Free Malware Removal Forum

by **sjohn** » December 31st, 2009, 8:19 pm

I'm I on a witch hunt for something that's not there?

While we're at it, How do I get rid of the emails Viagra that use my email address as the sender?

1. MBAM
Malwarebytes' Anti-Malware 1.43
Database version: 3461
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

12/30/2009 11:03:24 PM
mbam-log-2009-12-30 (23-03-24).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|H:\|I:\|J:\|)
Objects scanned: 205544
Time elapsed: 39 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
2. Kaspersky
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, December 31, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, December 31, 2009 14:02:36
Records in database: 3419383
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\
I:\
J:\

Scan statistics:
Objects scanned: 132925
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:51:51

No threats found. Scanned area is clean.

Selected area has been scanned.
3. chkdsk

ccess Denied as you do not have sufficient privileges.
You have to invoke this utility running in elevated mode.
Access Denied as you do not have sufficient privileges.
You have to invoke this utility running in elevated mode.
Access Denied as you do not have sufficient privileges.
You have to invoke this utility running in elevated mode.
4. VEM log won't copy into here It must be too big.

Thanks

by **Jack&Jill** » January 1st, 2010, 9:42 am

Hello sjohn

,

I'm I on a witch hunt for something that's not there?

While we're at it, How do I get rid of the emails Viagra that use my email address as the sender?

We will get to the bottom of this, but first you must help me by providing more information. When I asked you earlier whether you experienced any other issues, the unauthorized sending of emails is one of them. Now, are there any other abnormal symptoms or computer behavior that you noticed? Are all your programs running normally? Any popups? Or redirects?

When you ran all the tools that I requested you to, did you do them as Administrator?

For the VEW log, please zip it and post as attachment. On the post a reply page, you will see the Upload Attachment section below the text box that you use for replying. Click browse and look for the file, then Add the file. Please do not post any other logs as attachment unless I request.

Please post back:
1. the answers to my questions
2. the VEW log as attachment

by **sjohn** » January 1st, 2010, 12:55 pm

Am I on a witch hunt for something that's not there?

While we are at it, how do I get rid of the Viagra emails that use my email as the sender?

1. MBAM
Malwarebytes' Anti-Malware 1.43
Database version: 3461
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

12/30/2009 11:03:24 PM
mbam-log-2009-12-30 (23-03-24).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|H:\|I:\|J:\|)
Objects scanned: 205544
Time elapsed: 39 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
2. Kaspersky

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, December 31, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, December 31, 2009 14:02:36
Records in database: 3419383
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\
I:\
J:\

Scan statistics:
Objects scanned: 132925
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:51:51

No threats found. Scanned area is clean.

Selected area has been scanned.

3. chkhd
Access Denied as you do not have sufficient privileges.
You have to invoke this utility running in elevated mode.
Access Denied as you do not have sufficient privileges.
You have to invoke this utility running in elevated mode.
Access Denied as you do not have sufficient privileges.
You have to invoke this utility running in elevated mode.
4. VEW is to large and I can't get it to copy and paste.
Thanks.

by **sjohn** » January 1st, 2010, 1:10 pm

Sorry I didn't see that 2nd page and I thought you didn't get my previous reply.

This computer I bought second hand and I started over with the harddrive and operating system. Since I did that I always have to hit F1 to get the computer to boot. Yesterday will playing iTunes I shut down the program but the music kept playing and I couldn't get back into to turn off the music so I shut down the computer for the night. No other redirects or pop ups that I have noticed are weird.

Yes, I run as Administrator.

Even zipped they file is 296 KB. Every time I try to send I get a warning"The file is too big, Maximum allowed size is 256KB."

Happy New Year.

by **Jack&Jill** » January 2nd, 2010, 2:39 am

Hello sjohn

,

I started over with the harddrive and operating system

Is this is a format and reinstall of OS, or something else?

For the VEW log, please split it into two files and zip them, then post as attachment separately as two replies.

by **sjohn** » January 2nd, 2010, 8:52 pm

It was a format and reinstall OS. The message I always get on reboot is "Diskette drive 0 failure. Press F1 to continue, F2 to enter setup."

VEW is attached.

by **sjohn** » January 2nd, 2010, 8:53 pm

VEW2

by **Jack&Jill** » January 3rd, 2010, 4:26 am

Hello sjohn

,

While we're at it, How do I get rid of the emails Viagra that use my email address as the sender?

Is this webmail?

Earlier you mentioned that there was a blue screen when try running GMER. Does this happen at other times?

We need to diagnose the blue screen (BSOD) your computer is experiencing.

Reboot your computer and tap on the F8 key repeatedly during startup. A menu will appear.

Select Disable automatic restart on system failure by using the arrow keys and Enter.

Please provide the error message information as shown in the picture:

The stop error will be always be displayed, but the other information may or may not be available. Just provide whatever is available.

For Windows Vista, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Please download LockSearch© by jpshortstuff and save it to your desktop. Click here.

Run LockSearch

Double click on LockSearch.exe to run it.
A command prompt window will appear. Press the 2 key, then Enter to continue.
Scanning will commence. When done, a log file will open.
Please post the contents of that log in your next reply (it can also be found on your desktop, called LockSearch.txt).

Please post back:
1. the answer to my question on the email
2. Does BSOD happen at other times? Post the error message if available
3. LockSearch result

by **sjohn** » January 4th, 2010, 10:31 am

1. I guess I don't understand what you mean by webmail. I would say yes. Senders are "Viagra Official Reseller, " Viagra Best supplier," Approved Viagra store" but they all have my email address on the "FROM" line. The also have unscubscribe links that go nowhere.

2. Blue screen happened when we tried to watch a DVD but now I can't get it to do it again. Just that one day last week.
(I can't see the picture of the error message in your note.)
3.
LockSearch by jpshortstuff (05.11.09.1)
Log created at 07:12 on 04/01/2010 (Daniel)
Scanning C:\

C:\hiberfil.sys
-------------------------

C:\pagefile.sys
-------------------------

-=E.O.F=-

So what are we looking for exactly? I'd like to understand better what is going on in all this searching/scanning?

Thanks for the help.

by **Jack&Jill** » January 5th, 2010, 12:37 am

Hello sjohn

,

Please update your Adobe Reader to the latest.

Open Adobe Reader.
Go to Help on the pull down menu, then select Check for Updates....
Continue accordingly and close it when done.

Your Java Runtime Environment is outdated. Older versions have security vulnerabilities that can be exploited.

Please update JRE to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Java(TM) 6 Update 15

Go to the Java SE download page. Click here.
Look for Java SE Runtime Environment (JRE) 6 Update 17. Click the Download button to the right.
Select Windows from the drop-down list for Platform.
Check I agree to the Java SE Runtime Environment 6u17 with JavaFX 1 License Agreement after reading it, and click Continue. The page will refresh.
Under the Windows Offline Installation title, click on the link which says jre-6u17-windows-i586.exe and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Then, from your desktop, double click on the download to install the newest version. Reboot your computer.

Webmail means those that you usually access through the internet like Yahoo mail, Gmail and the such. A good practice in using emails would be activate spam filtering / and always change password. In your case, I think it is spam, even though your email is listed as the sender. It would be a good idea to change email.

(I can't see the picture of the error message in your note.)

Are you logged in?

So what are we looking for exactly? I'd like to understand better what is going on in all this searching/scanning?

All your symptoms are pointing to two possibilities; hardware / software problems or a rootkit infection. What I am trying to do is to determine that your computer do not have the infection and so far, it appears to be so.

Please post back new OTL logs according to the last settings.

by **sjohn** » January 5th, 2010, 11:47 am

Acrobat updated.
Java new.
No I don't use webmail.
Yes I was logged in.

OTL logfile created on: 05/01/2010 8:36:18 AM - Run 2
OTL by OldTimer - Version 3.1.20.1 Folder = G:\Programs for Fixing Computer
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.71 Gb Total Space | 346.67 Gb Free Space | 76.07% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.49 Gb Free Space | 44.91% Space Free | Partition Type: NTFS
Drive E: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
Drive G: | 7.47 Gb Total Space | 0.38 Gb Free Space | 5.15% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANIEL-PC
Current User Name: Daniel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/05 08:05:03 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/12/26 12:09:12 | 00,513,536 | ---- | M] (OldTimer Tools) -- G:\Programs for Fixing Computer\OTL.exe
PRC - [2009/12/12 18:42:11 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/12 18:42:11 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/20 23:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/10/15 13:35:49 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/15 13:35:49 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/15 13:35:45 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/10 13:32:18 | 00,305,664 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2009/10/10 13:32:18 | 00,203,264 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/09/28 09:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/04/10 23:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/13 16:39:08 | 01,078,560 | ---- | M] () -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2008/01/19 00:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe

========== Modules (SafeList) ==========

MOD - [2009/12/26 12:09:12 | 00,513,536 | ---- | M] (OldTimer Tools) -- G:\Programs for Fixing Computer\OTL.exe
MOD - [2009/04/10 23:21:38 | 01,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2009/04/10 23:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/19 16:20:22 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/10/15 13:35:45 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/28 09:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/24 18:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/03/25 08:09:03 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/01/13 16:39:08 | 01,078,560 | ---- | M] () [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/01/19 00:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/13 02:23:18 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/03/13 02:23:18 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2009/12/28 22:00:46 | 00,044,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- G:\Programs for Fixing Computer\SysProt\SysProt\SysProtDrv.sys -- (SysProtDrv.sys)
DRV - [2009/11/11 14:29:20 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/10/15 13:36:26 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/15 13:36:25 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/01/13 16:39:06 | 00,072,992 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\bckd.sys -- (bckd)
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/02/11 19:36:10 | 02,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/04/13 13:22:56 | 00,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/02/21 12:49:47 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/02/21 12:49:47 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/02/21 12:49:47 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/01/05 22:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2007/01/05 22:59:34 | 00,086,096 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce(tm)
DRV - [2006/11/02 02:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 01:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:41:53 | 00,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/11/02 00:41:50 | 00,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2006/11/02 00:41:48 | 00,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006/11/02 00:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/01 23:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/04/07 17:06:38 | 00,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VNUSB.sys -- (VNUSB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2490235737-1587106647-3589786812-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ksl.com/
IE - HKU\S-1-5-21-2490235737-1587106647-3589786812-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2490235737-1587106647-3589786812-1000\S-1-5-21-2490235737-1587106647-3589786812-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/12/25 22:25:11 | 00,000,000 | ---D | M]

O1 HOSTS File: (351981 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12066 more lines...
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2490235737-1587106647-3589786812-1000..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; File not found
O7 - HKU\S-1-5-21-2490235737-1587106647-3589786812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2490235737-1587106647-3589786812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2490235737-1587106647-3589786812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2490235737-1587106647-3589786812-1000\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/05 08:05:17 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/01/05 08:05:17 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/01/05 08:05:17 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/01/05 08:05:00 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2010/01/05 08:04:18 | 16,672,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Daniel\Desktop\jre-6u17-windows-i586.exe
[2010/01/05 07:57:02 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/01 11:11:43 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Adobe
[2009/12/31 23:35:43 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Media Converter for Philips
[2009/12/31 11:36:36 | 00,061,440 | ---- | C] ( ) -- C:\Users\Daniel\Desktop\VEW.exe
[2009/12/31 07:06:01 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Apple Computer
[2009/12/30 22:13:37 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Users\Daniel\Desktop\ATF-Cleaner.exe
[2009/12/29 08:09:57 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/12/29 08:06:15 | 00,000,000 | R--D | C] -- C:\Users\Daniel\Pictures
[2009/12/27 10:23:41 | 00,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2009/12/27 10:22:42 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/12/25 22:25:47 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\ArcSoft
[2009/12/25 22:25:46 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\ArcSoft
[2009/12/25 22:25:15 | 00,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2009/12/25 22:24:53 | 00,245,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unicows.dll
[2009/12/25 22:24:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2009/12/25 22:24:53 | 00,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2009/12/25 22:23:51 | 00,000,000 | ---D | C] -- C:\Philips
[2009/12/25 22:23:18 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\InstallShield
[2009/12/17 12:53:05 | 00,000,000 | ---D | C] -- C:\Program Files\ODI
[2009/12/15 16:45:47 | 00,000,000 | ---D | C] -- C:\TimezAttack
[2009/12/13 11:24:17 | 00,000,000 | ---D | C] -- C:\Users\Daniel\2009-12-13 Liza 11-12 2009
[2009/12/09 03:02:11 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/12/09 03:02:10 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009/12/08 15:21:24 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/12/08 15:21:24 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/12/08 15:21:24 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/12/08 15:21:24 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/12/08 15:21:24 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/12/08 15:21:24 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/12/08 15:21:24 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/12/08 15:21:23 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/12/08 15:21:23 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/12/08 15:21:23 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/12/08 15:21:23 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/12/08 15:21:23 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/12/08 15:21:23 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/12/08 15:21:23 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/12/08 15:20:47 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/05 08:37:00 | 00,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{747B452E-9578-43CF-846B-3393845136BF}.job
[2010/01/05 08:33:07 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/05 08:33:07 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/05 08:33:07 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/05 08:30:53 | 06,029,312 | -HS- | M] () -- C:\Users\Daniel\ntuser.dat
[2010/01/05 08:25:00 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/05 08:18:35 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/01/05 08:17:52 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/05 08:16:10 | 00,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/05 08:16:10 | 00,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/05 08:16:09 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/05 08:16:07 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/05 08:16:06 | 21,361,33632 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/05 08:10:03 | 00,524,288 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/05 08:10:03 | 00,065,536 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/05 08:09:59 | 02,501,814 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\IconCache.db
[2010/01/05 08:05:03 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/01/05 08:05:03 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/01/05 08:05:03 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/01/05 08:05:03 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/01/05 08:04:18 | 16,672,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Daniel\Desktop\jre-6u17-windows-i586.exe
[2010/01/05 07:57:15 | 00,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/01/04 22:44:59 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BA5451C0-6665-4080-8466-58E71CD41F6A}.job
[2010/01/04 19:29:28 | 00,057,344 | ---- | M] () -- C:\Users\Daniel\Desktop\The Budget 1-10.xls
[2010/01/04 17:48:37 | 47,410,383 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/04 17:48:23 | 00,132,480 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/01/04 07:11:38 | 00,032,653 | ---- | M] () -- C:\Users\Daniel\Desktop\LockSearch.exe
[2010/01/02 20:10:44 | 00,025,088 | ---- | M] () -- C:\Users\Daniel\Desktop\Savings 2010.xls
[2010/01/02 19:44:59 | 00,026,112 | ---- | M] () -- C:\Users\Daniel\Desktop\Savings 2009.xls
[2010/01/02 19:33:48 | 00,057,344 | ---- | M] () -- C:\Users\Daniel\Desktop\The Budget 12-09.xls
[2010/01/02 17:47:34 | 00,041,098 | ---- | M] () -- C:\Users\Daniel\Desktop\VEW2.zip
[2010/01/02 17:47:31 | 00,261,201 | ---- | M] () -- C:\Users\Daniel\Desktop\VEW.zip
[2009/12/31 11:36:36 | 00,061,440 | ---- | M] ( ) -- C:\Users\Daniel\Desktop\VEW.exe
[2009/12/30 22:13:38 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Users\Daniel\Desktop\ATF-Cleaner.exe
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/29 22:48:12 | 13,021,1299 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/28 21:42:02 | 00,000,632 | RHS- | M] () -- C:\Users\Daniel\ntuser.pol
[2009/12/28 21:26:45 | 00,057,344 | ---- | M] () -- C:\Users\Daniel\Desktop\The Budget.xls
[2009/12/26 12:15:13 | 00,293,376 | ---- | M] () -- C:\Users\Daniel\Desktop\7mgd34cv.exe
[2009/12/25 22:25:18 | 00,002,166 | ---- | M] () -- C:\Users\Public\Desktop\Internet Video Downloader.lnk
[2009/12/25 22:25:18 | 00,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Media Converter for Philips.lnk
[2009/12/25 22:23:51 | 00,000,745 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk
[2009/12/25 22:23:51 | 00,000,711 | ---- | M] () -- C:\Users\Public\Desktop\Philips GoGear VIBE Device Manager.lnk
[2009/12/25 19:31:29 | 00,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/12/25 18:29:21 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/12/16 14:27:24 | 00,351,981 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/12/15 16:45:54 | 00,000,740 | ---- | M] () -- C:\Users\Public\Desktop\Timez Attack.lnk
[2009/12/15 11:54:17 | 00,030,720 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/12 18:37:59 | 00,000,552 | ---- | M] () -- C:\Users\Daniel\AppData\Local\d3d8caps.dat
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/05 07:57:15 | 00,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/01/04 07:11:38 | 00,032,653 | ---- | C] () -- C:\Users\Daniel\Desktop\LockSearch.exe
[2010/01/02 17:47:34 | 00,041,098 | ---- | C] () -- C:\Users\Daniel\Desktop\VEW2.zip
[2010/01/02 17:47:30 | 00,261,201 | ---- | C] () -- C:\Users\Daniel\Desktop\VEW.zip
[2009/12/30 08:27:38 | 21,361,33632 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/26 12:15:09 | 00,293,376 | ---- | C] () -- C:\Users\Daniel\Desktop\7mgd34cv.exe
[2009/12/25 22:25:18 | 00,002,166 | ---- | C] () -- C:\Users\Public\Desktop\Internet Video Downloader.lnk
[2009/12/25 22:25:18 | 00,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Media Converter for Philips.lnk
[2009/12/25 22:23:51 | 00,000,745 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk
[2009/12/25 22:23:51 | 00,000,711 | ---- | C] () -- C:\Users\Public\Desktop\Philips GoGear VIBE Device Manager.lnk
[2009/12/25 19:31:29 | 00,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/12/25 18:29:21 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/12/22 07:32:24 | 13,021,1299 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/12/19 16:20:33 | 00,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/19 16:20:32 | 00,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/15 16:45:54 | 00,000,740 | ---- | C] () -- C:\Users\Public\Desktop\Timez Attack.lnk
[2009/10/15 13:39:41 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/30 08:24:58 | 00,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini
[2009/09/30 08:24:54 | 00,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI
[2009/09/16 20:02:31 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/26 18:48:18 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/28 16:32:14 | 00,000,388 | ---- | C] () -- C:\Windows\ulead32.ini
[2009/03/27 17:59:52 | 00,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2009/03/27 09:22:08 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/03/27 09:22:08 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/03/27 09:22:08 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/03/27 09:21:26 | 00,000,909 | ---- | C] () -- C:\Windows\disney.ini
[2009/03/27 08:47:51 | 00,000,115 | ---- | C] () -- C:\Windows\ka.ini
[2009/02/23 12:51:28 | 00,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2009/02/23 12:51:28 | 00,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2009/01/18 17:49:16 | 00,002,204 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/01/13 16:39:06 | 00,072,992 | ---- | C] () -- C:\Windows\System32\drivers\bckd.sys
[2009/01/01 13:34:06 | 00,114,688 | ---- | C] () -- C:\Windows\System32\OdiOlDVR.dll
[2009/01/01 13:34:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\OdiAPI.dll
[2008/11/25 13:34:24 | 00,030,720 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/24 16:33:38 | 00,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/11/24 16:33:38 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1255.dll
[2008/11/24 15:33:29 | 00,000,552 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d8caps.dat
[2008/11/24 15:26:58 | 00,000,680 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat
[2008/02/11 19:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/01/17 12:29:55 | 00,000,000 | ---D | M] -- C:\Users\Children\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/08/21 14:44:44 | 00,000,000 | ---D | M] -- C:\Users\Children\AppData\Roaming\PeerNetworking
[2009/02/04 10:50:35 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICAClient
[2009/12/20 19:11:00 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Image Zone Express
[2009/09/02 19:15:28 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Passage Express
[2009/02/23 12:52:23 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\pdf995
[2009/07/11 13:15:40 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Printer Info Cache
[2009/02/04 10:50:12 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Runaware
[2009/05/18 10:18:23 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TaxCut
[2010/01/05 08:10:11 | 00,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/05 08:37:00 | 00,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{747B452E-9578-43CF-846B-3393845136BF}.job
[2010/01/04 22:44:59 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BA5451C0-6665-4080-8466-58E71CD41F6A}.job

========== Purity Check ==========

< End of report >

by **Jack&Jill** » January 5th, 2010, 8:12 pm

Hello sjohn

,

Lets do a recap here:

1. unexpected shutdown when using DVD / CD drive
2. boot message "Diskette drive 0 failure. Press F1 to continue, F2 to enter setup."
3. email spam
4. slow internet
5. the VEW log suggest that there are device not functioning and many software problems

Please let me know if I missed anything. All the above indicates that you have a hardware / software / incompatibility / bios issue which is beyond my scope. I would suggest you to visit one of the following forums that have expertise in those areas to find some solution:
What The Tech
Bleeping Computer
Tech Support Forum

Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.

Run OTL by double clicking on OTL.exe. Click on CleanUp at the upper right corner, proceed to reboot if prompted.
Delete the GMER (7mgd34cv.exe), CKScanner, SysProt, VEW and LockSearch files.
Delete any logs on the desktop.
Uninstall HijackThis
- Open HijackThis.
- Go to Open the Misc Tools section by clicking on the box.
- Scroll down until the bottom and under the Uninstall HijackThis section, click on Uninstall HijackThis & exit button.
- Click Yes if prompted.

After you got your problems resolved, here are some tips to help you stay clean and safe:

1. Keep your Windows up to date. Enable Automatic Updates to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

2. Update your Antivirus program regularly, it is a must for constant protection against viruses. Please keep only one AV installed.

3. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool, totally free but for real-time protection you will have to pay a small one-time fee.

4. Install WinPatrol, a great protection program that helps you monitor for unwanted files or applications.

5. Install SiteHound or Web of Trust (WOT). SiteHound and WOT keeps you from dangerous websites with warnings and blockings. Please choose one only.

6. Protect your computer from removable or USB drive infections with Panda USB Vaccine, an effective method to prevent malware from spreading.

7. Keep all your softwares updated. Visit Secunia Software Inspector to find out if any updates required.

8. If you have been a victim of malware before, Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

9. Also look up How to prevent malware: By miekiemoes and So how did I get infected in the first place? By Tony Klein.

Stay safe.

by **NonSuch** » January 9th, 2010, 2:09 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.

Free Malware Removal Forum

Internet runs very slowly or stops working when using

Re: Internet runs very slowly or stops working when using

Re: Internet runs very slowly or stops working when using

Re: Internet runs very slowly or stops working when using

Re: Internet runs very slowly or stops working when using

Re: Internet runs very slowly or stops working when using

Re: Internet runs very slowly or stops working when using

Re: Internet runs very slowly or stops working when using

Re: Internet runs very slowly or stops working when using

Re: Internet runs very slowly or stops working when using

Re: Internet runs very slowly or stops working when using

Re: Internet runs very slowly or stops working when using

Re: Internet runs very slowly or stops working when using

Re: Internet runs very slowly or stops working when using

Who is online