Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser Redirects - Affecting Multiple Computers

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser Redirects - Affecting Multiple Computers

Unread postby dkooz » April 27th, 2011, 11:35 am

Hi,

Apologies as I was out of town and away from my coputers for a few days the last time I had posted and ended up getting my original post bumped. I'm hoping to be able pick things up again. Any assistance with the issues I've been having as of late would be greatly appreciated.

DESCRIPTION:
I've been having URL's redirecting to strange sites. Sometimes by clicking links, and other times by randomly clicking anywhere inside the browser frame.
It doesn't matter whether I'm using IE, FF or Chrome... if I go to Google.com and conduct a simple search (i.e. beer), almost any link within the results page that I then click on will spawn a popup window to some random site the first time I click the Google link. If I go back and attempt to click the same link a second time, the expected URL comes up.
This has consistantly been happening now on every computer in my home (2 laptops and 1 desktop) for the past month now and I've run all kinds of virus and anti-malware programs with no success.

The last time I posted, I was instructed to remove any anti-malware programs which I did so the only thing left running is my Bit Defender virus scanner. I've run DDS and also OLT so I will post both if that is helpful.

DDS & ATTACH OUTPUTS:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Dennis at 11:20:42.92 on 27/04/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.1979.1058 [GMT -4:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BitDefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Dennis\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.ca/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
TB: Bitdefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2011\IEToolbar.dll
uRun: [Google Update] "c:\users\dennis\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2011\ieshow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2011\bdagent.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2010-8-20 88144]
R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2011\updatesrv.exe [2011-3-24 43936]
R3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2010-5-13 152528]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-11-20 58880]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-11-20 137728]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-1-8 277536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2010-11-29 535824]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2010-11-29 1066232]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2010-11-30 307544]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-8 1343400]
.
=============== Created Last 30 ================
.
2011-04-22 18:03:39 -------- d-----w- c:\windows\system32\drivers\etc\old
2011-04-17 04:33:21 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-04-17 03:33:07 -------- d-----w- c:\program files\PC Tools Security
2011-04-17 03:32:40 -------- d-----w- c:\users\dennis\appdata\local\Immunet
2011-04-17 03:32:40 -------- d-----w- c:\progra~2\Immunet
2011-04-17 03:02:36 -------- d-----w- c:\program files\Araxis
2011-04-17 02:38:21 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-04-17 02:38:03 -------- d-----w- c:\windows\PCHEALTH
2011-04-17 02:38:03 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-04-17 02:37:28 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-04-17 02:37:04 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-04-17 02:36:43 -------- d-----w- c:\users\dennis\appdata\local\Microsoft Help
2011-04-17 02:32:59 -------- d-----w- c:\program files\Elaborate Bytes
2011-04-17 02:29:11 -------- d-----w- c:\program files\iTunes
2011-04-17 02:29:11 -------- d-----w- c:\program files\iPod
2011-04-16 21:01:30 -------- d-----w- C:\DOWNLOADS
2011-04-15 02:02:58 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 02:02:56 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 02:02:56 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 02:02:55 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 02:02:55 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-15 02:02:55 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 02:02:55 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-12 12:47:12 307784 ----a-w- c:\windows\system32\drivers\trufos.sys
2011-04-10 21:17:19 -------- d-----w- c:\program files\Sophos
2011-04-10 19:58:23 -------- d-----w- c:\users\dennis\appdata\roaming\Malwarebytes
2011-04-10 19:56:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-10 19:56:11 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-10 19:56:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-10 19:56:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-10 15:14:11 -------- d-----w- c:\users\dennis\appdata\roaming\BitDefender
2011-04-10 15:14:06 -------- d-----w- c:\program files\BitDefender
2011-04-10 15:10:05 -------- d-----w- c:\users\dennis\appdata\roaming\QuickScan
2011-04-10 15:06:35 -------- d-----w- c:\program files\common files\BitDefender
2011-04-10 15:06:35 -------- d-----w- c:\progra~2\BitDefender
2011-04-10 15:06:32 73091 ----a-w- c:\progra~2\bdinstall.bin
2011-04-10 15:06:32 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-04-10 12:48:51 -------- d-----w- c:\users\dennis\appdata\local\LogMeIn
2011-04-10 12:48:51 -------- d-----w- c:\progra~2\LogMeIn
2011-04-09 08:25:42 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ef1f6f37-97b6-460b-b50a-f6affd7841a4}\mpengine.dll
2011-04-07 02:21:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-07 02:21:38 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-03-28 19:17:43 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-28 19:17:43 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-28 19:17:43 1074176 ----a-w- c:\windows\system32\DWrite.dll
.
==================== Find3M ====================
.
2011-03-07 02:08:13 93552 ----a-w- c:\windows\system32\ElbyCDIO.dll
2011-03-07 00:52:09 134512 ----a-w- c:\windows\system32\ElbyVCD.dll
2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31:32 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 05:32:52 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:32:44 981504 ----a-w- c:\windows\system32\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-24 04:23:48 386048 ----a-w- c:\windows\system32\html.iec
2011-02-24 03:50:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-19 05:32:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 03:37:02 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-02-18 05:36:26 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-12 05:30:49 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-07-08 14:37:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe
.
============= FINISH: 11:23:02.90 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 08/01/2011 5:55:13 PM
System Uptime: 27/04/2011 11:14:32 AM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | H55M-USB3
Processor: Intel(R) Core(TM) i5 CPU 670 @ 3.47GHz | Socket 1156 | 3459/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 119 GiB total, 46.444 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP44: 14/04/2011 10:46:47 PM - Windows Update
RP45: 16/04/2011 10:33:12 PM - Device Driver Package Install: Elaborate Bytes AG Storage controllers
RP46: 16/04/2011 10:36:30 PM - Installed Microsoft Office Professional Plus 2010
RP47: 16/04/2011 11:02:14 PM - Installed Araxis Merge
RP48: 16/04/2011 11:35:30 PM - Spyware Doctor: Cleaning Threats
RP49: 17/04/2011 12:33:10 AM - Windows Update
RP50: 17/04/2011 7:00:13 PM - Windows Backup
RP51: 27/04/2011 10:30:33 AM - Windows Backup
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Araxis Merge
BitDefender Antivirus Pro 2011
Bonjour
Definition update for Microsoft Office 2010 (KB982726)
GOM Player
Google Chrome
Google Updater
ImgBurn
iTunes
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
NEC Electronics USB 3.0 Host Controller Driver
Picasa 3
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
runtime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
VirtualCloneDrive
XBMC
.
==== Event Viewer Messages From Past Week ========
.
27/04/2011 11:01:15 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer HP-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A9F2F0A4-4666-4288-AA22-46031BD63C32. The master browser is stopping or an election is being forced.
27/04/2011 10:32:46 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
.
==== End Of File ===========================


***********************************************************************************************
***********************************************************************************************
OLT OUTPUTS:

OTL logfile created on: 27/04/2011 11:15:56 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dennis\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119.13 Gb Total Space | 46.46 Gb Free Space | 39.00% Space Free | Partition Type: NTFS

Computer Name: MEDIAPC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/27 10:27:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
PRC - [2011/03/31 14:27:40 | 001,443,712 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
PRC - [2011/03/31 14:27:34 | 002,084,848 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
PRC - [2011/03/24 19:46:02 | 000,043,936 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
PRC - [2011/01/30 11:45:14 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2009/11/20 07:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (SafeList) ==========

MOD - [2011/04/27 10:27:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/31 14:27:34 | 002,084,848 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV - [2011/03/24 19:46:02 | 000,043,936 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
SRV - [2011/01/08 23:24:12 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/30 07:19:06 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/04/12 08:47:12 | 000,307,784 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\trufos.sys -- (Trufos)
DRV - [2011/04/10 11:06:34 | 000,105,152 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
DRV - [2011/03/24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/11/29 14:12:20 | 001,066,232 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2010/11/29 14:12:14 | 000,535,824 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2010/08/20 18:41:54 | 000,088,144 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2010/05/13 16:52:04 | 000,152,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2009/11/20 07:15:18 | 000,137,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2009/11/20 07:15:16 | 000,058,880 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/10 17:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1628769217-208276067-2990218538-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1628769217-208276067-2990218538-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1628769217-208276067-2990218538-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-1628769217-208276067-2990218538-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKU\S-1-5-21-1628769217-208276067-2990218538-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-1628769217-208276067-2990218538-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F 91 1C CA 8B AF CB 01 [binary data]
IE - HKU\S-1-5-21-1628769217-208276067-2990218538-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1628769217-208276067-2990218538-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1628769217-208276067-2990218538-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1628769217-208276067-2990218538-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2011/04/10 11:14:11 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/04/16 14:12:10 | 000,000,823 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab (DLC Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.247 213.109.76.242 1.1.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1cd1013f-686a-11e0-811d-6cf0497d916c}\Shell - "" = AutoRun
O33 - MountPoints2\{1cd1013f-686a-11e0-811d-6cf0497d916c}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{1cd1013f-686a-11e0-811d-6cf0497d916c}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{1cd1013f-686a-11e0-811d-6cf0497d916c}\Shell\install\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{4bfe7676-6931-11e0-801f-6cf0497d916c}\Shell - "" = AutoRun
O33 - MountPoints2\{4bfe7676-6931-11e0-801f-6cf0497d916c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/27 10:27:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2011/04/17 00:33:21 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/04/16 23:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/04/16 23:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/04/16 23:32:40 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Immunet
[2011/04/16 23:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Immunet
[2011/04/16 23:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Updater
[2011/04/16 23:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2011/04/16 23:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Araxis
[2011/04/16 22:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/04/16 22:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/04/16 22:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/04/16 22:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/04/16 22:38:03 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/04/16 22:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/04/16 22:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/04/16 22:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/04/16 22:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/04/16 22:36:43 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Microsoft Help
[2011/04/16 22:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/04/16 22:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/04/16 22:36:36 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/04/16 22:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2011/04/16 22:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2011/04/16 22:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/16 22:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/16 22:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/16 17:01:30 | 000,000,000 | ---D | C] -- C:\DOWNLOADS
[2011/04/16 14:36:01 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\backups
[2011/04/16 14:27:59 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Dennis\Desktop\HijackThis.exe
[2011/04/14 22:03:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/14 22:03:39 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/14 22:03:36 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/14 22:03:33 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/14 22:03:33 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/14 22:03:28 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/14 22:03:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/14 22:03:28 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/14 22:03:28 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/14 22:03:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/14 22:03:28 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/14 22:03:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/14 22:03:27 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/14 22:03:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/14 22:03:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/14 22:03:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/14 22:03:11 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/14 22:03:06 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/04/14 22:03:03 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/04/14 22:02:56 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/14 22:02:56 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/12 08:47:12 | 000,307,784 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2011/04/10 18:01:56 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/04/10 17:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/04/10 17:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/04/10 15:58:23 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes
[2011/04/10 15:56:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/10 15:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/10 15:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/10 15:56:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/10 15:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/10 11:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDefender 2011
[2011/04/10 11:14:11 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\BitDefender
[2011/04/10 11:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2011/04/10 11:10:05 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\QuickScan
[2011/04/10 11:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2011/04/10 11:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2011/04/10 11:06:32 | 000,353,096 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\bdfsfltr.sys
[2011/04/10 09:50:15 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\ImgBurn
[2011/04/10 09:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/04/10 09:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/04/10 08:48:51 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\LogMeIn
[2011/04/10 08:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2011/04/06 22:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/04/06 22:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/03/28 15:17:43 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/28 15:17:43 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

========== Files - Modified Within 30 Days ==========

[2011/04/27 11:16:59 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/04/27 11:14:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/27 11:14:39 | 1556,733,952 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/27 10:43:30 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 10:43:30 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 10:43:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1628769217-208276067-2990218538-1001UA.job
[2011/04/27 10:40:43 | 000,628,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/27 10:40:43 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/27 10:27:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2011/04/27 10:24:25 | 001,051,130 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/04/17 18:43:00 | 000,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1628769217-208276067-2990218538-1001Core.job
[2011/04/16 23:27:49 | 000,000,212 | ---- | M] () -- C:\Users\Dennis\Desktop\Weird Search Redirects.url
[2011/04/16 23:01:43 | 063,458,816 | ---- | M] () -- C:\Users\Dennis\Desktop\merge2010_Win32_3947.msi
[2011/04/16 22:56:58 | 000,406,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/16 22:33:22 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2011/04/16 22:31:39 | 001,587,696 | ---- | M] () -- C:\Users\Dennis\Desktop\SetupVirtualCloneDrive5450.exe
[2011/04/16 22:29:25 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/16 14:27:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Dennis\Desktop\HijackThis.exe
[2011/04/16 14:27:08 | 001,402,880 | ---- | M] () -- C:\Users\Dennis\Desktop\HijackThis.msi
[2011/04/16 14:12:10 | 000,000,823 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/13 08:22:01 | 000,001,000 | ---- | M] () -- C:\Windows\System32\drivers\etc\old\hosts.20110416-141021.backup
[2011/04/12 08:47:12 | 000,307,784 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2011/04/10 18:01:57 | 000,002,316 | ---- | M] () -- C:\Users\Dennis\Desktop\Google Chrome.lnk
[2011/04/10 15:56:12 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/10 15:55:05 | 000,432,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\old\hosts.pre.spybot.BAK
[2011/04/10 15:54:51 | 000,432,374 | R--- | M] () -- C:\Windows\System32\drivers\etc\old\hosts.20110410-155505.backup
[2011/04/10 11:16:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\imblacklist.dat
[2011/04/10 11:16:08 | 000,073,091 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2011/04/10 11:14:48 | 000,000,415 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2011/04/10 11:14:13 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\BitDefender Antivirus Pro 2011.lnk
[2011/04/10 09:44:50 | 000,001,811 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/04/06 22:34:14 | 000,432,374 | R--- | M] () -- C:\Windows\System32\drivers\etc\old\hosts.20110410-155451.backup

========== Files Created - No Company Name ==========

[2011/04/16 23:33:27 | 001,051,130 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/04/16 23:31:03 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2011/04/16 23:02:40 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Araxis Merge.lnk
[2011/04/16 23:01:43 | 063,458,816 | ---- | C] () -- C:\Users\Dennis\Desktop\merge2010_Win32_3947.msi
[2011/04/16 22:35:10 | 1532,469,248 | ---- | C] () -- C:\Users\Dennis\Desktop\en_office_professional_plus_2010_x86_x64_dvd_515529.iso
[2011/04/16 22:33:22 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2011/04/16 22:31:38 | 001,587,696 | ---- | C] () -- C:\Users\Dennis\Desktop\SetupVirtualCloneDrive5450.exe
[2011/04/16 22:29:25 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/16 14:36:54 | 000,000,212 | ---- | C] () -- C:\Users\Dennis\Desktop\Weird Search Redirects.url
[2011/04/16 14:27:08 | 001,402,880 | ---- | C] () -- C:\Users\Dennis\Desktop\HijackThis.msi
[2011/04/10 18:01:57 | 000,002,316 | ---- | C] () -- C:\Users\Dennis\Desktop\Google Chrome.lnk
[2011/04/10 15:56:12 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/10 11:16:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\imblacklist.dat
[2011/04/10 11:14:48 | 000,000,415 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2011/04/10 11:14:13 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\BitDefender Antivirus Pro 2011.lnk
[2011/04/10 11:06:32 | 000,073,091 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/04/10 09:44:50 | 000,001,823 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/04/10 09:44:50 | 000,001,811 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/01/08 19:33:48 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/01/25 13:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,406,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,628,024 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,110,208 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll

========== LOP Check ==========

[2011/04/10 11:14:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\BitDefender
[2011/04/10 09:53:03 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ImgBurn
[2011/04/10 11:10:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\QuickScan
[2011/04/14 22:31:15 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\XBMC
[2009/07/14 00:53:46 | 000,025,854 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 10 bytes -> C:\Users\Dennis\Desktop\SetupVirtualCloneDrive5450.exe:BDU
@Alternate Data Stream - 10 bytes -> C:\Users\Dennis\Desktop\OTL.exe:BDU

< End of report >

OTL Extras logfile created on: 27/04/2011 11:15:56 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dennis\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119.13 Gb Total Space | 46.46 Gb Free Space | 39.00% Space Free | Partition Type: NTFS

Computer Name: MEDIAPC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43BF279E-AAD6-476C-AF6C-35C9CB33226B}" = Araxis Merge
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B6CA7A3C-35FD-401F-9335-FFFD2BCD5FF3}" = BitDefender Antivirus Pro 2011
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D88C3E7C-1DA6-4AD7-97FC-75BC8705B266}" = runtime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BitDefender" = BitDefender Antivirus Pro 2011
"GOM Player" = GOM Player
"Google Updater" = Google Updater
"ImgBurn" = ImgBurn
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"VirtualCloneDrive" = VirtualCloneDrive

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1628769217-208276067-2990218538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"XBMC" = XBMC

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/04/2011 10:43:02 PM | Computer Name = MediaPC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 16/04/2011 10:43:09 PM | Computer Name = MediaPC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 16/04/2011 10:43:09 PM | Computer Name = MediaPC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 16/04/2011 10:43:09 PM | Computer Name = MediaPC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 16/04/2011 10:43:09 PM | Computer Name = MediaPC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 17/04/2011 4:58:50 PM | Computer Name = MediaPC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\pc tools
security\networklayer\PCTCFFix64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 17/04/2011 4:58:57 PM | Computer Name = MediaPC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 22/04/2011 2:59:45 PM | Computer Name = MediaPC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\pc tools
security\networklayer\PCTCFFix64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 22/04/2011 2:59:52 PM | Computer Name = MediaPC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 27/04/2011 10:27:25 AM | Computer Name = MediaPC | Source = pctsSvc.exe | ID = 0
Description =

[ Media Center Events ]
Error - 27/02/2011 10:50:01 PM | Computer Name = MediaPC | Source = MCUpdate | ID = 0
Description = 9:50:01 PM - Failed to retrieve Directory (Error: The operation has
timed out)

Error - 27/02/2011 10:50:31 PM | Computer Name = MediaPC | Source = MCUpdate | ID = 0
Description = 9:50:30 PM - Error connecting to the internet. 9:50:30 PM - Unable
to contact server..

[ System Events ]
Error - 16/04/2011 11:27:30 PM | Computer Name = MediaPC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 16/04/2011 11:27:34 PM | Computer Name = MediaPC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 16/04/2011 11:27:37 PM | Computer Name = MediaPC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 16/04/2011 11:27:40 PM | Computer Name = MediaPC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 16/04/2011 11:27:43 PM | Computer Name = MediaPC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 16/04/2011 11:27:46 PM | Computer Name = MediaPC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 16/04/2011 11:27:49 PM | Computer Name = MediaPC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 17/04/2011 7:03:21 PM | Computer Name = MediaPC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 27/04/2011 10:32:46 AM | Computer Name = MediaPC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 27/04/2011 11:01:15 AM | Computer Name = MediaPC | Source = bowser | ID = 8003
Description =


< End of report >


Thanks very much,
dkooz
dkooz
Active Member
 
Posts: 2
Joined: April 22nd, 2011, 2:18 pm
Advertisement
Register to Remove

Re: Browser Redirects - Affecting Multiple Computers

Unread postby Wingman » April 30th, 2011, 2:37 pm

Hello... dkooz,

Please disconnect this computer from any network and do not reconnect it.
If other computers on your network are infected, they can reinfect this one. You will need to clean each computer, if infected, separately and while disconnected from your network.

My name is Wingman, and I'll be helping you with any malware problems.
The logs I request can take a while to research, so please be patient.

Before we begin...please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  7. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean"

Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Malware removal:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care, not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

Step 1.
Create a System Restore Point - W7

  1. Go to Start > Control Panel... click the System icon in the Control Panel.
  2. In the left pane click on System Protection.
  3. When the Dialog comes up, click on theSystem protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type a descriptive name... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the System window in the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Malwarebytes' Anti-Malware
  1. Please start MBAM (Malwarebytes' Anti-Malware) again.
  2. Press the Update tab.. then press the Check for Updates...button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN this time... then press the Scan...button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check all items except any items (if present) in the C:\System Volume Information folder... then click on Remove Selected.
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.

Step 3.
RSIT (Random's System Information Tool)
Please download RSIT by random/random... save it to your desktop.
You need to be connected to the Internet, so RSIT can download HijackThis, if needed.
  1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  2. Please read the disclaimer... click on Continue.
  3. RSIT will start running. When done... 2 logs files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
    These log files can be found in the C:\RSIT folder
  4. Please post "log.txt" file contents in your next reply.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. MBAM scan results.
  3. RSIT log.txtfile contents.
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14112
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Browser Redirects - Affecting Multiple Computers

Unread postby Wingman » May 3rd, 2011, 3:34 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14112
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware