
2011/02/28 19:44:26.0301 5536 BTHUSB (31c9453df130b4b89eafcdc97319ccc2) C:\Windows\system32\Drivers\BTHUSB.sys
2011/02/28 19:44:26.0419 5536 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/28 19:44:26.0488 5536 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/28 19:44:26.0548 5536 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/02/28 19:44:26.0616 5536 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/02/28 19:44:26.0700 5536 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/28 19:44:26.0749 5536 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/02/28 19:44:26.0775 5536 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/28 19:44:26.0813 5536 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/02/28 19:44:26.0857 5536 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/02/28 19:44:26.0947 5536 csr_a2dp (1ea279e858ec0b17c0f426009951e373) C:\Windows\system32\drivers\bthav.sys
2011/02/28 19:44:27.0054 5536 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
2011/02/28 19:44:27.0105 5536 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/02/28 19:44:27.0206 5536 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/02/28 19:44:27.0342 5536 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/02/28 19:44:27.0427 5536 DSI_SiUSBXp_3_1 (bc9c2ef22ee0320c079e3ff9b4d29951) C:\Windows\system32\drivers\DSI_SiUSBXp_3_1.sys
2011/02/28 19:44:27.0492 5536 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/28 19:44:27.0588 5536 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/02/28 19:44:27.0630 5536 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/28 19:44:27.0696 5536 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/02/28 19:44:27.0792 5536 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/02/28 19:44:27.0872 5536 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/02/28 19:44:27.0969 5536 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/02/28 19:44:28.0023 5536 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/02/28 19:44:28.0068 5536 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/28 19:44:28.0140 5536 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/02/28 19:44:28.0187 5536 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/02/28 19:44:28.0251 5536 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/28 19:44:28.0282 5536 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/02/28 19:44:28.0344 5536 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/28 19:44:28.0397 5536 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/28 19:44:28.0461 5536 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/28 19:44:28.0532 5536 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\Windows\system32\drivers\grmnusb.sys
2011/02/28 19:44:28.0612 5536 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/28 19:44:28.0660 5536 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/28 19:44:28.0714 5536 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/02/28 19:44:28.0763 5536 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/28 19:44:28.0803 5536 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/02/28 19:44:28.0945 5536 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/02/28 19:44:28.0989 5536 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/02/28 19:44:29.0079 5536 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/02/28 19:44:29.0116 5536 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/02/28 19:44:29.0165 5536 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/28 19:44:29.0265 5536 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
2011/02/28 19:44:29.0321 5536 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/02/28 19:44:29.0641 5536 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/02/28 19:44:29.0718 5536 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/28 19:44:29.0752 5536 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
2011/02/28 19:44:29.0799 5536 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/28 19:44:29.0832 5536 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/28 19:44:29.0875 5536 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/28 19:44:29.0969 5536 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/28 19:44:30.0003 5536 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/28 19:44:30.0057 5536 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/02/28 19:44:30.0098 5536 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/02/28 19:44:30.0135 5536 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/28 19:44:30.0172 5536 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/28 19:44:30.0211 5536 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/28 19:44:30.0249 5536 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/28 19:44:30.0299 5536 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/28 19:44:30.0413 5536 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/28 19:44:30.0509 5536 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/28 19:44:30.0600 5536 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/28 19:44:30.0659 5536 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/28 19:44:30.0752 5536 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/28 19:44:30.0786 5536 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/02/28 19:44:30.0885 5536 LVcKap (9ce361764c5dd5fa5506510fe5d2297b) C:\Windows\system32\DRIVERS\LVcKap.sys
2011/02/28 19:44:30.0974 5536 LVPr2Mon (94d03b31f36bb362fa5713470fcf1c79) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/02/28 19:44:31.0092 5536 LVRS (a198cd8a1c813d9ceba29a29d45fc94c) C:\Windows\system32\DRIVERS\lvrs.sys
2011/02/28 19:44:31.0213 5536 LVUSBSta (8b79a50360fc31df6b7b979b686b4aa2) C:\Windows\system32\drivers\LVUSBSta.sys
2011/02/28 19:44:31.0427 5536 LVUVC (5c20c4be679842cbee729b0cff5928bd) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/02/28 19:44:31.0596 5536 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/02/28 19:44:31.0652 5536 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/02/28 19:44:31.0716 5536 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/02/28 19:44:31.0772 5536 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/02/28 19:44:31.0805 5536 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/28 19:44:31.0831 5536 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/28 19:44:31.0883 5536 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/28 19:44:31.0932 5536 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/02/28 19:44:32.0011 5536 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/02/28 19:44:32.0054 5536 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/02/28 19:44:32.0259 5536 MpKsl6b27e1ad (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DFC40033-7BB2-4CF0-93E3-62ED85D7BC49}\MpKsl6b27e1ad.sys
2011/02/28 19:44:32.0294 5536 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/02/28 19:44:32.0338 5536 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/28 19:44:32.0408 5536 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/28 19:44:32.0454 5536 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/02/28 19:44:32.0526 5536 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/28 19:44:32.0598 5536 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/28 19:44:32.0630 5536 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/28 19:44:32.0676 5536 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/02/28 19:44:32.0717 5536 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/02/28 19:44:32.0790 5536 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/02/28 19:44:32.0801 5536 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/02/28 19:44:32.0862 5536 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/28 19:44:32.0925 5536 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/28 19:44:32.0965 5536 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/02/28 19:44:33.0000 5536 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/02/28 19:44:33.0053 5536 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/28 19:44:33.0078 5536 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/02/28 19:44:33.0127 5536 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/02/28 19:44:33.0207 5536 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/28 19:44:33.0290 5536 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
2011/02/28 19:44:33.0324 5536 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/28 19:44:33.0348 5536 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/28 19:44:33.0409 5536 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/28 19:44:33.0461 5536 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/02/28 19:44:33.0502 5536 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/28 19:44:33.0537 5536 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/28 19:44:33.0616 5536 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/28 19:44:33.0688 5536 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/02/28 19:44:33.0743 5536 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/02/28 19:44:33.0813 5536 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/28 19:44:33.0860 5536 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/02/28 19:44:33.0906 5536 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/28 19:44:33.0946 5536 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/02/28 19:44:33.0992 5536 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/02/28 19:44:34.0033 5536 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/02/28 19:44:34.0079 5536 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/02/28 19:44:34.0205 5536 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/28 19:44:34.0289 5536 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/02/28 19:44:34.0327 5536 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/02/28 19:44:34.0381 5536 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/02/28 19:44:34.0448 5536 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/02/28 19:44:34.0479 5536 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/02/28 19:44:34.0528 5536 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/02/28 19:44:34.0575 5536 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/02/28 19:44:34.0639 5536 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/28 19:44:34.0771 5536 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/28 19:44:34.0833 5536 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/02/28 19:44:34.0897 5536 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/28 19:44:34.0980 5536 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/02/28 19:44:35.0081 5536 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/02/28 19:44:35.0141 5536 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/28 19:44:35.0201 5536 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/28 19:44:35.0313 5536 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/28 19:44:35.0366 5536 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/28 19:44:35.0422 5536 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/28 19:44:35.0462 5536 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/28 19:44:35.0517 5536 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/28 19:44:35.0561 5536 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/28 19:44:35.0588 5536 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/28 19:44:35.0653 5536 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/02/28 19:44:35.0677 5536 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/28 19:44:35.0757 5536 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/02/28 19:44:35.0850 5536 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/02/28 19:44:35.0892 5536 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/02/28 19:44:35.0917 5536 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/02/28 19:44:36.0022 5536 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2011/02/28 19:44:36.0092 5536 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/02/28 19:44:36.0128 5536 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/02/28 19:44:36.0160 5536 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/02/28 19:44:36.0285 5536 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/28 19:44:36.0328 5536 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/28 19:44:36.0425 5536 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/02/28 19:44:36.0469 5536 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/28 19:44:36.0538 5536 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/02/28 19:44:36.0581 5536 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/02/28 19:44:36.0625 5536 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/02/28 19:44:36.0723 5536 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/28 19:44:36.0781 5536 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/28 19:44:36.0853 5536 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/28 19:44:36.0869 5536 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/28 19:44:36.0933 5536 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/02/28 19:44:36.0986 5536 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/02/28 19:44:37.0070 5536 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/02/28 19:44:37.0136 5536 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/02/28 19:44:37.0194 5536 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/02/28 19:44:37.0288 5536 srv (8e5fc19b3b38364c5f44ccecec5248e9) C:\Windows\system32\DRIVERS\srv.sys
2011/02/28 19:44:37.0350 5536 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/28 19:44:37.0386 5536 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/28 19:44:37.0472 5536 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2011/02/28 19:44:37.0517 5536 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/28 19:44:37.0580 5536 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/28 19:44:37.0624 5536 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/28 19:44:37.0672 5536 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/28 19:44:37.0816 5536 Tcpip (a6a02ef5b5e40fbd31a1adc577da54bb) C:\Windows\system32\drivers\tcpip.sys
2011/02/28 19:44:37.0891 5536 Tcpip6 (a6a02ef5b5e40fbd31a1adc577da54bb) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/28 19:44:37.0897 5536 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/28 19:44:37.0946 5536 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/02/28 19:44:37.0996 5536 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/02/28 19:44:38.0035 5536 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/28 19:44:38.0077 5536 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/28 19:44:38.0204 5536 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/28 19:44:38.0255 5536 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/28 19:44:38.0313 5536 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/28 19:44:38.0370 5536 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/02/28 19:44:38.0446 5536 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/28 19:44:38.0523 5536 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/28 19:44:38.0580 5536 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/02/28 19:44:38.0636 5536 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/28 19:44:38.0693 5536 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/28 19:44:38.0732 5536 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/28 19:44:38.0856 5536 USB28xxBGA (675cce4a8df14aa0b3c3e23424853c50) C:\Windows\system32\DRIVERS\emBDA.sys
2011/02/28 19:44:38.0934 5536 USB28xxOEM (548ff2d95ba0793a79ec679081313974) C:\Windows\system32\DRIVERS\emOEM.sys
2011/02/28 19:44:39.0013 5536 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/02/28 19:44:39.0080 5536 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
2011/02/28 19:44:39.0141 5536 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/28 19:44:39.0189 5536 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/28 19:44:39.0245 5536 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/28 19:44:39.0294 5536 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/28 19:44:39.0371 5536 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/02/28 19:44:39.0428 5536 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/28 19:44:39.0495 5536 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/02/28 19:44:39.0553 5536 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/28 19:44:39.0613 5536 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/28 19:44:39.0691 5536 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/28 19:44:39.0730 5536 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/02/28 19:44:39.0779 5536 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/02/28 19:44:39.0839 5536 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/02/28 19:44:39.0917 5536 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/02/28 19:44:39.0934 5536 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/02/28 19:44:39.0976 5536 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/02/28 19:44:40.0039 5536 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/02/28 19:44:40.0093 5536 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/02/28 19:44:40.0176 5536 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/28 19:44:40.0227 5536 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/28 19:44:40.0254 5536 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/28 19:44:40.0330 5536 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/02/28 19:44:40.0389 5536 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/28 19:44:40.0520 5536 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/02/28 19:44:40.0620 5536 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/28 19:44:40.0737 5536 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/02/28 19:44:40.0787 5536 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/28 19:44:40.0875 5536 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/28 19:44:40.0939 5536 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/02/28 19:44:40.0999 5536 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/02/28 19:44:41.0088 5536 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/28 19:44:41.0100 5536 ================================================================================
2011/02/28 19:44:41.0100 5536 Scan finished
2011/02/28 19:44:41.0100 5536 ================================================================================
2011/02/28 19:44:41.0135 4712 Detected object count: 1
2011/02/28 19:45:28.0474 4712 \HardDisk0 - will be cured after reboot
2011/02/28 19:45:28.0475 4712 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/28 19:46:38.0282 4172 Deinitialize success

OTM:

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41661 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Home
->Temp folder emptied: 41605939 bytes
->Temporary Internet Files folder emptied: 28891521 bytes
->Java cache emptied: 39739994 bytes
->FireFox cache emptied: 55582082 bytes
->Google Chrome cache emptied: 37028904 bytes
->Apple Safari cache emptied: 58805248 bytes
->Flash cache emptied: 87282 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3410680 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 9496976 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 262.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.17.2 log created on 02282011_195300

Files moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File C:\Windows\temp\TMP000000037B6D601CCE32A0CC not found!

Registry entries deleted on Reboot...

OTL:
OTL logfile created on: 28/02/2011 20:18:55 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Home\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.45 Gb Total Space | 63.19 Gb Free Space | 46.31% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.85 Gb Free Space | 58.51% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/28 20:18:01 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Downloads\OTL.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/12 17:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 17:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2009/05/19 16:11:52 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/03/24 02:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/02 12:42:04 | 008,203,352 | ---- | M] (GARMIN Corp.) -- C:\Garmin\ANT Agent\ANT Agent.exe
PRC - [2008/05/04 09:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 09:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 09:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/04 09:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/02/05 18:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/02/05 18:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/11/12 11:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 11:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/10/05 14:30:34 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldocoms.exe
PRC - [2007/03/21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 12:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2011/02/28 20:18:01 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Downloads\OTL.exe
MOD - [2008/02/05 18:20:30 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\Temp\logishrd\LVPrcInj01.dll
MOD - [2008/01/21 02:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010/02/05 04:16:20 | 000,419,224 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Windows\System32\HFGService.dll -- (HFGService)
SRV - [2009/11/13 11:31:14 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/01/18 13:42:04 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/02/27 16:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Disabled | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/02/05 18:22:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/02/05 18:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/02/05 18:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 11:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 11:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/10/05 14:30:34 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldocoms.exe -- (dldo_device)
SRV - [2007/03/21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/02/28 20:12:35 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DFC40033-7BB2-4CF0-93E3-62ED85D7BC49}\MpKslb0e75d71.sys -- (MpKslb0e75d71)
DRV - [2011/02/28 19:47:57 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DFC40033-7BB2-4CF0-93E3-62ED85D7BC49}\MpKslba21a07f.sys -- (MpKslba21a07f)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/07/14 12:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/02/05 04:16:10 | 000,066,952 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthav.sys -- (csr_a2dp)
DRV - [2010/02/05 04:16:08 | 000,048,024 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAudioHF.sys -- (BthAudioHF)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/04 09:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 07:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/02/06 02:21:37 | 004,658,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2008/02/06 02:21:25 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/02/06 02:20:40 | 000,628,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/02/05 18:20:08 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/05 18:18:12 | 000,689,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2008/01/21 02:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/11/12 11:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/06 16:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 16:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 16:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/09/06 14:53:12 | 000,014,848 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DSI_SiUSBXp_3_1.sys -- (DSI_SiUSBXp_3_1)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/08/05 00:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/11/14 17:30:10 | 000,209,664 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2005/11/14 17:29:58 | 000,017,152 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2757821832-2422088274-1203774175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
IE - HKU\S-1-5-21-2757821832-2422088274-1203774175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2757821832-2422088274-1203774175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2757821832-2422088274-1203774175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2757821832-2422088274-1203774175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


[2009/09/18 07:00:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions
[2008/12/08 20:39:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/07/09 13:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\so1ytfyj.default\extensions
[2009/09/19 08:41:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\so1ytfyj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/09 13:18:53 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\so1ytfyj.default\extensions\firefox@tvunetworks.com
[2010/08/13 22:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/02/28 19:54:47 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKU\S-1-5-21-2757821832-2422088274-1203774175-1000\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O3 - HKU\S-1-5-21-2757821832-2422088274-1203774175-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2757821832-2422088274-1203774175-1000..\Run: [ANT Agent] C:\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2757821832-2422088274-1203774175-1000\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKU\S-1-5-21-2757821832-2422088274-1203774175-1000\..Trusted Domains: garmin.com ([buy] http in Trusted sites)
O15 - HKU\S-1-5-21-2757821832-2422088274-1203774175-1000\..Trusted Domains: garmin.com ([buy] https in Trusted sites)
O15 - HKU\S-1-5-21-2757821832-2422088274-1203774175-1000\..Trusted Domains: garmin.com ([connect] http in Trusted sites)
O15 - HKU\S-1-5-21-2757821832-2422088274-1203774175-1000\..Trusted Domains: garmin.com ([connect] https in Trusted sites)
O15 - HKU\S-1-5-21-2757821832-2422088274-1203774175-1000\..Trusted Domains: garmin.com ([mygarmin] http in Trusted sites)
O15 - HKU\S-1-5-21-2757821832-2422088274-1203774175-1000\..Trusted Domains: garmin.com ([mygarmin] https in Trusted sites)
O15 - HKU\S-1-5-21-2757821832-2422088274-1203774175-1000\..Trusted Domains: live.com ([cid-3483bccb32b36b8a.office] https in Trusted sites)
O16 - DPF: {06305358-99CE-4C47-B59C-939B76856C2B} http://download.microsoft.com/download/5/B/5/5B5610B8-BBAB-45CF-B61A-DD29147ED3E3/pmupd806.exe (Reg Error: Key error.)
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab (TraderMediaImgX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} http://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader4.cab (Bonusprint Image Uploader Version 4.5 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KACE\KONTAI~1\AviLdr.DLL) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5d956482-ca1e-11dd-8111-001d0962d886}\Shell\AutoRun\command - "" = F:\setup.exe /AUTORUN
O33 - MountPoints2\{5d956482-ca1e-11dd-8111-001d0962d886}\Shell\configure\command - "" = F:\setup.exe
O33 - MountPoints2\{5d956482-ca1e-11dd-8111-001d0962d886}\Shell\install\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/28 19:53:00 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/02/28 08:22:37 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Safe mirror
[2011/02/28 08:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 10
[2011/02/28 08:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2011/02/27 23:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/02/27 23:53:28 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2011/02/27 23:53:28 | 000,220,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/02/27 23:53:28 | 000,098,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011/02/27 09:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\iGfBiFm06300
[2011/02/07 21:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPSBabel
[2011/02/07 21:07:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TCX Converter
[2011/02/07 21:07:10 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\TCXConverter
[2011/02/07 21:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\TCX Converter
[2011/02/02 22:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/02/02 22:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/02 22:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/02/02 22:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/02/02 22:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2007/10/05 14:30:36 | 000,320,752 | ---- | C] ( ) -- C:\Windows\System32\dldoih.exe
[2007/10/05 14:30:34 | 000,595,184 | ---- | C] ( ) -- C:\Windows\System32\dldocoms.exe
[2007/10/05 14:30:32 | 000,365,808 | ---- | C] ( ) -- C:\Windows\System32\dldocfg.exe
[2007/09/10 19:50:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dldopmui.dll
[2007/09/10 19:46:54 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\dldoserv.dll
[2007/09/10 19:43:34 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldolmpm.dll
[2007/09/10 19:43:26 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldoiesc.dll
[2007/09/10 19:43:08 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldocomm.dll
[2007/09/10 19:41:48 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldohbn3.dll
[2007/09/10 19:41:10 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\dldousb1.dll
[2007/09/10 19:40:22 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldocomc.dll
[2007/09/10 19:38:56 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldoprox.dll
[2007/09/10 19:36:26 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\dldoinpa.dll
[1 C:\Users\Home\Desktop\*.tmp files -> C:\Users\Home\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/28 20:18:46 | 000,605,382 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/28 20:18:46 | 000,107,696 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/28 20:13:02 | 000,000,491 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/02/28 20:12:34 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/28 20:12:32 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/28 20:12:31 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/28 20:12:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/28 19:57:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/02/28 19:54:47 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/02/28 19:43:31 | 001,257,772 | ---- | M] () -- C:\Users\Home\Desktop\tdsskiller.zip
[2011/02/28 18:58:09 | 000,000,000 | ---- | M] () -- C:\Users\Home\defogger_reenable
[2011/02/28 12:58:56 | 000,288,107 | ---- | M] () -- C:\Users\Home\Desktop\gmer.zip
[2011/02/28 12:58:27 | 000,001,907 | ---- | M] () -- C:\Users\Home\Desktop\Attach.zip
[2011/02/28 12:52:51 | 000,000,151 | ---- | M] () -- C:\Users\Home\Desktop\Defogger.url
[2011/02/28 09:28:03 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2757821832-2422088274-1203774175-1000UA.job
[2011/02/28 09:25:15 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A416C7D2-A221-4AD9-8F9C-5734B5D8918F}.job
[2011/02/28 08:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/28 08:34:47 | 000,069,632 | ---- | M] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/27 23:57:01 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/02/27 23:24:28 | 000,006,648 | ---- | M] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2011/02/27 22:25:11 | 215,132,542 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/27 22:21:52 | 000,002,497 | ---- | M] () -- C:\Users\Public\Desktop\SatSYNC.lnk
[2011/02/26 12:28:00 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2757821832-2422088274-1203774175-1000Core.job
[2011/02/14 16:03:58 | 000,148,934 | ---- | M] () -- C:\temp.fit
[2011/02/07 21:07:15 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\TCX Converter.lnk
[2011/02/02 22:09:57 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/02/02 12:04:36 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[1 C:\Users\Home\Desktop\*.tmp files -> C:\Users\Home\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/28 19:43:35 | 001,257,772 | ---- | C] () -- C:\Users\Home\Desktop\tdsskiller.zip
[2011/02/28 18:58:09 | 000,000,000 | ---- | C] () -- C:\Users\Home\defogger_reenable
[2011/02/28 12:58:52 | 000,288,107 | ---- | C] () -- C:\Users\Home\Desktop\gmer.zip
[2011/02/28 12:58:27 | 000,001,907 | ---- | C] () -- C:\Users\Home\Desktop\Attach.zip
[2011/02/28 12:52:31 | 000,000,151 | ---- | C] () -- C:\Users\Home\Desktop\Defogger.url
[2011/02/27 23:57:01 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/02/27 23:53:53 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/02/12 12:16:21 | 000,148,934 | ---- | C] () -- C:\temp.fit
[2011/02/07 21:07:15 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\TCX Converter.lnk
[2011/02/02 22:09:57 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/03 11:22:42 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\DVDRipper_sysquict.dat
[2011/01/03 11:21:12 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/01/03 11:21:09 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/03 11:21:09 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/01/03 11:21:08 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/08/13 22:52:15 | 000,172,668 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/01/06 07:45:10 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
[2009/12/17 23:40:28 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/09/18 07:00:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/20 09:24:53 | 000,002,960 | ---- | C] () -- C:\ProgramData\dldo
[2009/04/24 06:43:33 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2008/12/29 19:34:06 | 000,038,973 | ---- | C] () -- C:\Users\Home\AppData\Roaming\Comma Separated Values (Windows).ADR
[2008/12/23 19:49:23 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/12/22 01:30:14 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/12/19 09:10:28 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/12/12 15:53:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/11/10 19:21:44 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008/11/06 16:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/10/14 08:09:04 | 000,069,632 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/02 08:38:54 | 000,000,926 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wklnhst.dat
[2008/09/02 08:38:09 | 000,006,648 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2008/09/01 17:29:18 | 000,003,890 | ---- | C] () -- C:\Users\Home\AppData\Roaming\mdb.bin
[2008/09/01 10:44:46 | 000,047,104 | ---- | C] () -- C:\Windows\System32\Wh2Robo.dll
[2008/08/19 19:51:00 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/08/19 19:51:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/12 05:57:19 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/08/12 05:57:19 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/08/12 05:57:19 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/08/12 05:57:19 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/08/12 05:57:19 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/08/12 05:57:16 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/08/11 21:22:37 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/08/11 21:22:37 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/02/05 18:20:08 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008/02/03 23:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/09/05 04:53:26 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldoinsr.dll
[2007/09/05 04:53:20 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldocur.dll
[2007/09/05 04:53:04 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldojswr.dll
[2007/09/05 04:52:04 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoinsb.dll
[2007/09/05 04:52:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldocub.dll
[2007/09/05 04:51:16 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoins.dll
[2007/09/05 04:51:16 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldocu.dll
[2007/09/05 04:50:36 | 000,503,808 | ---- | C] () -- C:\Windows\System32\dldoutil.dll
[2007/09/05 04:50:28 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldogrd.dll
[2007/08/03 18:08:52 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldocoin.dll
[2007/08/01 09:15:52 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldocfg.dll
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 001,723,824 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,605,382 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,107,696 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/01 06:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldovs.dll
[2005/09/16 15:39:26 | 000,040,960 | ---- | C] () -- C:\Windows\System32\bdadll.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:5F64C164

< End of report >

Extras:
OTL Extras logfile created on: 28/02/2011 20:18:55 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Home\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.45 Gb Total Space | 63.19 Gb Free Space | 46.31% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.85 Gb Free Space | 58.51% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2757821832-2422088274-1203774175-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2757821832-2422088274-1203774175-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F2F868D-3C65-4EA5-BCA0-0CC70C776D66}" = rport=2869 | protocol=6 | dir=out | app=system |
"{104A0138-E65A-4CB6-9F3A-00CD9B070688}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{24702915-916B-474D-9133-38E4D68EB3C1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2F8A3CEB-194A-4066-B1CA-44CE8226F887}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{320FB42C-93DF-4F84-9269-B19D9397AB1F}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{41CEF8A6-5AEF-4A9E-955D-74D64ECA0593}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{43E9167D-B5DB-4F6C-891F-CB01A2580E47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4D1CC186-7A17-42EE-8CA2-B5846692B327}" = rport=139 | protocol=6 | dir=out | app=system |
"{58CE8139-6E0B-4F14-BB52-40C368D68A13}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5B53725D-198B-4667-8F5C-A74B6C9CAB3F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{610730B2-A0F9-46AA-8964-0CDFC870E87A}" = rport=137 | protocol=17 | dir=out | app=system |
"{620311DD-31B1-42C4-94A5-854B986AF49F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7153342E-14DB-4A85-99D1-0BD3C5C3B6EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7A5C9DAD-37C6-4A30-A5A6-609C55A5F4D6}" = lport=138 | protocol=17 | dir=in | app=system |
"{81B844F8-57DD-4DFD-AE26-DE5826B1ABC2}" = lport=139 | protocol=6 | dir=in | app=system |
"{8232762C-6154-411F-BACD-2FF3B6F20705}" = lport=445 | protocol=6 | dir=in | app=system |
"{A71508FB-6DA2-48B5-9A0A-59B89091A55C}" = lport=137 | protocol=17 | dir=in | app=system |
"{BF9AA074-6982-493F-A0D6-D35BD70A80CA}" = rport=138 | protocol=17 | dir=out | app=system |
"{FCBFFA34-C183-4F69-97A2-FC2CCF23930D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FE304661-6C04-46BF-8A65-9AF9BC04F375}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007456C8-26FB-4ADE-AAD1-33FAA14EF885}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0204F5BA-3E4F-4334-918D-AAB81A788E32}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1001884D-6FE5-4732-8357-E1A25AD5330F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{117A1B47-BEB3-4268-8F92-DDFABC418079}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{15C0417E-91AB-4919-8722-F21A4471938C}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{1D5AC1E6-55B7-491B-BF52-BEC95625EBA2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1D8A5B7A-1552-40D4-AF59-B034438B197F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F50ABC5-5E9C-4CAF-A319-5F43F571F595}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{25D8ACC3-9AB4-4ADE-97AE-D829EB3FB89E}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{280A4111-52BB-4487-9C01-97A84D6F265D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2BC98CCE-09C9-4DA2-BDAC-7B9B51C34C9E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{374A3BD5-A238-493D-902A-6F2B2CBB4267}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{37B914C0-570E-49F9-B127-4CA3B50DE4EC}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{39EF3C21-2D75-4A1A-BAAA-BB5D9D1E4A45}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{409003F8-B79D-4F71-8295-194E2B0C094B}" = protocol=17 | dir=in | app=c:\windows\system32\dldocoms.exe |
"{417222F7-9007-4E29-A777-EAB5354EB16E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4609ADFD-A8D8-41BB-B6CB-90C97577B92E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4633B324-17E9-455D-BFDA-9B258A4F92E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4EBD3625-B5E3-4C69-A3F5-B1C1E638A146}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{50B84AC8-61C2-41F9-A3DE-75FCC1C9AE76}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59BB5AB5-6407-4883-85E7-711E5F5AA29E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B5C8FBD-F425-44AE-8592-DD80C7E11AAD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6230D6F4-94F0-4668-8128-F8CE5DEC8BDA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A373DE1-D65A-49F0-B97C-5BE2DC507BFA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E694CF9-0A99-4C72-B747-DB6E45BB4226}" = dir=in | app=c:\program files\citrix\secure access client\nsepa.exe |
"{81ABE3C3-E6ED-4BF5-8396-BC0B16773813}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{829109CC-8162-47DA-99E7-D8470283C40C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{86F2AB92-F773-4C91-9017-3F6D422ED3DF}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{87EF0D59-9F7A-4EB3-B147-066FBF9E84D5}" = dir=out | app=c:\program files\citrix\secure access client\nsepa.exe |
"{8A6A1F9C-1769-4C1C-87E8-70338FA50529}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BDE2D14-B9A8-4C42-B17B-4AB6CBE1A295}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8D80B42B-CF74-4414-BE34-2FC493DA79D6}" = protocol=6 | dir=in | app=c:\windows\system32\dldocoms.exe |
"{9DCC899A-31E0-481D-AD44-8F3825C1E6F1}" = protocol=6 | dir=in | app=c:\program files\dell 968 aio printer\memcard.exe |
"{9EFBD55A-2E60-4C42-8A72-F11969222798}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{A61D3F23-C391-4B33-9DDD-551D9F3A72B2}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A6966E4B-CE8A-4DE1-87FE-DD31C6AFD11E}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{B344EBC3-87EA-40E3-A8DA-212D8C720969}" = protocol=17 | dir=in | app=c:\program files\dell 968 aio printer\memcard.exe |
"{C1821842-C282-4E3E-BC21-A67C602D2FF1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C38A6864-D865-4A3A-B572-886F36EC4BEA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C9DDE3A2-C966-4E0A-B82C-370D401BA9BC}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{D5266BDD-D0C4-4AB5-A582-2FFB68379160}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{DB6E4519-9758-408A-A73B-63C22BC57ABE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E75DD1A8-5DB4-497E-8AC6-70D08BC7051A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E83CC51A-AD5D-448F-A42F-88C905A97B16}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{F05FA6D2-2C5E-439B-A27F-A5E88234EB03}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{1533F8ED-EFC5-41A2-8DE7-7E0D1A1CE988}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9DF4FAEF-1973-4746-996C-770C93CF4340}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{DA02E0D9-386D-4AA5-A483-D1625C6C8BE3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1135E044-35FB-4DBE-AB15-DA8E871C9FD4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3DEB3782-7AAC-49EA-B599-5592518DB65F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7EDD891E-730A-4A35-9C89-8F2112373FA8}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1" = GPSBabel 1.4.2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{38B9A4E1-4482-44D9-AC14-64F70938CCB5}" = Garmin MapSource
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{48E5A81D-CF47-4A08-A7BD-F3515749EFF8}" = Garmin ANT Agent 2.1.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}" = Roxio Media Manager
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6444D9D9-CD6C-4464-B970-55C606C944DC}" = Logitech QuickCam
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820A2AC0-7057-457D-AAAD-EEB1993D58B5}" = Citrix Access Gateway Endpoint Analysis
"{84F1B62A-E6F6-458E-BC19-51DBB14055EA}" = BlackBerry Desktop Software 4.7
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{9F74B6DE-B89C-4532-AFED-5AB0CCAAC1DF}_is1" = TCX Converter 2.0.22
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3FB6B55-C271-44FC-BA03-BBD8B2EA6EEF}" = Memory-Map OS Edition Version 5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4FE00AF-E29D-4220-B118-0B453F3539E0}" = Garmin TOPO Great Britain v2
"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E881420C-C850-40C3-8D6F-8F088BDD8CAE}" = SatSYNC
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F4EE3AEB-0E27-46DA-810B-04CA11683972}" = Quo v2
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BlackBerry_{84F1B62A-E6F6-458E-BC19-51DBB14055EA}" = BlackBerry Desktop Software 4.7
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Canon MP560 series User Registration" = Canon MP560 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"cGPSmapper Free_is1" = cGPSmapper Free 0097
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"CobBackup10" = Cobian Backup 10
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"lvdrivers_11.70" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"OST2PST v2.1" = OST2PST v2.1
"PSP Video 9" = PSP Video 9 5.03
"Recover Data for OST to PST_is1" = Recover Data for OST to PST
"TomTom HOME" = TomTom HOME 2.7.3.1894
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2757821832-2422088274-1203774175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/02/2011 18:37:23 | Computer Name = Home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 27/02/2011 18:59:18 | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description =

Error - 27/02/2011 18:59:57 | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description =

Error - 27/02/2011 19:05:38 | Computer Name = Home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 27/02/2011 19:42:41 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 27/02/2011 19:42:50 | Computer Name = Home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 27/02/2011 19:53:27 | Computer Name = Home-PC | Source = SPP | ID = 16387
Description =

Error - 27/02/2011 19:53:27 | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description =

Error - 27/02/2011 19:53:35 | Computer Name = Home-PC | Source = SPP | ID = 16387
Description =

Error - 27/02/2011 19:53:35 | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 17/12/2009 19:31:00 | Computer Name = Home-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 30/03/2010 14:32:45 | Computer Name = Home-PC | Source = ehRecvr | ID = 4
Description =

Error - 30/03/2010 15:12:26 | Computer Name = Home-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 19/04/2010 14:30:15 | Computer Name = Home-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 28/04/2010 16:07:40 | Computer Name = Home-PC | Source = ehRecvr | ID = 4
Description =

Error - 28/04/2010 16:09:45 | Computer Name = Home-PC | Source = ehRecvr | ID = 3
Description =

Error - 28/04/2010 16:09:46 | Computer Name = Home-PC | Source = ehRecvr | ID = 3
Description =

Error - 28/04/2010 16:18:51 | Computer Name = Home-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 28/04/2010 16:25:35 | Computer Name = Home-PC | Source = ehRecvr | ID = 4
Description =

[ System Events ]
Error - 09/09/2008 14:57:31 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09/09/2008 14:57:33 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09/09/2008 14:57:34 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09/09/2008 14:57:34 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09/09/2008 14:57:35 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/09/2008 03:28:19 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/09/2008 03:28:19 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/09/2008 03:28:20 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/09/2008 03:28:21 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/09/2008 03:28:22 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Thanks again!!!

Bandit12

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:57 AM

Posted 28 February 2011 - 03:53 PM

bandit12,

TDSSKiller has dealt with the main infection your computer was infected with.

How is your computer running?

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKU\S-1-5-21-2757821832-2422088274-1203774175-1000\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
    O3 - HKU\S-1-5-21-2757821832-2422088274-1203774175-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB (Reg Error: Key error.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\KACE\KONTAI~1\AviLdr.DLL) - File not found
    O33 - MountPoints2\{5d956482-ca1e-11dd-8111-001d0962d886}\Shell\AutoRun\command - "" = F:\setup.exe /AUTORUN
    O33 - MountPoints2\{5d956482-ca1e-11dd-8111-001d0962d886}\Shell\configure\command - "" = F:\setup.exe
    O33 - MountPoints2\{5d956482-ca1e-11dd-8111-001d0962d886}\Shell\install\command - "" = F:\setup.exe
    [1 C:\Users\Home\Desktop\*.tmp files -> C:\Users\Home\Desktop\*.tmp -> ]
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:


Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 bandit12

bandit12
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 28 February 2011 - 04:59 PM

Hi ST

Brilliant - seems to be working well now!

Here is the OTL log:


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service ACDaemon stopped successfully!
Service ACDaemon deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2757821832-2422088274-1203774175-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2757821832-2422088274-1203774175-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\KACE\KONTAI~1\AviLdr.DLL deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d956482-ca1e-11dd-8111-001d0962d886}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d956482-ca1e-11dd-8111-001d0962d886}\ not found.
File F:\setup.exe /AUTORUN not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d956482-ca1e-11dd-8111-001d0962d886}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d956482-ca1e-11dd-8111-001d0962d886}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d956482-ca1e-11dd-8111-001d0962d886}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d956482-ca1e-11dd-8111-001d0962d886}\ not found.
File F:\setup.exe not found.
C:\Users\Home\Desktop\~WRL3638.tmp deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Home\Downloads\cmd.bat deleted successfully.
C:\Users\Home\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Home
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 13519791 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 766 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 111453 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 13.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Home
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.2 log created on 02282011_211449

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

and here is the Malware log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5907

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

28/02/2011 21:32:15
mbam-log-2011-02-28 (21-32-15).txt

Scan type: Quick scan
Objects scanned: 156293
Time elapsed: 7 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Many thanks

Bandit12

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:57 AM

Posted 28 February 2011 - 05:25 PM

Bandit12,

Glad to hear that things are running better!

Lets run a few additional scans to ensure everything is working as it should be.


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 bandit12

bandit12
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 01 March 2011 - 05:30 PM

Hi ST

Im not ignoring you but have only just had chance to start the ESET scanner and its up to 40%. I will leave it to run overnight and send the logs tomorrow.

Many thanks

Bandit12

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:57 AM

Posted 01 March 2011 - 06:41 PM

Thanks for keeping me updated. :)

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 bandit12

bandit12
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 02 March 2011 - 03:10 AM

Good morning ST

Here are the logs from the overnight runs:

ESET found a couple of threats:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=a031a181fae60c40a20be9c933397f95
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-02 12:20:28
# local_time=2011-03-02 12:20:28 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776574 100 100 24112659 136542874 0 0
# compatibility_mode=8192 67108863 100 0 4096 4096 0 0
# scanned=174912
# found=2
# cleaned=0
# scan_time=15082
C:\Users\Home\Documents\Pauls Files\Mapping\MapSetToolKit.exe probably a variant of Win32/Adware.Virtumonde.ESWJCFU application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Home\My Documents\Pauls Files\Mapping\MapSetToolKit.exe probably a variant of Win32/Adware.Virtumonde.ESWJCFU application (unable to clean) 00000000000000000000000000000000 I


And here is the Checklist:


Results of screen317's Security Check version 0.99.9
Windows Vista Service Pack 1 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner (remove only)
Java™ 6 Update 18
Out of date Java installed!
Adobe Flash Player 10.2.152.26
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
ESET ESET Online Scanner OnlineScannerApp.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````

Many thanks

Bandit12

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:57 AM

Posted 02 March 2011 - 09:41 AM

bandit12,

Good Morning! Hope your day has started off well! :)

Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: ‘Unprecedented Wave of Java Exploitation’
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Your computer is currently running with an outdated Service Pack installed. This is not something that I recommend you continue to do. Please visit this link here: http://support.microsoft.com/kb/935791#Method2 for information on how to obtain the latest Service Pack for Vista. The latest service pack for Vista is currently Service Pack 2.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 bandit12

bandit12
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 02 March 2011 - 06:28 PM

Hi ST

All updated and the OTL log is as follows:


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Home\Downloads\cmd.bat deleted successfully.
C:\Users\Home\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Home
->Temp folder emptied: 2471734 bytes
->Temporary Internet Files folder emptied: 107928 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 60225552 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 910 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2813426 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 38964869 bytes

Total Files Cleaned = 100.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Home
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.2 log created on 03022011_231921

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\logishrd\LVPrcInj01.dll not found!

Registry entries deleted on Reboot...

Im also going to attempt the SP2 upgrade now.

Kind regards

Bandit12

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:57 AM

Posted 02 March 2011 - 09:21 PM

:thumbsup:

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 bandit12

bandit12
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 03 March 2011 - 03:36 PM

Does that mean we are done ST?

If so, many thanks for all your help.

Regards

Bandit12

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:57 AM

Posted 03 March 2011 - 04:51 PM

Were you able to install Service Pack 2 for Vista?

If so, please run a new OTL scan, so that I can be sure everything is looking good.

We are almost done, and if all looks good with your OTL log, then we will clean-up our tools in my next post.


OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following bolded text into the Posted Image textbox.


    netsvcs
    drivers32
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 bandit12

bandit12
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 04 March 2011 - 07:24 AM

Hi ST

SP2 installed fine.

Here is the OTL log for you:

OTL logfile created on: 04/03/2011 12:14:51 - Run 2
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Home\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 22.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.45 Gb Total Space | 75.98 Gb Free Space | 55.68% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.85 Gb Free Space | 58.51% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/28 20:18:01 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Downloads\OTL.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/12 17:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 17:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2009/05/19 16:11:52 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/24 02:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/09/02 12:42:04 | 008,203,352 | ---- | M] (GARMIN Corp.) -- C:\Garmin\ANT Agent\ANT Agent.exe
PRC - [2008/05/04 09:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 09:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 09:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/04 09:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/02/05 18:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/02/05 18:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/11/12 11:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/11/12 11:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 11:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/10/05 14:30:34 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldocoms.exe
PRC - [2007/03/21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 12:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2011/02/28 20:18:01 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Downloads\OTL.exe
MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2008/02/05 18:20:30 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\Temp\logishrd\LVPrcInj01.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010/02/05 04:16:20 | 000,419,224 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Windows\System32\HFGService.dll -- (HFGService)
SRV - [2009/11/13 11:31:14 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/01/18 13:42:04 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/02/27 16:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Disabled | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/02/05 18:22:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/02/05 18:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/02/05 18:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 11:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 11:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/10/05 14:30:34 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldocoms.exe -- (dldo_device)
SRV - [2007/03/21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/03/03 00:20:14 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85D4EC80-2152-4FC1-B377-0C19D56AFD9C}\MpKsl3f2743bc.sys -- (MpKsl3f2743bc)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/07/14 12:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/02/05 04:16:10 | 000,066,952 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthav.sys -- (csr_a2dp)
DRV - [2010/02/05 04:16:08 | 000,048,024 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAudioHF.sys -- (BthAudioHF)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/04 09:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 07:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/02/06 02:21:37 | 004,658,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2008/02/06 02:21:25 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/02/06 02:20:40 | 000,628,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/02/05 18:20:08 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/05 18:18:12 | 000,689,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2008/01/21 02:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/11/12 11:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/06 16:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 16:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 16:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/09/06 14:53:12 | 000,014,848 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DSI_SiUSBXp_3_1.sys -- (DSI_SiUSBXp_3_1)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/08/05 00:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/11/14 17:30:10 | 000,209,664 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2005/11/14 17:29:58 | 000,017,152 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


[2009/09/18 07:00:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions
[2008/12/08 20:39:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/07/09 13:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\so1ytfyj.default\extensions
[2009/09/19 08:41:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\so1ytfyj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/09 13:18:53 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\so1ytfyj.default\extensions\firefox@tvunetworks.com
[2010/08/13 22:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/03/02 23:19:26 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [ANT Agent] C:\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: garmin.com ([buy] http in Trusted sites)
O15 - HKCU\..Trusted Domains: garmin.com ([buy] https in Trusted sites)
O15 - HKCU\..Trusted Domains: garmin.com ([connect] http in Trusted sites)
O15 - HKCU\..Trusted Domains: garmin.com ([connect] https in Trusted sites)
O15 - HKCU\..Trusted Domains: garmin.com ([mygarmin] http in Trusted sites)
O15 - HKCU\..Trusted Domains: garmin.com ([mygarmin] https in Trusted sites)
O15 - HKCU\..Trusted Domains: live.com ([cid-3483bccb32b36b8a.office] https in Trusted sites)
O16 - DPF: {06305358-99CE-4C47-B59C-939B76856C2B} http://download.microsoft.com/download/5/B/5/5B5610B8-BBAB-45CF-B61A-DD29147ED3E3/pmupd806.exe (Reg Error: Key error.)
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab (TraderMediaImgX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} http://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader4.cab (Bonusprint Image Uploader Version 4.5 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\Windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/03 00:12:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/03/03 00:12:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/03/03 00:12:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/03/02 23:31:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/03/02 23:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/02 03:30:37 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/03/02 03:07:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/03/01 20:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/02/28 21:14:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/28 19:53:00 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/02/28 08:22:37 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Safe mirror
[2011/02/28 08:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 10
[2011/02/28 08:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2011/02/27 23:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/02/27 09:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\iGfBiFm06300
[2011/02/07 21:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPSBabel
[2011/02/07 21:07:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TCX Converter
[2011/02/07 21:07:10 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\TCXConverter
[2011/02/07 21:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\TCX Converter
[2011/02/02 22:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/02/02 22:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/02 22:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/02/02 22:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/02/02 22:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2007/10/05 14:30:36 | 000,320,752 | ---- | C] ( ) -- C:\Windows\System32\dldoih.exe
[2007/10/05 14:30:34 | 000,595,184 | ---- | C] ( ) -- C:\Windows\System32\dldocoms.exe
[2007/10/05 14:30:32 | 000,365,808 | ---- | C] ( ) -- C:\Windows\System32\dldocfg.exe
[2007/09/10 19:50:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dldopmui.dll
[2007/09/10 19:46:54 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\dldoserv.dll
[2007/09/10 19:43:34 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldolmpm.dll
[2007/09/10 19:43:26 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldoiesc.dll
[2007/09/10 19:43:08 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldocomm.dll
[2007/09/10 19:41:48 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldohbn3.dll
[2007/09/10 19:41:10 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\dldousb1.dll
[2007/09/10 19:40:22 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldocomc.dll
[2007/09/10 19:38:56 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldoprox.dll
[2007/09/10 19:36:26 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\dldoinpa.dll

========== Files - Modified Within 30 Days ==========

[2011/03/04 12:20:12 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2757821832-2422088274-1203774175-1000UA.job
[2011/03/04 12:12:49 | 000,000,492 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/03/04 12:12:46 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/04 12:12:46 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/04 12:12:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/04 03:01:26 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A416C7D2-A221-4AD9-8F9C-5734B5D8918F}.job
[2011/03/04 03:00:21 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/04 03:00:21 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/03 20:44:01 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2757821832-2422088274-1203774175-1000Core.job
[2011/03/03 20:40:58 | 000,614,200 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/03 20:40:58 | 000,110,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/03 00:18:40 | 001,719,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/03 00:15:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/03/02 23:19:26 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/02/28 19:43:31 | 001,257,772 | ---- | M] () -- C:\Users\Home\Desktop\tdsskiller.zip
[2011/02/28 18:58:09 | 000,000,000 | ---- | M] () -- C:\Users\Home\defogger_reenable
[2011/02/28 12:58:56 | 000,288,107 | ---- | M] () -- C:\Users\Home\Desktop\gmer.zip
[2011/02/28 12:58:27 | 000,001,907 | ---- | M] () -- C:\Users\Home\Desktop\Attach.zip
[2011/02/28 12:52:51 | 000,000,151 | ---- | M] () -- C:\Users\Home\Desktop\Defogger.url
[2011/02/28 08:34:47 | 000,069,632 | ---- | M] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/27 23:57:01 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/02/27 23:24:28 | 000,006,648 | ---- | M] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2011/02/27 22:25:11 | 215,132,542 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/27 22:21:52 | 000,002,497 | ---- | M] () -- C:\Users\Public\Desktop\SatSYNC.lnk
[2011/02/14 16:03:58 | 000,148,934 | ---- | M] () -- C:\temp.fit
[2011/02/07 21:07:15 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\TCX Converter.lnk
[2011/02/02 22:09:57 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/03/03 00:23:25 | 000,000,917 | ---- | C] () -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/03/02 23:16:55 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/03/02 03:02:25 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/03/02 03:02:25 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/03/02 03:02:25 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/03/01 20:42:48 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/03/01 20:42:44 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011/03/01 20:42:25 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011/03/01 20:42:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/03/01 20:42:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/01 20:42:15 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011/03/01 20:42:06 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011/03/01 20:41:34 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011/03/01 20:41:30 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011/03/01 20:39:37 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011/03/01 20:39:13 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011/02/28 19:43:35 | 001,257,772 | ---- | C] () -- C:\Users\Home\Desktop\tdsskiller.zip
[2011/02/28 18:58:09 | 000,000,000 | ---- | C] () -- C:\Users\Home\defogger_reenable
[2011/02/28 12:58:52 | 000,288,107 | ---- | C] () -- C:\Users\Home\Desktop\gmer.zip
[2011/02/28 12:58:27 | 000,001,907 | ---- | C] () -- C:\Users\Home\Desktop\Attach.zip
[2011/02/28 12:52:31 | 000,000,151 | ---- | C] () -- C:\Users\Home\Desktop\Defogger.url
[2011/02/27 23:57:01 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/02/27 23:53:53 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/02/12 12:16:21 | 000,148,934 | ---- | C] () -- C:\temp.fit
[2011/02/07 21:07:15 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\TCX Converter.lnk
[2011/02/02 22:09:57 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/03 11:22:42 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\DVDRipper_sysquict.dat
[2011/01/03 11:21:12 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/01/03 11:21:09 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/03 11:21:09 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/01/03 11:21:08 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/08/13 22:52:15 | 000,172,668 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/01/06 07:45:10 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
[2009/12/17 23:40:28 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/09/18 07:00:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/20 09:24:53 | 000,002,960 | ---- | C] () -- C:\ProgramData\dldo
[2009/04/24 06:43:33 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2008/12/29 19:34:06 | 000,038,973 | ---- | C] () -- C:\Users\Home\AppData\Roaming\Comma Separated Values (Windows).ADR
[2008/12/23 19:49:23 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/12/22 01:30:14 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/12/19 09:10:28 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/12/12 15:53:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/11/10 19:21:44 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008/11/06 16:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/10/14 08:09:04 | 000,069,632 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/02 08:38:54 | 000,000,926 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wklnhst.dat
[2008/09/02 08:38:09 | 000,006,648 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2008/09/01 17:29:18 | 000,003,890 | ---- | C] () -- C:\Users\Home\AppData\Roaming\mdb.bin
[2008/09/01 10:44:46 | 000,047,104 | ---- | C] () -- C:\Windows\System32\Wh2Robo.dll
[2008/08/19 19:51:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/12 05:57:19 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/08/12 05:57:19 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/08/12 05:57:19 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/08/12 05:57:19 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/08/12 05:57:19 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/08/12 05:57:16 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/08/11 21:22:37 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/08/11 21:22:37 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/02/05 18:20:08 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008/02/03 23:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/09/05 04:53:26 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldoinsr.dll
[2007/09/05 04:53:20 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldocur.dll
[2007/09/05 04:53:04 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldojswr.dll
[2007/09/05 04:52:04 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoinsb.dll
[2007/09/05 04:52:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldocub.dll
[2007/09/05 04:51:16 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoins.dll
[2007/09/05 04:51:16 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldocu.dll
[2007/09/05 04:50:36 | 000,503,808 | ---- | C] () -- C:\Windows\System32\dldoutil.dll
[2007/09/05 04:50:28 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldogrd.dll
[2007/08/03 18:08:52 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldocoin.dll
[2007/08/01 09:15:52 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldocfg.dll
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 001,719,648 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,614,200 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,110,516 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/01 06:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldovs.dll
[2005/09/16 15:39:26 | 000,040,960 | ---- | C] () -- C:\Windows\System32\bdadll.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/05/16 10:51:13 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\968 Series
[2010/03/22 21:57:49 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\AnvSoft
[2009/10/06 18:13:39 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/04/24 06:45:07 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Blackberry Desktop
[2010/07/26 17:00:03 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Canon
[2008/11/04 18:25:38 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\GARMIN
[2009/11/18 09:38:47 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\GrabPro
[2008/11/14 20:53:10 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\gtk-2.0
[2010/12/19 18:38:52 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\ICAClient
[2008/12/23 19:49:46 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Leadertech
[2008/11/19 17:13:55 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\MotionBased
[2008/12/19 09:27:10 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Nokia
[2009/11/18 09:49:32 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Orbit
[2008/12/29 22:53:10 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\PC Suite
[2011/02/07 20:39:57 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Quo2
[2009/04/24 06:43:29 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Research In Motion
[2011/01/03 15:47:23 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Satmap
[2011/02/27 09:00:23 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TCXConverter
[2008/09/02 08:39:02 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Template
[2008/12/08 20:39:42 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TomTom
[2009/12/02 10:10:57 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Xilisoft Corporation
[2011/03/03 00:15:06 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/03/04 03:01:26 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A416C7D2-A221-4AD9-8F9C-5734B5D8918F}.job

========== Purity Check ==========



========== Custom Scans ==========


< etsvcs >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-03 20:41:01

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:5F64C164

< End of report >

Many thanks

Bandit12




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users