Jump to content


Photo

Slow computer with errors


  • This topic is locked This topic is locked
22 replies to this topic

#1 userdan

userdan

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 09 March 2011 - 11:24 AM

Thanks for the help!

Over the last few months, my computer has started running more slowly, start up takes a lot longer, and I'm getting more errors. Skype often says there is not enough memory to complete a command. Sometimes dialog boxes in Microsoft Word 2007 won't have the buttons to click to close them, or the 'save' button on a dialog box. I've had 2 or 3 random restarts in the last 2 weeks, 1 BSOD.

So far I've upgraded skype, but still have the same problem.

Some programs don't run if I haven't restarted my computer in a few hours (Office Picture Manager and Windows Media Center are the only ones I can remember at the moment)

Fan always runs and never stops. It seems like the hard drive is spinning a lot more than it should. When the system seems sluggish, i check the CPU and it will be something like 20-30% (relatively low).

Everything I've done to scan for malware seems to come back clean.

From the FAQ, I've answered the questions below, and posted the relevant logs.

# Do you have popups? If so, where are they from? What do they say? Are they advertising a particular product?
Yes, I have one in firefox for a chinese website. It's a chinese cartoon type figure. and it only occurs sometimes, in some tabs. I just got one now as I was writing this. it links to: file1.chanet.com.cn/minisite/pingan/index.html?WT.mc_id=c03-CGW-235662#
I did not click it, I got the link from 'Copy Link Location' in firefox.

# Has your browser been hijacked? If so, to what URL?
No

# Does your antivirus detect an infected file? If so, what file, and what is the infection detected?
No.

# Is your system sluggish? Is there a particular process using a lot of the CPU? If so, what is it? Does your firewall give alerts about a process
try ing to access the internet? If so, what is it?
yes, sluggish, not a lot of CPU. Firewall does not say anything. Computer does feel hot, and I ran Core Temp - my temp is between 58-64C.

# Have you already tried certain steps to fix your problem? If so, what have you tried?
Basically, I tried some of the things in your FAQ, but nothing seemed to turn up.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5979

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

3/7/2011 2:41:45 PM
mbam-log-2011-03-07 (14-41-45).txt

Scan type: Quick scan
Objects scanned: 167358
Time elapsed: 11 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Danny at 1:10:05.24 on Thu 03/10/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3066.843 [GMT 8:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SugarSync\SugarSyncManager.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
c:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Users\Danny\Desktop\SecurityCheck.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Danny\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6081206
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6081206
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6081206
uInternet Settings,ProxyOverride = local;*.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.1852\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\danny\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ridgebizdevevents.webex.com/client/T27LB/event/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
DPF: {F5131C24-E56D-11CF-B78A-444553540000} - hxxps://wc.wachovia.com/common/cab/ikcntrls.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
LSA: Notification Packages = scecli DPPWDFLT
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\danny\appdata\roaming\mozilla\firefox\profiles\ps5s2v4a.default\
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\danny\appdata\roaming\mozilla\firefox\profiles\ps5s2v4a.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\danny\appdata\roaming\mozilla\firefox\profiles\ps5s2v4a.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdbplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\danny\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\danny\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\danny\appdata\roaming\mozilla\firefox\profiles\ps5s2v4a.default\extensions\{b1adf944-db57-4eaf-a44f-720aaaf427f9}\plugins\npww.dll
FF - plugin: c:\users\danny\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FlashVideo Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
FF - Ext: ww-plugin: {B1ADF944-DB57-4eaf-A44F-720AAAF427F9} - %profile%\extensions\{B1ADF944-DB57-4eaf-A44F-720AAAF427F9}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: UpdateScanner: {c07d1a49-9894-49ff-a594-38960ede8fb9} - %profile%\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-9 11608]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-9 61960]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-12-6 475136]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-3-8 62496]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-12-6 203264]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-6-26 3662848]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2010-10-13 54416]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2010-10-13 160272]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2010-10-13 160272]
S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\PTDUWFLT.sys [2010-10-13 11920]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2010-10-13 113680]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
.
=============== Created Last 30 ================
.
2011-03-09 16:57:37 -------- d-----w- c:\program files\AutocompletePro
2011-03-09 16:57:36 -------- d-----w- c:\program files\Core Temp
2011-03-08 18:22:15 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b40000ea-54f8-454e-a0ed-d89500800ff2}\mpengine.dll
2011-03-07 16:37:25 -------- d-----w- c:\program files\iPod
2011-03-07 06:27:10 -------- d-----w- c:\users\danny\appdata\roaming\Malwarebytes
2011-03-07 06:26:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-07 06:26:43 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-07 06:26:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-07 06:26:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-18 08:36:58 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 08:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-09 04:40:40 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 04:40:35 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 04:40:33 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 04:40:32 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
.
==================== Find3M ====================
.
2011-02-02 09:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
============= FINISH: 1:12:47.56 ===============




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:42:00 AM, on 3/10/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SugarSync\SugarSyncManager.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Users\Danny\Downloads\HijackThis.exe
C:\Windows\System32\mobsync.exe
c:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Danny\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SugarSync] "C:\Program Files\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ridgebizdeve...nt/ieatgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - http://dl.pplive.com/PluginSetup.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - https://wc.wachovia....ab/ikcntrls.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 11127 bytes


Results of screen317's Security Check version 0.99.9
Windows Vista Service Pack 2 (UAC is disabled!)
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner (remove only)
Java™ 6 Update 17
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.2.152.26
Adobe Reader 9
Chinese Simplified Fonts Support For Adobe Reader 9
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Windows Defender MSASCui.exe
``````````End of Log````````````

EDIT: To disable potential malware link... Please do not post active potential malware links in the forum, we have enough people getting infected already without helping the criminals to infect more... Thank you...

Edited by Budfred, 09 March 2011 - 09:43 PM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 11 March 2011 - 11:48 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#3 lance_yien

lance_yien

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 2,442 posts

Posted 13 March 2011 - 11:50 AM

Hello userdan and welcome to SWI.

I'm lance_yien and will be helping you.

 Very Important!

:excl: >>> Please do immediately:
  • Make sure you have read the forum FAQ.
  • In the upper right hand corner of the topic you will see a button called "Watch this topic", by clicking on this => "Immediate E-Mail notification" => "Proceed" you will be advised when we respond to your topic and facilitate the cleaning of your machine.
:excl: >>> During this cleanup, please DO NOT run, install and/or uninstall any tools/ programs other than those I suggest to you because some programs can interfere with others and/ or can cause some problems to your system.

:excl: >>> When you receive new instructions,
  • Please Read the whole message.
  • All our tools must be launched from the Desktop (unless otherwise specified). Please make sure to save them to your Desktop and check before running each program.
    To move a tool to your Desktop, right-click on it => "Cut". Right-click on your Desktop => "Paste".
  • Please disable ALL your protection programs (antiVirus, firewall and antiSpyware), they may otherwise interfere with our tools. If you don't know how to do, please see here and/or here.
  • Please perform all steps in the received order and DO NOT proceed if you need clarification.
  • Please DO NOT re-run any program I suggest. If you encounter problems please stop and tell me about it.
  • After posting your reply, please re-enable your antivirus and firewall programs.
:excl: >>> When replying,
  • Please use the Add Reply button Posted Image. I do not need to see my previous instructions. Thank you!
  • Please copy and paste your logs into your post unless specifically asked to attach one:
    - Click "Edition" => "Select all".
    - Click "Edition" => "Copy".
    In your next reply, right-click => "Paste".
 

>>> Optional removals: I recommend you uninstall
  • AutocompleteProis a potentially unwanted adware program designed to deliver various advertisements to the users' systems. Please see here.
  • Vuze_Remote and ConduitEngine because they modifie the default IE URL search hook and seem to have a certain trackware functionality.

Please print out these instructions or copy them to a Notepad file for an easier reading and download to your Desktop:

>>> Run ComboFix: Please familiarize yourself with ComboFix here before running it. I recommend you print out the information from this page or copy them to a Notepad file as well.
Ensure you have disabled all anti virus and anti malware programs and run ComboFix.
To know how to disable your protection programs (antivirus, firewall and antispyware), please see here and/or here.
Notes:
  • Please, DO NOT click ComboFix's window while it is running. This may cause it to hang.
  • The log is saved as ComboFix.txt at the root of the Systemdrive (typically C:\ComboFix.txt)

>>> Run OTL: Please insert all your removable drives/pendrives/memory cards... Close all windows and double-click OTL.exe (for Vista/ Windows7, right-click on it => "Run as Administrator").
In the "Custom Scans/Fixes" window (under the light green bar) paste the following (starting with netsvcs):

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
SAVEMBR:0

Click the Run Scan button and let the program run uninterrupted.
When the scan completes, it will open two Notepad windows - OTL.Txt (opened) and Extras.Txt (minimised). These are saved in the same location as OTL.
Please copy and paste the contents of these files in your next reply (one at a time).


In your next reply, please include the following (you may need to use two posts to get it all in):
  • ComboFix.txt
  • OTL.txt
  • Extras.txt

EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#4 userdan

userdan

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 14 March 2011 - 09:24 AM

Thanks for the help! As of this afternoon, I was still getting the same low memory errors from Skype and Excel 2007.

1. I uninstalled the programs you suggested. AutocompletePro and Vuze Remote. I didn't see a 'Conduit Engine' so I didn't uninstall that.

2. Ran ComboFix. It restarted my computer, but then when it the machine restarted, it stopped at the screen to select my user account, and it wasn't moving from that screen, so i clicked my user name, and then it continued to run. Other than that everything went according to the user guide.

3. Pasted commands into OTL and ran it as well. Logs are below.

a. Combofix log
b. OTL log
c. Extras log

Thanks again!

ComboFix 11-03-12.01 - Danny 03/14/2011 21:41:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3066.2060 [GMT 8:00]
Running from: c:\users\Danny\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Danny\AppData\Roaming\.#
c:\users\Danny\AppData\Roaming\.#\MBX@11FC@1C82950.###
c:\users\Danny\AppData\Roaming\.#\MBX@11FC@1C82980.###
c:\users\Danny\AppData\Roaming\.#\MBX@11FC@1C829B0.###
c:\users\Danny\AppData\Roaming\.#\MBX@12CC@1BE2950.###
c:\users\Danny\AppData\Roaming\.#\MBX@12CC@1BE2980.###
c:\users\Danny\AppData\Roaming\.#\MBX@12CC@1BE29B0.###
c:\users\Danny\AppData\Roaming\.#\MBX@148C@1BC2950.###
c:\users\Danny\AppData\Roaming\.#\MBX@148C@1BC2980.###
c:\users\Danny\AppData\Roaming\.#\MBX@148C@1BC29B0.###
c:\users\Danny\g2mdlhlpx.exe
c:\windows\Downloaded Program Files\Install.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-02-14 to 2011-03-14 )))))))))))))))))))))))))))))))
.
.
2011-03-14 13:51 . 2011-03-14 13:51 -------- d-----w- c:\users\test\AppData\Local\temp
2011-03-14 13:51 . 2011-03-14 13:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-11 19:01 . 2011-03-11 19:01 -------- d-----w- c:\program files\MSXML 4.0
2011-03-11 08:14 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{800276AA-92B0-44D7-B912-77FC46D9199E}\mpengine.dll
2011-03-11 07:34 . 2011-03-11 07:35 -------- d-----w- C:\HPFixScan
2011-03-11 05:17 . 2011-03-11 05:17 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-03-11 05:17 . 2011-03-11 05:17 -------- d-----w- c:\program files\HP
2011-03-11 05:17 . 2011-03-11 05:17 -------- d-----w- c:\program files\Hewlett-Packard
2011-03-11 05:16 . 2011-03-11 05:16 -------- d-----w- c:\programdata\HP
2011-03-11 05:15 . 2007-01-25 05:24 286208 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp4wm.DLL
2011-03-09 16:57 . 2011-03-09 16:57 -------- d-----w- c:\program files\Core Temp
2011-03-09 02:31 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 02:31 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 02:30 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 02:30 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 02:30 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 02:30 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-07 16:37 . 2011-03-07 16:37 -------- d-----w- c:\program files\iPod
2011-03-07 06:51 . 2007-03-28 23:36 327680 ----a-w- c:\windows\system32\HPPEPR01.DLL
2011-03-07 06:51 . 2007-03-22 00:54 229376 ----a-w- c:\windows\system32\HPPCPR01.DLL
2011-03-07 06:27 . 2011-03-07 06:27 -------- d-----w- c:\users\Danny\AppData\Roaming\Malwarebytes
2011-03-07 06:26 . 2010-12-20 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-07 06:26 . 2011-03-07 06:26 -------- d-----w- c:\programdata\Malwarebytes
2011-03-07 06:26 . 2011-03-07 06:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-07 06:26 . 2010-12-20 10:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-28 00:16 . 2011-02-28 00:16 -------- d-----w- c:\program files\Common Files\Skype
2011-02-18 08:36 . 2011-02-18 08:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 08:36 . 2011-02-18 08:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 09:11 . 2009-10-03 15:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 04:39 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 04:39 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 04:39 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 04:39 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 04:39 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 04:39 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 04:39 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 04:39 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 04:39 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 04:39 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 04:39 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 04:39 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 04:39 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 04:39 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 04:39 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 04:39 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 04:39 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 04:39 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-09 04:39 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 04:39 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 04:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 04:39 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 04:39 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 04:39 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 04:39 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 04:39 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-09 04:39 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-09 04:39 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47 . 2011-02-09 04:36 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 04:36 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 04:40 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 00:10 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27 . 2011-02-09 04:36 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22 . 2011-02-09 04:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22 . 2011-02-09 04:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22 . 2011-02-09 04:36 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 06:22 . 2011-02-09 04:36 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 05:25 . 2011-02-09 04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48 . 2011-02-09 04:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47 . 2011-02-09 04:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 14:49 . 2011-01-12 00:10 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-02-09 23:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-02-09 23:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-02-09 23:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-02-09 23:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\Danny\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-02-23 133104]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2011-02-09 15622144]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
.
c:\users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
hpzrcv01.LNK - c:\program files\HP\Temp\{B94428F6-E93C-4d1d-8580-46D70FA07A9D}\setup\hpzstub.exe [N/A]
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2009-3-6 286720]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-10 1616976]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-06 11:51 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2008-02-19 16:43 438403 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 03:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-02-23 17:05 133104 ----atw- c:\users\Danny\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [2009-11-20 55016]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [2009-08-12 54416]
R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys [2009-08-12 160272]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys [2009-08-12 160272]
R3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDUWFLT.sys [2009-08-12 11920]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [2009-08-12 113680]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-05-25 32408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [2008-07-17 73728]
R4 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-05-05 1168632]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-07-03 475136]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-03-08 62496]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-05-29 203264]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-06-25 3662848]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-05 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-14 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-12-30 08:19]
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4067689513-3574174650-1019183710-1000Core.job
- c:\users\Danny\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-23 17:05]
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4067689513-3574174650-1019183710-1000UA.job
- c:\users\Danny\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-23 17:05]
.
2011-03-07 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2011-01-11 10:08]
.
2011-03-14 c:\windows\Tasks\User_Feed_Synchronization-{B0F88C18-069F-46D2-9F2C-71A6DD0026B7}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6081206
uInternet Settings,ProxyOverride = local;*.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
FF - ProfilePath - c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FlashVideo Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
FF - Ext: ww-plugin: {B1ADF944-DB57-4eaf-A44F-720AAAF427F9} - %profile%\extensions\{B1ADF944-DB57-4eaf-A44F-720AAAF427F9}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: UpdateScanner: {c07d1a49-9894-49ff-a594-38960ede8fb9} - %profile%\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
MSConfigStartUp-iKu - c:\program files\YouKu\iKu\iKu.exe
MSConfigStartUp-PPAP - c:\programdata\PPLiveVA\Application\PPAP.exe
MSConfigStartUp-PPLive - c:\program files\PPLive\PPLive.exe
MSConfigStartUp-PPLiveVA - c:\program files\PPLiveVA\PPLiveVA.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,44,f3,dc,5e,ec,22,4c,a9,6a,9d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,44,f3,dc,5e,ec,22,4c,a9,6a,9d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\ehome\ehmsas.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2011-03-14 22:19:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-14 14:18
.
Pre-Run: 36,726,415,360 bytes free
Post-Run: 37,191,618,560 bytes free
.
- - End Of File - - 53981DDAB85E0D17A4C460E8B0192327

OTL logfile created on: 3/14/2011 10:33:13 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Danny\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.98 Gb Total Space | 34.48 Gb Free Space | 11.97% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.83 Gb Free Space | 48.29% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1737.33 Gb Free Space | 93.25% Space Free | Partition Type: NTFS

Computer Name: DANNY-STUDIO | User Name: Danny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/14 18:14:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe
PRC - [2011/03/06 00:46:31 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/10 07:45:26 | 015,622,144 | ---- | M] (SugarSync, Inc.) -- C:\Program Files\SugarSync\SugarSyncManager.exe
PRC - [2010/12/16 16:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/09/17 04:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/06/11 18:14:24 | 001,280,344 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360tray.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 14:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 14:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/08/05 20:16:40 | 000,286,720 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
PRC - [2008/07/17 20:00:36 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/07/17 20:00:18 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/07/17 20:00:16 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/07/10 04:31:46 | 001,616,976 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe


========== Modules (SafeList) ==========

MOD - [2011/03/14 18:14:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe
MOD - [2010/08/31 23:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/16 05:43:48 | 000,036,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/11/21 01:13:56 | 000,055,016 | ---- | M] (Xobni Corporation) [Auto | Stopped] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2008/12/06 19:51:30 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/12/06 19:28:28 | 000,072,704 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/09/24 12:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Disabled | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/17 18:22:56 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\AEstSrv.exe -- (AESTFilters)
SRV - [2008/06/10 02:47:36 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Disabled | Stopped] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008/05/06 07:46:38 | 001,168,632 | ---- | M] (AuthenTec, Inc.) [Disabled | Stopped] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/08/16 05:44:10 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/08 10:02:58 | 000,062,496 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2009/08/12 19:13:32 | 000,160,272 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2009/08/12 19:13:32 | 000,113,680 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2009/08/12 19:13:32 | 000,054,416 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2009/08/12 19:13:28 | 000,160,272 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2009/08/12 19:13:28 | 000,011,920 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUWFLT.sys -- (PTDUWFLT)
DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/03/08 17:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 07:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/04 11:34:34 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/07/18 18:27:48 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/07/18 18:27:48 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/07/17 20:00:14 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/07/17 18:23:06 | 000,379,904 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/07/03 17:05:52 | 000,475,136 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/07/03 16:58:26 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/03 16:58:24 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/07/03 16:58:22 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/26 06:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/05/29 19:03:34 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/04/05 05:20:37 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=6081206
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 10:33:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/06 00:46:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/14 17:34:16 | 000,000,000 | ---D | M]

[2009/02/10 09:47:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Extensions
[2009/02/10 09:47:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2011/03/14 18:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions
[2010/02/17 13:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2009/08/06 13:38:34 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/09/02 09:52:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/03 00:15:38 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/01/28 15:20:15 | 000,000,000 | ---D | M] (ww-plugin) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\{B1ADF944-DB57-4eaf-A44F-720AAAF427F9}
[2010/04/25 20:04:59 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/02/11 22:55:27 | 000,000,000 | ---D | M] (Update Scanner) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}
[2009/12/29 14:10:38 | 000,000,000 | ---D | M] (Flash Video Downloader) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\artur.dubovoy@gmail.com
[2009/08/06 13:38:44 | 000,000,000 | ---D | M] (FoxyProxy) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\foxyproxy@eric.h.jung
[2009/08/06 13:38:15 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\piclens@cooliris.com
[2009/08/06 13:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\piclens@cooliris.com-trash
[2011/02/14 15:23:53 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\smarterwiki@wikiatic.com
[2011/03/10 21:12:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/06 12:09:50 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/16 00:56:00 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2010/08/31 09:46:27 | 002,179,072 | ---- | M] (DNAML Pty Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npdbplug.dll

O1 HOSTS File: ([2011/03/14 22:04:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ridgebizdeve...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://dl.pplive.com/PluginSetup.cab (Reg Error: Key error.)
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} https://wc.wachovia....ab/ikcntrls.cab (Ikonic Menu Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.99.166.4 202.99.160.68
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Danny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Danny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011/03/14 22:19:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/14 22:19:37 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Local\temp
[2011/03/14 22:04:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/14 21:35:14 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/14 21:35:14 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/14 21:35:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/14 21:35:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/14 21:34:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/14 21:34:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/14 18:13:38 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe
[2011/03/12 03:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/03/11 15:34:59 | 000,000,000 | ---D | C] -- C:\HPFixScan
[2011/03/11 13:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/03/11 13:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/03/11 13:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/03/11 13:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/03/10 00:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2011/03/10 00:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2011/03/09 10:31:01 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 10:31:00 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 10:30:59 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/09 10:30:59 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/08 00:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/03/08 00:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/07 14:51:32 | 000,327,680 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\HPPEPR01.DLL
[2011/03/07 14:27:10 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Roaming\Malwarebytes
[2011/03/07 14:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/07 14:26:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/07 14:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/07 14:26:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/07 14:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/28 08:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/02/18 16:36:58 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll

========== Files - Modified Within 30 Days ==========

[2011/03/14 22:37:45 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/03/14 22:36:22 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B0F88C18-069F-46D2-9F2C-71A6DD0026B7}.job
[2011/03/14 22:35:11 | 000,643,046 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/14 22:35:11 | 000,119,206 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/14 22:17:05 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4067689513-3574174650-1019183710-1000UA.job
[2011/03/14 22:04:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/14 22:04:09 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/03/14 21:56:27 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/14 21:56:27 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/14 21:56:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/14 21:56:11 | 3213,766,656 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/14 21:29:32 | 000,003,360 | ---- | M] () -- C:\Users\Danny\Documents\names.csv
[2011/03/14 18:17:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4067689513-3574174650-1019183710-1000Core.job
[2011/03/14 18:14:26 | 004,286,145 | R--- | M] () -- C:\Users\Danny\Desktop\ComboFix.exe
[2011/03/14 18:14:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe
[2011/03/14 17:34:16 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/11 16:13:18 | 000,206,336 | ---- | M] () -- C:\Users\Danny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/11 13:20:28 | 000,109,852 | ---- | M] () -- C:\Windows\hppins02.dat
[2011/03/11 13:20:03 | 000,001,193 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpzrcv01.LNK
[2011/03/08 00:38:44 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/07 14:08:08 | 000,879,069 | ---- | M] () -- C:\Users\Danny\Desktop\SecurityCheck.exe
[2011/03/07 14:06:56 | 000,625,664 | ---- | M] () -- C:\Users\Danny\Desktop\dds.scr
[2011/03/07 11:14:00 | 001,513,039 | ---- | M] () -- C:\Users\Danny\Documents\ATT00309.wmv
[2011/02/18 16:36:58 | 004,184,352 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll

========== Files Created - No Company Name ==========

[2011/03/14 22:37:45 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/03/14 21:35:14 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/14 21:35:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/14 21:35:14 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/14 21:35:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/14 21:35:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/14 20:25:21 | 000,003,360 | ---- | C] () -- C:\Users\Danny\Documents\names.csv
[2011/03/14 18:13:25 | 004,286,145 | R--- | C] () -- C:\Users\Danny\Desktop\ComboFix.exe
[2011/03/14 17:34:16 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/14 17:34:16 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/03/11 13:20:03 | 000,001,193 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpzrcv01.LNK
[2011/03/11 13:16:19 | 000,109,852 | ---- | C

#5 userdan

userdan

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 14 March 2011 - 09:05 PM

I got an e-mail saying you replied, but I don't see any reply above?

Did I miss something?

EDIT: Sorry, I was looking at the wrong e-mail. Nevermind.

Edited by userdan, 14 March 2011 - 09:19 PM.


#6 lance_yien

lance_yien

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 2,442 posts

Posted 15 March 2011 - 07:00 AM

>>> IObit Security 360 is a rogue security program from IObit.com.
Some of their programs are known to cause system problems. Please read IOBit Steals Malwarebytes’ Intellectual Property and IOBit’s Denial of Theft Unconvincing.
I recommend you go to "Start" => "Control Panel" => "Add or Remove Programs" and remove any program from IObit.com.
To remove every last trace of the entries of IObit programs left behind please download BitRemover to your Desktop from here and run it.


>>> Run OTL and paste the following (starting with :OTL) in the "Custom Scans/Fixes" window:

:OTL
[2009/02/10 09:47:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Extensions
[2009/02/10 09:47:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2011/03/14 18:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions
[2010/02/17 13:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2010/01/28 15:20:15 | 000,000,000 | ---D | M] (ww-plugin) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\{B1ADF944-DB57-4eaf-A44F-720AAAF427F9}
[2010/04/25 20:04:59 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2009/08/06 13:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\piclens@cooliris.com-trash
[2011/03/10 21:12:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:Services

:Reg

:Files
C:\WINDOWS\tasks\*.job
C:\*.sqm

:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]

Click the red Run Fix button.
A fix log in Notepad will appear. Copy and paste its contents in your next reply.
Close OTL.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


>>> Very important: Any program out of date may contain some vulnerabilities exploited by hackers to infect your computer.
  • Your version of Java is out of date. I recommend you update to the newest Version:
    Please download to your Desktop the newest version from here or here.

    It's important that you uninstall older versions of Java. They can leave holes and vulnerabilities on your computer.

    Please, go to Start => Control Panel double-click on the Software icon => Add or Remove programs.
    Search in the list for all previous installed versions of Java (J2SE Runtime Environment.... ).
    They should have this icon next to them: Posted Image
    Select each in turn and click Remove.
    Now install the newest version.
  • Your version of Adobe Acrobat Reader is out of date too. Please uninstall this program and install the latest version from here (make sure to uncheck the install McAfee Security Scan option).

In your next reply, please include the following:
  • OTL.txt
Please let me know how the updates went and if you still have any problems (important to give you the next instructions)

EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#7 userdan

userdan

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 15 March 2011 - 08:09 AM

Ran into a problem.

I uninstalled the iobit programs you suggested, and ran bitremover.

Then I ran OTL. Pasted the comments you wrote, and then hit the red 'run fix' button.

It seemed to run through the commands until it got to [EMPTY TEMP].
I got an error message here that said "OTL has stopped working." I pressed 'close program.'
I did not do anything else. Now my computer has my desktop image on display only. No icons, no status bar, just the desktop image.

I'll leave it like that until I hear back from you. I'm using my wife's computer to write this message. The sooner I hear back the better since I'm not sure how long I can leave it there like that. I'll need to use it tomorrow.

Thanks!

#8 userdan

userdan

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 15 March 2011 - 10:30 PM

I left my computer on over night, but it shut off during the night sometime. I tried to turn it on this morning, and it starts loading up. Then it displays my desktop image, and just stays on the desktop image (no icons, no bar, but I can move the mouse around). The hard drive is spinning a lot, but there is no action on the screen. My computer is totally useless right now. Please help.

#9 lance_yien

lance_yien

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 2,442 posts

Posted 16 March 2011 - 01:37 AM

Hi,

Please reboot to Safe Mode and try to restore Windows Vista to a previous State (tap the F8 key continually, just before Windows starts to load and select the Safe Mode option from the menu).
Also, try the Safe Mode with Networking.
EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#10 userdan

userdan

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 16 March 2011 - 06:26 AM

Good news. I restarted the computer again after reading your post, and it booted successfully without safe mode. (That was the third restart).

There was also this report open after restarting:

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

the file name of the report is: 03153011_215650

#11 lance_yien

lance_yien

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 2,442 posts

Posted 16 March 2011 - 06:57 AM

How the updates went?
Do you still have any problems?
EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#12 userdan

userdan

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 17 March 2011 - 06:29 AM

So far things are looking good. I've updated Adobe Reader and Java as you suggested.

Here is the OTL Log.

I haven't had any chinese pop-ups for the last day, and I also haven't had any restarts or memory errors as before (yet).



OTL logfile created on: 3/14/2011 10:33:13 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Danny\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.98 Gb Total Space | 34.48 Gb Free Space | 11.97% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.83 Gb Free Space | 48.29% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1737.33 Gb Free Space | 93.25% Space Free | Partition Type: NTFS

Computer Name: DANNY-STUDIO | User Name: Danny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/14 18:14:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe
PRC - [2011/03/06 00:46:31 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/10 07:45:26 | 015,622,144 | ---- | M] (SugarSync, Inc.) -- C:\Program Files\SugarSync\SugarSyncManager.exe
PRC - [2010/12/16 16:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/09/17 04:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/06/11 18:14:24 | 001,280,344 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360tray.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 14:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 14:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/08/05 20:16:40 | 000,286,720 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
PRC - [2008/07/17 20:00:36 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/07/17 20:00:18 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/07/17 20:00:16 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/07/10 04:31:46 | 001,616,976 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe


========== Modules (SafeList) ==========

MOD - [2011/03/14 18:14:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe
MOD - [2010/08/31 23:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/16 05:43:48 | 000,036,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/11/21 01:13:56 | 000,055,016 | ---- | M] (Xobni Corporation) [Auto | Stopped] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2008/12/06 19:51:30 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/12/06 19:28:28 | 000,072,704 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/09/24 12:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Disabled | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/17 18:22:56 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\AEstSrv.exe -- (AESTFilters)
SRV - [2008/06/10 02:47:36 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Disabled | Stopped] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008/05/06 07:46:38 | 001,168,632 | ---- | M] (AuthenTec, Inc.) [Disabled | Stopped] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/08/16 05:44:10 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/08 10:02:58 | 000,062,496 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2009/08/12 19:13:32 | 000,160,272 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2009/08/12 19:13:32 | 000,113,680 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2009/08/12 19:13:32 | 000,054,416 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2009/08/12 19:13:28 | 000,160,272 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2009/08/12 19:13:28 | 000,011,920 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUWFLT.sys -- (PTDUWFLT)
DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/03/08 17:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 07:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/04 11:34:34 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/07/18 18:27:48 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/07/18 18:27:48 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/07/17 20:00:14 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/07/17 18:23:06 | 000,379,904 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/07/03 17:05:52 | 000,475,136 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/07/03 16:58:26 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/03 16:58:24 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/07/03 16:58:22 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/26 06:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/05/29 19:03:34 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/04/05 05:20:37 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=6081206
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 10:33:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/06 00:46:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/14 17:34:16 | 000,000,000 | ---D | M]

[2009/02/10 09:47:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Extensions
[2009/02/10 09:47:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2011/03/14 18:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions
[2010/02/17 13:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2009/08/06 13:38:34 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/09/02 09:52:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/03 00:15:38 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/01/28 15:20:15 | 000,000,000 | ---D | M] (ww-plugin) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\{B1ADF944-DB57-4eaf-A44F-720AAAF427F9}
[2010/04/25 20:04:59 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/02/11 22:55:27 | 000,000,000 | ---D | M] (Update Scanner) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}
[2009/12/29 14:10:38 | 000,000,000 | ---D | M] (Flash Video Downloader) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\artur.dubovoy@gmail.com
[2009/08/06 13:38:44 | 000,000,000 | ---D | M] (FoxyProxy) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\foxyproxy@eric.h.jung
[2009/08/06 13:38:15 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\piclens@cooliris.com
[2009/08/06 13:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\piclens@cooliris.com-trash
[2011/02/14 15:23:53 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions\smarterwiki@wikiatic.com
[2011/03/10 21:12:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/06 12:09:50 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/16 00:56:00 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2010/08/31 09:46:27 | 002,179,072 | ---- | M] (DNAML Pty Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npdbplug.dll

O1 HOSTS File: ([2011/03/14 22:04:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ridgebizdeve...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://dl.pplive.com/PluginSetup.cab (Reg Error: Key error.)
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} https://wc.wachovia....ab/ikcntrls.cab (Ikonic Menu Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.99.166.4 202.99.160.68
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Danny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Danny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011/03/14 22:19:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/14 22:19:37 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Local\temp
[2011/03/14 22:04:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/14 21:35:14 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/14 21:35:14 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/14 21:35:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/14 21:35:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/14 21:34:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/14 21:34:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/14 18:13:38 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe
[2011/03/12 03:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/03/11 15:34:59 | 000,000,000 | ---D | C] -- C:\HPFixScan
[2011/03/11 13:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/03/11 13:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/03/11 13:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/03/11 13:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/03/10 00:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2011/03/10 00:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2011/03/09 10:31:01 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 10:31:00 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 10:30:59 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/09 10:30:59 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/08 00:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/03/08 00:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/07 14:51:32 | 000,327,680 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\HPPEPR01.DLL
[2011/03/07 14:27:10 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Roaming\Malwarebytes
[2011/03/07 14:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/07 14:26:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/07 14:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/07 14:26:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/07 14:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/28 08:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/02/18 16:36:58 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll

========== Files - Modified Within 30 Days ==========

[2011/03/14 22:37:45 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/03/14 22:36:22 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B0F88C18-069F-46D2-9F2C-71A6DD0026B7}.job
[2011/03/14 22:35:11 | 000,643,046 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/14 22:35:11 | 000,119,206 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/14 22:17:05 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4067689513-3574174650-1019183710-1000UA.job
[2011/03/14 22:04:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/14 22:04:09 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/03/14 21:56:27 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/14 21:56:27 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/14 21:56:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/14 21:56:11 | 3213,766,656 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/14 21:29:32 | 000,003,360 | ---- | M] () -- C:\Users\Danny\Documents\names.csv
[2011/03/14 18:17:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4067689513-3574174650-1019183710-1000Core.job
[2011/03/14 18:14:26 | 004,286,145 | R--- | M] () -- C:\Users\Danny\Desktop\ComboFix.exe
[2011/03/14 18:14:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe
[2011/03/14 17:34:16 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/11 16:13:18 | 000,206,336 | ---- | M] () -- C:\Users\Danny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/11 13:20:28 | 000,109,852 | ---- | M] () -- C:\Windows\hppins02.dat
[2011/03/11 13:20:03 | 000,001,193 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpzrcv01.LNK
[2011/03/08 00:38:44 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/07 14:08:08 | 000,879,069 | ---- | M] () -- C:\Users\Danny\Desktop\SecurityCheck.exe
[2011/03/07 14:06:56 | 000,625,664 | ---- | M] () -- C:\Users\Danny\Desktop\dds.scr
[2011/03/07 11:14:00 | 001,513,039 | ---- | M] () -- C:\Users\Danny\Documents\ATT00309.wmv
[2011/02/18 16:36:58 | 004,184,352 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll

========== Files Created - No Company Name ==========

[2011/03/14 22:37:45 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/03/14 21:35:14 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/14 21:35:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/14 21:35:14 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/14 21:35:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/14 21:35:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/14 20:25:21 | 000,003,360 | ---- | C] () -- C:\Users\Danny\Documents\names.csv
[2011/03/14 18:13:25 | 004,286,145 | R--- | C] () -- C:\Users\Danny\Desktop\ComboFix.exe
[2011/03/14 17:34:16 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/14 17:34:16 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/03/11 13:20:03 | 000,001,193 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpzrcv01.LNK
[2011/03/11 13:16:19 | 000,109,852 | ---- | C] () -- C:\Windows\hppins02.dat
[2011/03/11 13:16:19 | 000,001,883 | ---- | C] () -- C:\Windows\hppmdl02.dat
[2011/03/08 00:38:44 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/07 14:51:32 | 000,229,376 | ---- | C] () -- C:\Windows\System32\HPPCPR01.DLL
[2011/03/07 14:51:31 | 000,000,630 | ---- | C] () -- C:\Windows\System32\HPPCPR01.DAT
[2011/03/07 14:08:04 | 000,879,069 | ---- | C] () -- C:\Users\Danny\Desktop\SecurityCheck.exe
[2011/03/07 14:06:39 | 000,625,664 | ---- | C] () -- C:\Users\Danny\Desktop\dds.scr
[2011/03/07 11:14:00 | 001,513,039 | ---- | C] () -- C:\Users\Danny\Documents\ATT00309.wmv
[2011/01/27 12:09:24 | 000,000,036 | ---- | C] () -- C:\Users\Danny\AppData\Local\housecall.guid.cache
[2010/09/20 22:25:32 | 000,000,816 | ---- | C] () -- C:\Windows\System32\ker.dll
[2010/08/31 09:46:29 | 000,245,840 | ---- | C] () -- C:\Windows\System32\DNLEng.dll
[2010/08/31 09:46:28 | 000,894,616 | ---- | C] () -- C:\Windows\dbplugin.exe
[2010/07/07 20:05:14 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/02/24 22:39:23 | 000,183,124 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/10/06 23:20:22 | 000,153,600 | ---- | C] () -- C:\Users\Danny\AppData\Roaming\SharedSettings.ccs
[2009/10/06 23:05:53 | 000,000,208 | ---- | C] () -- C:\Windows\System32\xpysys.dll
[2009/09/24 10:14:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 10:14:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/22 11:20:47 | 000,004,096 | -H-- | C] () -- C:\Users\Danny\AppData\Local\keyfile3.drm
[2009/01/30 23:12:27 | 000,000,947 | ---- | C] () -- C:\Users\Danny\AppData\Roaming\DataSafeDotNet.exe
[2009/01/14 00:31:01 | 000,009,322 | ---- | C] () -- C:\Users\Danny\AppData\Roaming\Comma Separated Values (DOS).EML
[2009/01/13 21:55:23 | 000,036,601 | ---- | C] () -- C:\Users\Danny\AppData\Roaming\Comma Separated Values (Windows).ADR
[2008/12/31 21:51:38 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/12/19 09:21:15 | 000,023,888 | ---- | C] () -- C:\Users\Danny\AppData\Roaming\UserTile.png
[2008/12/19 09:03:09 | 000,206,336 | ---- | C] () -- C:\Users\Danny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/18 18:21:42 | 000,007,512 | ---- | C] () -- C:\Users\Danny\AppData\Local\d3d9caps.dat
[2008/12/06 21:03:51 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/12/06 21:03:51 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/12/06 21:03:51 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/12/06 21:03:51 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/12/06 21:01:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/06 13:12:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/08/05 14:07:20 | 000,065,216 | ---- | C] () -- C:\Windows\System32\PDFreDirectMonNT.dll
[2006/11/02 20:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:47:37 | 000,400,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:33:01 | 000,643,046 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,119,206 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/09/23 20:14:42 | 001,099,264 | ---- | C] () -- C:\Windows\System32\cygxml2-2.dll
[2003/08/10 22:59:20 | 000,980,992 | ---- | C] () -- C:\Windows\System32\cygiconv-2.dll
[2003/08/09 08:28:16 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cygz.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/19 05:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 14:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/03/14 22:19:34 | 000,023,454 | ---- | M] () -- C:\ComboFix.txt
[2006/09/19 05:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/12/06 21:04:00 | 000,004,844 | RH-- | M] () -- C:\dell.sdr
[2011/03/14 21:56:11 | 3213,766,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/31 23:31:36 | 000,000,296 | ---- | M] () -- C:\Inbox.xnk
[2011/02/05 19:45:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/02/05 19:45:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/03/14 21:56:08 | 3529,445,376 | -HS- | M] () -- C:\pagefile.sys
[2011/03/14 22:37:45 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2008/12/06 19:46:23 | 000,000,174 | ---- | M] () -- C:\Setup.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/07/18 18:27:48 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009/03/08 19:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 19:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2010/12/18 14:22:10 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2009/04/11 14:28:25 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 11:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 11:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 11:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 18:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 18:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2011/01/21 00:37:37 | 000,638,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/18 16:36:58 | 000,041,984 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-12 19:07:30

========== Files - Unicode (All) ==========
[2010/02/11 21:57:10 | 000,015,360 | ---- | C] ()(C:\Users\Danny\Desktop\??? ???????????.xls) -- C:\Users\Danny\Desktop\报价单 单色轻盈纺普通电脑绗缝.xls
[2010/02/11 16:49:04 | 000,015,360 | ---- | M] ()(C:\Users\Danny\Desktop\??? ???????????.xls) -- C:\Users\Danny\Desktop\报价单 单色轻盈纺普通电脑绗缝.xls
[2010/02/11 15:23:51 | 025,031,168 | ---- | C] ()(C:\Users\Danny\Desktop\9?25???.xls) -- C:\Users\Danny\Desktop\9月25日报价.xls
[2010/02/11 15:22:11 | 025,031,168 | ---- | M] ()(C:\Users\Danny\Desktop\9?25???.xls) -- C:\Users\Danny\Desktop\9月25日报价.xls
[2010/01/05 10:24:30 | 000,050,176 | ---- | M] ()(C:\Users\Danny\Desktop\?? Microsoft Excel ??? pijian.xls) -- C:\Users\Danny\Desktop\新建 Microsoft Excel 工作表 pijian.xls
[2010/01/05 10:23:59 | 000,050,176 | ---- | C] ()(C:\Users\Danny\Desktop\?? Microsoft Excel ??? pijian.xls) -- C:\Users\Danny\Desktop\新建 Microsoft Excel 工作表 pijian.xls
[2009/11/26 13:57:29 | 000,027,136 | ---- | M] ()(C:\Users\Danny\Desktop\Copy of 2 26???(??).xls) -- C:\Users\Danny\Desktop\Copy of 2 26报价单(李静).xls
[2009/11/26 13:57:29 | 000,027,136 | ---- | C] ()(C:\Users\Danny\Desktop\Copy of 2 26???(??).xls) -- C:\Users\Danny\Desktop\Copy of 2 26报价单(李静).xls
[2009/11/17 09:17:23 | 000,305,152 | ---- | M] ()(C:\Users\Danny\Desktop\A230 ?? (2).xls) -- C:\Users\Danny\Desktop\A230 新款 (2).xls
[2009/11/17 09:17:22 | 000,305,152 | ---- | C] ()(C:\Users\Danny\Desktop\A230 ?? (2).xls) -- C:\Users\Danny\Desktop\A230 新款 (2).xls
[2009/11/11 17:15:33 | 000,027,648 | ---- | M] ()(C:\Users\Danny\Desktop\??077-079-???.xls) -- C:\Users\Danny\Desktop\账单077-079-朱先生.xls
[2009/11/11 17:15:33 | 000,027,648 | ---- | C] ()(C:\Users\Danny\Desktop\??077-079-???.xls) -- C:\Users\Danny\Desktop\账单077-079-朱先生.xls
[2009/06/16 15:31:04 | 000,427,008 | ---- | M] ()(C:\Users\Danny\Desktop\??????.xls) -- C:\Users\Danny\Desktop\四面裙子报价.xls
[2009/06/16 15:30:58 | 000,427,008 | ---- | C] ()(C:\Users\Danny\Desktop\??????.xls) -- C:\Users\Danny\Desktop\四面裙子报价.xls

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Users\Danny\AppData\Roaming\Comma Separated Values (DOS).EML:OECustomProperty

< End of report >

#13 lance_yien

lance_yien

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 2,442 posts

Posted 17 March 2011 - 08:14 AM

Hi userdan,

Good to know that all updates and the firewall install went successfully and your problems seem to have been fixed. :thumbup:

>>> Tools removal:
- Please remove ComboFix from your computer by going to Start => Run and type (or copy and paste) ComboFix /Uninstall in the runbox. Click OK (make sure to leave a space between ComboFix and /Uninstall).
It will remove all its files/ folders and reset your System Restore by flushing out previous restore points and creating a new clean restore point for you.
- Please run OTL and click on the CleanUp! button, wait a while, and click Yes to reboot.
- Also, please delete any remaining files/ folders from our tools (right-click => "Delete").


>>> Enable your UAC:
  • Click "Start" => "Control Panel". Click "User Accounts And Family Safety".
  • Click "User Accounts" => "Turn User Account Control On Or Off".
  • Check the "Use User Account Control (UAC) To Help Protect Your Computer" checkbox and click OK.
  • When prompted, restart your computer.

>>> Protect your computer:
  • Enable Automatic Updates for your Windows under Start => Control Panel => Automatic Updates. These updates address known issues and will strengthen your protection against known security threats. Without these updates I can almost guarantee that you will get infected again.
  • Make sure your programs are up to date - because older versions may contain Security Leaks.
    To find out what programs need to be updated, please run the Secunia Software Inspector Scan.
  • Use:
    - Autorun Protector to prevent your PC from being infected with autorun worms and also protecting your removable devices from being infected from other sources.
    Make sure to insert all your removable drives/pendrives/memory cards, etc before running the tool.
    - SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware. A tutorial on using SpywareBlaster may be found here.
  • Nowadays, most malware is developed only to steal personal information and/or various passwords. I recommend you change all your passwords - make sure you create strong passwords and use a different password for every site (you can keep them in KeePass).
  • Back up your Registry with ERUNT. It can help you especially if the System Restore is disabled by malware or corrupted for some reasons.
  • Please, note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here: http://www.spywarewa...nti-spyware.htm

>>> Recommended reading:

Hopefully this should take care of your problems!

Safe surfing! :)
EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#14 userdan

userdan

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 17 March 2011 - 08:23 AM

I'll work through the steps you suggested soon, but in the mean time, what was I infected with?

#15 lance_yien

lance_yien

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 2,442 posts

Posted 17 March 2011 - 10:31 AM

No major infection but some stability issues caused by unwanted adware programs (ww-plugin etc...) probably introduced by "IObit Security 360", "AutocompleteProis" and / or ""Vuze_Remote".

Drive C: | 287.98 Gb Total Space | 34.48 Gb Free Space | 11.97% Space Free | Partition Type: NTFS

Please note that you need, at least 15% of free space.
EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#16 userdan

userdan

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 18 March 2011 - 10:12 AM

Thanks for all your help! Really appreciate it!

#17 lance_yien

lance_yien

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 2,442 posts

Posted 18 March 2011 - 10:19 AM

Glad we could help. :cool:

[Reopened]

Everyone else, please begin a new topic.

Edited by cnm, 18 March 2011 - 11:37 AM.

EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#18 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 March 2011 - 11:33 AM

Reopened at request of topic owner.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#19 userdan

userdan

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 22 March 2011 - 12:56 AM

I am still getting those Chinese Pop-ups in firefox. They were gone for a few days, but now they have returned.

#20 lance_yien

lance_yien

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 2,442 posts

Posted 22 March 2011 - 02:47 AM

Hello userdan.

Please print out these instructions or copy them to a Notepad file for an easier reading and download to your Desktop:
  • OTL by OldTimer from here or here.
  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Right-click on TDSSKiller.exe => "Run as administrator".
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

>>> Run OTL: Please close all opened windows and right-click on OTL.exe => "Run as Administrator".
In the "Custom Scans/Fixes" window (under the light green bar) paste the following (starting with netsvcs):

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
SAVEMBR:0

Click the Run Scan button and let the program run uninterrupted.
When the scan completes, it will open two Notepad windows - OTL.Txt (opened) and Extras.Txt (minimised). These are saved in the same location as OTL.
Please copy and paste the contents of these files in your next reply (one at a time).


In your next reply, please include the following (you may need to use two posts to get it all in):
  • TDSSKiller_log.txt
  • OTL.txt
  • Extras.txt

EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#21 userdan

userdan

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 29 March 2011 - 12:05 AM

Sorry it's taken me a few days to get back to this.

2011/03/29 13:44:25.0147 6632 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/29 13:44:25.0850 6632 ================================================================================
2011/03/29 13:44:25.0850 6632 SystemInfo:
2011/03/29 13:44:25.0850 6632
2011/03/29 13:44:25.0850 6632 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/29 13:44:25.0850 6632 Product type: Workstation
2011/03/29 13:44:25.0850 6632 ComputerName: DANNY-STUDIO
2011/03/29 13:44:25.0851 6632 UserName: Danny
2011/03/29 13:44:25.0851 6632 Windows directory: C:\Windows
2011/03/29 13:44:25.0851 6632 System windows directory: C:\Windows
2011/03/29 13:44:25.0851 6632 Processor architecture: Intel x86
2011/03/29 13:44:25.0851 6632 Number of processors: 2
2011/03/29 13:44:25.0851 6632 Page size: 0x1000
2011/03/29 13:44:25.0851 6632 Boot type: Normal boot
2011/03/29 13:44:25.0851 6632 ================================================================================
2011/03/29 13:44:26.0140 6632 Initialize success
2011/03/29 13:46:21.0758 7956 ================================================================================
2011/03/29 13:46:21.0758 7956 Scan started
2011/03/29 13:46:21.0758 7956 Mode: Manual;
2011/03/29 13:46:21.0758 7956 ================================================================================
2011/03/29 13:46:27.0128 7956 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
2011/03/29 13:46:27.0245 7956 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/03/29 13:46:27.0435 7956 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/03/29 13:46:27.0550 7956 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/03/29 13:46:27.0792 7956 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/03/29 13:46:27.0895 7956 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/03/29 13:46:28.0157 7956 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/03/29 13:46:28.0305 7956 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/03/29 13:46:28.0500 7956 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/29 13:46:28.0607 7956 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/03/29 13:46:28.0852 7956 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/03/29 13:46:29.0671 7956 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/03/29 13:46:29.0815 7956 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/03/29 13:46:29.0853 7956 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/03/29 13:46:30.0044 7956 ApfiltrService (1de27858a431a5749e0f3df54ba935b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/03/29 13:46:30.0292 7956 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/03/29 13:46:30.0422 7956 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/03/29 13:46:30.0588 7956 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/29 13:46:30.0975 7956 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/03/29 13:46:31.0132 7956 atikmdag (47dcf5d78c395159d72c65c25129fc44) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/29 13:46:31.0466 7956 ATSwpWDF (30407fb218940ae61f1aa3821b69f567) C:\Windows\system32\Drivers\ATSwpWDF.sys
2011/03/29 13:46:31.0923 7956 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
2011/03/29 13:46:32.0479 7956 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/03/29 13:46:32.0807 7956 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/03/29 13:46:33.0028 7956 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/03/29 13:46:33.0152 7956 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/29 13:46:33.0340 7956 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/03/29 13:46:33.0578 7956 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/29 13:46:33.0802 7956 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/29 13:46:33.0891 7956 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/29 13:46:34.0094 7956 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/29 13:46:34.0191 7956 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/29 13:46:34.0302 7956 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/29 13:46:34.0403 7956 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/29 13:46:34.0552 7956 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/29 13:46:34.0871 7956 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/29 13:46:34.0981 7956 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/29 13:46:35.0095 7956 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/29 13:46:35.0218 7956 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/03/29 13:46:35.0432 7956 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/29 13:46:35.0557 7956 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/03/29 13:46:35.0757 7956 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/29 13:46:35.0821 7956 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/03/29 13:46:36.0010 7956 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/03/29 13:46:36.0196 7956 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/03/29 13:46:36.0453 7956 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/03/29 13:46:36.0807 7956 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/03/29 13:46:36.0907 7956 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/03/29 13:46:37.0002 7956 Dot4Scan (a84d8a9006b1ae515cc7b6b3586c295a) C:\Windows\system32\DRIVERS\Dot4Scan.sys
2011/03/29 13:46:37.0043 7956 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/03/29 13:46:37.0187 7956 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/29 13:46:37.0303 7956 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/29 13:46:38.0255 7956 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/03/29 13:46:38.0367 7956 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/29 13:46:38.0605 7956 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/03/29 13:46:38.0833 7956 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/03/29 13:46:38.0978 7956 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/03/29 13:46:39.0238 7956 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/03/29 13:46:39.0387 7956 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/03/29 13:46:39.0588 7956 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/29 13:46:39.0826 7956 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/29 13:46:39.0868 7956 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/29 13:46:39.0955 7956 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/29 13:46:40.0155 7956 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/03/29 13:46:40.0285 7956 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/29 13:46:40.0388 7956 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/29 13:46:40.0609 7956 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/29 13:46:40.0917 7956 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/03/29 13:46:41.0045 7956 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/29 13:46:41.0105 7956 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/29 13:46:41.0165 7956 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/29 13:46:41.0346 7956 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/29 13:46:41.0406 7956 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/03/29 13:46:41.0702 7956 HPFXBULK (9e3944a558ab84853ef985988e23a8a4) C:\Windows\system32\drivers\hpfxbulk.sys
2011/03/29 13:46:42.0031 7956 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/03/29 13:46:42.0173 7956 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/03/29 13:46:42.0329 7956 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/29 13:46:42.0395 7956 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/03/29 13:46:42.0501 7956 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/29 13:46:42.0576 7956 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/29 13:46:42.0823 7956 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/29 13:46:42.0899 7956 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/29 13:46:42.0953 7956 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/29 13:46:43.0063 7956 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/29 13:46:43.0225 7956 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/29 13:46:43.0312 7956 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/03/29 13:46:43.0407 7956 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/29 13:46:43.0438 7956 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/29 13:46:43.0524 7956 itecir (20425664e2e196d339ca877e0387c023) C:\Windows\system32\DRIVERS\itecir.sys
2011/03/29 13:46:43.0642 7956 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/29 13:46:43.0795 7956 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
2011/03/29 13:46:43.0956 7956 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/29 13:46:44.0137 7956 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/29 13:46:44.0303 7956 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
2011/03/29 13:46:44.0423 7956 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/29 13:46:44.0775 7956 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/29 13:46:45.0115 7956 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/29 13:46:45.0370 7956 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/29 13:46:45.0487 7956 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/29 13:46:46.0021 7956 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/29 13:46:46.0239 7956 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/03/29 13:46:46.0346 7956 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/03/29 13:46:46.0506 7956 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/29 13:46:46.0735 7956 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/29 13:46:46.0994 7956 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/29 13:46:47.0173 7956 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/29 13:46:47.0230 7956 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/29 13:46:47.0287 7956 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/03/29 13:46:47.0340 7956 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/29 13:46:47.0439 7956 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/29 13:46:47.0737 7956 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/29 13:46:48.0155 7956 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/29 13:46:49.0005 7956 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/29 13:46:49.0158 7956 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/29 13:46:50.0050 7956 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/03/29 13:46:50.0499 7956 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/03/29 13:46:50.0876 7956 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
2011/03/29 13:46:51.0172 7956 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/29 13:46:51.0370 7956 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/29 13:46:51.0686 7956 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/29 13:46:51.0890 7956 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/29 13:46:52.0239 7956 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/29 13:46:52.0383 7956 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/03/29 13:46:52.0578 7956 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/29 13:46:52.0631 7956 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/29 13:46:52.0807 7956 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/03/29 13:46:53.0047 7956 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/29 13:46:53.0314 7956 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/03/29 13:46:53.0435 7956 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/29 13:46:53.0542 7956 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/29 13:46:53.0910 7956 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/29 13:46:54.0024 7956 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/29 13:46:54.0239 7956 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/29 13:46:54.0328 7956 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/29 13:46:54.0784 7956 NETw5v32 (9ca26dccf0b84a6ff2b54fbb2a94520b) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/03/29 13:46:55.0189 7956 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/29 13:46:55.0260 7956 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/03/29 13:46:55.0360 7956 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/29 13:46:55.0453 7956 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/03/29 13:46:55.0591 7956 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/29 13:46:55.0886 7956 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/29 13:46:56.0029 7956 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/03/29 13:46:56.0126 7956 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/03/29 13:46:56.0178 7956 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/03/29 13:46:56.0322 7956 OA001Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA001Ufd.sys
2011/03/29 13:46:56.0376 7956 OA001Vid (4075063d25af9da64101769854b83787) C:\Windows\system32\DRIVERS\OA001Vid.sys
2011/03/29 13:46:56.0621 7956 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/29 13:46:56.0811 7956 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/29 13:46:56.0932 7956 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/03/29 13:46:57.0046 7956 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/29 13:46:57.0152 7956 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/03/29 13:46:57.0195 7956 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/03/29 13:46:57.0300 7956 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/29 13:46:57.0361 7956 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/29 13:46:57.0652 7956 Point32 (8442871b5a0d1a74390f490e9660534a) C:\Windows\system32\DRIVERS\point32k.sys
2011/03/29 13:46:57.0981 7956 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/29 13:46:58.0021 7956 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/03/29 13:46:58.0142 7956 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/29 13:46:58.0227 7956 PTDUBus (dbaf8a53d7669efb4742896b458181d0) C:\Windows\system32\DRIVERS\PTDUBus.sys
2011/03/29 13:46:58.0347 7956 PTDUMdm (fa4e2a5cf478624d3154fb045fb2d076) C:\Windows\system32\DRIVERS\PTDUMdm.sys
2011/03/29 13:46:58.0453 7956 PTDUVsp (9c489b38ca13f251289004fe4f8631dd) C:\Windows\system32\DRIVERS\PTDUVsp.sys
2011/03/29 13:46:58.0506 7956 PTDUWFLT (37a75ac00d26364a5ea2050a6f85c2d0) C:\Windows\system32\DRIVERS\PTDUWFLT.sys
2011/03/29 13:46:58.0568 7956 PTDUWWAN (f4a789a94ff74a47eb321be4465259d0) C:\Windows\system32\DRIVERS\PTDUWWAN.sys
2011/03/29 13:46:58.0792 7956 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/03/29 13:46:59.0254 7956 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/03/29 13:46:59.0414 7956 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/29 13:46:59.0527 7956 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/29 13:46:59.0877 7956 R300 (47dcf5d78c395159d72c65c25129fc44) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/29 13:46:59.0932 7956 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/29 13:46:59.0962 7956 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/29 13:47:00.0085 7956 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/29 13:47:00.0212 7956 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/29 13:47:00.0303 7956 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/29 13:47:00.0423 7956 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/29 13:47:00.0521 7956 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/03/29 13:47:00.0576 7956 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/29 13:47:00.0855 7956 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/03/29 13:47:01.0035 7956 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/03/29 13:47:01.0246 7956 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/03/29 13:47:01.0372 7956 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/03/29 13:47:01.0424 7956 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/29 13:47:01.0567 7956 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/29 13:47:01.0879 7956 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/29 13:47:02.0003 7956 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/29 13:47:02.0082 7956 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/29 13:47:02.0110 7956 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/29 13:47:02.0204 7956 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/29 13:47:02.0300 7956 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/29 13:47:02.0391 7956 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/29 13:47:02.0543 7956 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/29 13:47:02.0640 7956 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/29 13:47:02.0692 7956 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/03/29 13:47:02.0849 7956 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/03/29 13:47:02.0954 7956 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/03/29 13:47:03.0144 7956 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/03/29 13:47:03.0283 7956 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
2011/03/29 13:47:03.0478 7956 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/29 13:47:03.0687 7956 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/03/29 13:47:03.0860 7956 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/29 13:47:03.0899 7956 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/29 13:47:03.0964 7956 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/03/29 13:47:04.0092 7956 STHDA (5af1feec6945f4fa5efd00e0c6d8f9b9) C:\Windows\system32\DRIVERS\stwrt.sys
2011/03/29 13:47:04.0529 7956 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/03/29 13:47:04.0845 7956 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/29 13:47:04.0890 7956 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/29 13:47:04.0939 7956 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/29 13:47:04.0975 7956 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/29 13:47:05.0097 7956 tap0901 (d13117a1c6b072a67961980bdaf7e47a) C:\Windows\system32\DRIVERS\tap0901.sys
2011/03/29 13:47:05.0222 7956 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/03/29 13:47:05.0333 7956 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/29 13:47:05.0427 7956 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/29 13:47:05.0532 7956 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/29 13:47:05.0668 7956 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/29 13:47:05.0792 7956 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/29 13:47:05.0881 7956 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/29 13:47:06.0004 7956 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/29 13:47:06.0189 7956 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/29 13:47:06.0263 7956 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/29 13:47:06.0361 7956 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/03/29 13:47:06.0550 7956 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/29 13:47:07.0231 7956 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/29 13:47:07.0340 7956 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/03/29 13:47:07.0376 7956 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/29 13:47:07.0470 7956 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/29 13:47:07.0504 7956 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/29 13:47:07.0598 7956 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/03/29 13:47:08.0057 7956 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/29 13:47:08.0254 7956 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/29 13:47:08.0397 7956 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/29 13:47:08.0487 7956 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/29 13:47:08.0540 7956 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/29 13:47:08.0701 7956 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/03/29 13:47:09.0325 7956 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/29 13:47:09.0854 7956 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/29 13:47:09.0908 7956 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/29 13:47:10.0022 7956 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/29 13:47:10.0184 7956 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/03/29 13:47:10.0224 7956 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/03/29 13:47:10.0323 7956 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/03/29 13:47:10.0356 7956 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/29 13:47:10.0455 7956 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/03/29 13:47:10.0557 7956 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/03/29 13:47:11.0004 7956 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/03/29 13:47:11.0153 7956 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/29 13:47:11.0438 7956 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/29 13:47:11.0548 7956 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/29 13:47:11.0855 7956 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/03/29 13:47:11.0986 7956 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/29 13:47:12.0430 7956 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/29 13:47:12.0560 7956 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/29 13:47:12.0806 7956 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/29 13:47:12.0987 7956 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/29 13:47:13.0223 7956 ================================================================================
2011/03/29 13:47:13.0223 7956 Scan finished
2011/03/29 13:47:13.0223 7956 ================================================================================

OTL logfile created on: 3/29/2011 1:49:15 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Danny\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.98 Gb Total Space | 32.65 Gb Free Space | 11.34% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.83 Gb Free Space | 48.29% Space Free | Partition Type: NTFS
Drive F: | 3.01 Gb Total Space | 2.98 Gb Free Space | 98.86% Space Free | Partition Type: FAT32

Computer Name: DANNY-STUDIO | User Name: Danny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/29 13:45:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Danny\Downloads\OTL.exe
PRC - [2011/03/18 22:46:43 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Danny\Desktop\Kembang Desa Villa (2)\tdsskiller\TDSSKiller.exe
PRC - [2011/03/06 00:46:31 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/10 07:45:26 | 015,622,144 | ---- | M] (SugarSync, Inc.) -- C:\Program Files\SugarSync\SugarSyncManager.exe
PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/09/17 04:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/21 01:13:56 | 000,055,016 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 14:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/08/05 20:16:40 | 000,286,720 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
PRC - [2008/07/17 20:00:36 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/07/17 20:00:18 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/07/17 20:00:16 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/07/10 04:31:46 | 001,616,976 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe


========== Modules (SafeList) ==========

MOD - [2011/03/29 13:45:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Danny\Downloads\OTL.exe
MOD - [2010/08/31 23:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/18 22:46:43 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/16 05:43:48 | 000,036,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/11/21 01:13:56 | 000,055,016 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2008/12/06 19:51:30 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/12/06 19:28:28 | 000,072,704 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/09/24 12:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Disabled | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/17 18:22:56 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\AEstSrv.exe -- (AESTFilters)
SRV - [2008/06/10 02:47:36 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Disabled | Stopped] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008/05/06 07:46:38 | 001,168,632 | ---- | M] (AuthenTec, Inc.) [Disabled | Stopped] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/03/18 22:46:45 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/08/16 05:44:10 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/08 10:02:58 | 000,062,496 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2009/08/12 19:13:32 | 000,160,272 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2009/08/12 19:13:32 | 000,113,680 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2009/08/12 19:13:32 | 000,054,416 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2009/08/12 19:13:28 | 000,160,272 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2009/08/12 19:13:28 | 000,011,920 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUWFLT.sys -- (PTDUWFLT)
DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/03/08 17:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 07:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/04 11:34:34 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/07/18 18:27:48 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/07/18 18:27:48 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/07/17 20:00:14 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/07/17 18:23:06 | 000,379,904 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/07/03 17:05:52 | 000,475,136 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/07/03 16:58:26 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/03 16:58:24 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/07/03 16:58:22 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/26 06:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/05/29 19:03:34 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/04/05 05:20:37 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=6081206
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 10:33:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/06 00:46:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/29 00:30:06 | 000,000,000 | ---D | M]

[2011/03/16 20:16:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Extensions
[2011/03/17 20:23:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\ps5s2v4a.default\extensions
[2011/03/17 16:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/17 09:26:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/08/31 09:46:27 | 002,179,072 | ---- | M] (DNAML Pty Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npdbplug.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/03/14 22:04:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: com.cn ([mybank.icbc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: com.cn ([vip.icbc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: com.cn ([www.icbc] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ridgebizdeve...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://dl.pplive.com/PluginSetup.cab (Reg Error: Key error.)
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} https://wc.wachovia....ab/ikcntrls.cab (Ikonic Menu Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.99.166.4 202.99.160.68
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Danny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Danny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
Unable to save MBR. Invalid drive designation: 0

========== Files/Folders - Created Within 30 Days ==========

[2011/03/29 00:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/03/24 14:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF reDirect
[2011/03/24 14:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF reDirect v2
[2011/03/23 14:33:41 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/23 14:33:41 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/22 12:49:14 | 000,407,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvc331c.rra
[2011/03/22 12:49:13 | 000,050,080 | ---- | C] (Gemplus) -- C:\Windows\System32\jcutilGEM102KLCD.dll
[2011/03/22 12:49:13 | 000,049,568 | ---- | C] (Gemplus) -- C:\Windows\System32\JCUTILGEM102K.dll
[2011/03/22 12:49:12 | 000,136,608 | ---- | C] (G&D) -- C:\Windows\System32\jcutilGD2.dll
[2011/03/22 12:49:12 | 000,124,320 | ---- | C] (G&D) -- C:\Windows\System32\jcutilGD2LCD.dll
[2011/03/22 12:49:09 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efsa1dd8.rra
[2011/03/22 12:49:05 | 000,279,968 | ---- | C] (Infosec Technologies Co., Ltd.) -- C:\Windows\System32\ICBC_NetSign.dll
[2011/03/22 12:49:05 | 000,163,744 | ---- | C] (Tendyron Corporation) -- C:\Windows\System32\icbc_tdrusbkey.dll
[2011/03/22 12:49:05 | 000,115,616 | ---- | C] (<Tendyron Corporation>) -- C:\Windows\System32\ICBC_TDRDV.dll
[2011/03/22 12:49:05 | 000,071,072 | ---- | C] (Infosec Technologies Co., Ltd.) -- C:\Windows\System32\iccardCtl.dll
[2011/03/22 12:49:04 | 000,124,320 | ---- | C] (M&W) -- C:\Windows\System32\icbc_mwusbkey.dll
[2011/03/22 12:49:04 | 000,066,976 | ---- | C] (MingWah) -- C:\Windows\System32\icbc_mwdv.dll
[2011/03/22 12:49:04 | 000,042,400 | ---- | C] (goldpac) -- C:\Windows\System32\icbc_gemplusdv.dll
[2011/03/22 12:49:04 | 000,042,400 | ---- | C] (goldpac) -- C:\Windows\System32\icbc_gemplus2006dv.dll
[2011/03/22 12:49:03 | 000,231,328 | ---- | C] (ICBC OEM From Feitian Technologies Co., Ltd) -- C:\Windows\System32\icbc_ftdv.dll
[2011/03/22 12:49:03 | 000,123,296 | ---- | C] (ICBC OEM From Feitian Technologies Co., Ltd) -- C:\Windows\System32\icbc_ftusbkey.dll
[2011/03/22 12:49:02 | 000,320,928 | ---- | C] (Industrial and Commercial Bank of China Limited) -- C:\Windows\System32\ICBCPKCheck.ocx
[2011/03/22 12:49:02 | 000,267,680 | ---- | C] (sinotrans) -- C:\Windows\System32\GemOCX.ocx
[2011/03/22 12:49:02 | 000,071,072 | ---- | C] (北京信安世纪公司) -- C:\Windows\System32\ICBCUSBKEY.dll
[2011/03/22 12:49:01 | 000,755,104 | ---- | C] (CFCA) -- C:\Windows\System32\CertKitAxForICBCAU_2HASH.dll
[2011/03/22 12:49:01 | 000,247,200 | ---- | C] (CFCA) -- C:\Windows\System32\CertKitAxForICBCAU.dll
[2011/03/22 12:49:01 | 000,226,720 | ---- | C] (CFCA) -- C:\Windows\System32\CertKitAxForICBC.dll
[2011/03/22 12:49:00 | 000,507,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capicom.dll
[2011/03/19 22:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/03/19 22:56:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/17 10:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/03/17 09:26:53 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/03/17 09:26:53 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows

#22 lance_yien

lance_yien

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 2,442 posts

Posted 29 March 2011 - 10:15 AM

Your logs don't seem to show any sign of infections.

Please print out these instructions or copy them to a Notepad file for an easier reading and download to your Desktop GooredFix by jpshortstuff from here or here.
Ensure all Firefox windows are closed and double-click on GooredFix.exe. Click Yes when prompted to run the scan.
GooredFix will check for infections, and then a log will appear and can also be found on your desktop, called GooredFix.txt.
Restart your computer.

If you still have the same problem, please download and install Revo Uninstaller (Freeware) from here.

Then please run Revo Uninstaller and select "Mozilla Firefox" and click the Uninstall icon to uninstall properly Firefox. Posted Image

Please choose Advanced. Posted Image

Then click Next and follow the prompts.

Please click Select All (1.) and Delete (2.) Posted Image

to delete all registry items, folders and files listed by Revo.
If asked to restart the computer, please do so immediately.

Download the latest version of Mozilla Firefox from here and install it.
EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#23 lance_yien

lance_yien

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 2,442 posts

Posted 05 April 2011 - 11:57 PM

Due to the lack of feedback, this topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else, please begin a New Topic.
EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.




Member of UNITE
Support SpywareInfo Forum - click the button