Free Malware Removal Forum

by **rlmark** » February 16th, 2010, 5:35 pm

Hey there, thanks for taking the time to help me out and read over my logs.

I'm having a few strange problems in my computer and wanted to make sure that they aren't malware problems. None of them are majorly effecting the usability of my computer (besides #4). Here they are

1. Add/Remove Programs isn't showing the icons, a bunch of programs seemingly vanished (but the .exe's and shortcuts are still all present) and all of a sudden a bunch of weird programs showed up that I've never seen before and can't identify as being associated with something else. (e.g CP_AtenaShokunin1Config . what in the world?!)

You'll also notice that HJT was unable to detect ANY programs installed besides itself! As you can probably presume, i have more programs then just HJT!

2. System Restore has all the restore points, but upon try to restore to one, it is unable.

3. I just switched from Norton to BitDefender for my antivirus/firewall. It was in the taskbar when i first installed it, but after a reboot, it's not in the taskbar and I don't see any of its processes running in Task Manager. Even opening the BitDefender Control Panel won't get the processes started.

4. Every once in a while, i get a Windows- No Disk error. This has been happening for a while though. The specific error is "Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c". This usually happens when I run certain programs like an old (2001) copy of Microsoft PictureIt! or Spybot Search and Destroy.

If you're interested, I can only think of three reasons that this stuff suddenly happened.

1. Something in the switch from Norton to BitDefender
2. I ran two BitDefender Scans (quick scan, and then a deeper one) and both found infected/dangerous files in system folders. (I have the logs if you want them).
3. Using a software called Revo Uninstaller Pro to uninstall some adware toolbars and other old programs left laying around. (Revo uninstalls the programs then scans the HD and registry for leftover files to delete).

Anyways, that's all for my details, here's the HJT and Uninstall logs!

2/21/10 UPDATE ON CONDITION: I read in BitDefender Support that if BD had detected one of its own .dlls as infected, and the user deleted it, then that could be why BD wasn't booting at startup. It recommended running a patch while in Safe Mode with Networking. I did so. Upon rebooting, BD gave me an error and refused to start up, so I uninstalled it, planning to reinstall it. When I restarted from the uninstall, Windows Installer started trying to install something called PhotoGallery and I kept getting weird .NET Framework errors. I was able to reinstall and BD is working fine now.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:07 PM, on 5/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINDOWS\System32\imapi.exe
F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\WINDOWS\system32\dla\tfswctrl.exe
F:\Program Files\SiteAdvisor\6172\SiteAdv.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
F:\Program Files\Secunia\PSI\psi.exe
F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\WINDOWS\System32\HPZipm12.exe
F:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
F:\Program Files\Google\Google Talk\googletalk.exe
F:\Documents and Settings\Kids\Desktop\RSIT.exe
F:\Program Files\trend micro\Kids.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 38.102.4.116:2080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - F:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - F:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - F:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - F:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - F:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dla] F:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SiteAdvisor] F:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [googletalk] F:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "F:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [WinPatrol] F:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [googletalk] "F:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ?\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1275210071-1450960922-725345543-1004\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background (User 'Mom and Dad')
O4 - HKUS\S-1-5-21-1275210071-1450960922-725345543-1004\..\Run: [Microsoft Works Update Detection] ?\WkDetect.exe (User 'Mom and Dad')
O4 - HKUS\S-1-5-21-1275210071-1450960922-725345543-1004\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'Mom and Dad')
O4 - HKUS\S-1-5-21-1275210071-1450960922-725345543-1004\..\Run: [TivoTransfer] "F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer (User 'Mom and Dad')
O4 - HKUS\S-1-5-21-1275210071-1450960922-725345543-1004\..\Run: [TivoNotify] "F:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify (User 'Mom and Dad')
O4 - HKUS\S-1-5-21-1275210071-1450960922-725345543-1004\..\Run: [TivoServer] "F:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer (User 'Mom and Dad')
O4 - HKUS\S-1-5-21-1275210071-1450960922-725345543-1004\..\Run: [P2kAutostart] (User 'Mom and Dad')
O4 - HKUS\S-1-5-21-1275210071-1450960922-725345543-1004\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Mom and Dad')
O4 - HKUS\S-1-5-21-1275210071-1450960922-725345543-1004\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Mom and Dad')
O4 - HKUS\S-1-5-21-1275210071-1450960922-725345543-1004\..\Run: [Upromise Tray] F:\Program Files\Upromise\UpromiseTray.exe (User 'Mom and Dad')
O4 - Startup: Secunia PSI.lnk = F:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: autobahn.lnk = F:\Program Files\Autobahn\autobahn.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://F:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://F:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://F:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://F:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://www.shockwave.com/content/chocol ... 0.0.13.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scan ... ProExe.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8842907250
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast.com/admin/hostClientIE.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/ ... mDlBrg.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/on ... /fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://my.firmenich.com/dana-cached/se ... tupSP1.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca07.custhelp.com/8201-b499h ... a/RntX.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab
O20 - AppInit_DLLs: F:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - F:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - F:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KodakDigitalDisplayService - Orb Networks - F:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - F:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Symantec Core LC - Unknown owner - F:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

--
End of file - 15179 bytes

---UNINSTALL LIST---

Hijack This 2.0.2

---------------------------

by **MWR 3 day Mod** » February 19th, 2010, 8:48 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

by **Dakeyras** » February 25th, 2010, 5:27 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Hi rlmark and welcome to Malware Removal.

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Every once in a while, i get a Windows- No Disk error. This has been happening for a while though. The specific error is "Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c".

This may be a indication of a possible pending Hard-Drive failure. Though I will not rule out malware as the cause.

2. I ran two BitDefender Scans (quick scan, and then a deeper one) and both found infected/dangerous files in system folders. (I have the logs if you want them).

By all means post one of them for my review, just the quick scan log will suffice for now, thank you.

Using a software called Revo Uninstaller Pro to uninstall some adware toolbars and other old programs left laying around. (Revo uninstalls the programs then scans the HD and registry for leftover files to delete).

Personally I would not recommend the application as it may remove legitimate items from the registry and regardless the fact it creates its own backups a good chance they will not be successfully re-merged/restored. If in the future you wish to continue using this I would actually create a independent registry backup first as a precaution.

Scan with OTL:

Please download OTL and save it to your Desktop.

Make sure that OTL.exe is on the your Desktop before running the application!

Close all other open windows, then double-click OTL.exe to start the application.
Under Output, ensure that Minimal Output is selected.
Under the Standard Registry box change it to All
Check the following:

Copy the text in the code box below and paste it into the Custom Scans/Fixes box:

Code: Select all

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

Click Quick Scan in upper left of window.
When the scan is finished, two Notepad files will open:
Please post the contents of these two Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

How is you computer performing now, any further symptoms and or problems encountered?
BitDefender Log.
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

by **rlmark** » February 25th, 2010, 3:26 pm

Dakeyras wrote:This may be a indication of a possible pending Hard-Drive failure. Though I will not rule out malware as the cause.

OK, thanks for the idea. I wouldn't be surprised if it's not malware, but I just wanted to check and make sure!

Post-Scan Update: When running OTL, this error came up close to a hundred times during "Manual File Scan- Looking in folder: ". It came up for 16 different folders, all starting with c:\temp1\temp\ . I wrote them all down if you want me to list them out here.

]By all means post one of them for my review, just the quick scan log will suffice for now, thank you.

Unfortunatley, when I reinstalled BitDefender I seem to have lost those logs

Sorry!

Personally I would not recommend the application as it may remove legitimate items from the registry and regardless the fact it creates its own backups a good chance they will not be successfully re-merged/restored. If in the future you wish to continue using this I would actually create a independent registry backup first as a precaution.

Thanks again for the advice. I really didn't know. Should I try and see if I can restore any of the registry backups from Uninstaller?

[*]How is you computer performing now, any further symptoms and or problems encountered?

BitDefender seems to constantly have the scan process running. It won't allow itself to update because the scan process is supposedly running. When it comes time for scheduled scans, it says that the scan process is already running. Is this anything you think you can help with, or is it just a problem I have to take up with bitdefender?

Thanks again for taking the time to help me. I'll put the logs in the next replies.

by **rlmark** » February 25th, 2010, 3:27 pm

OTL logfile created on: 2/25/2010 1:47:27 PM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = F:\Documents and Settings\Mom and Dad\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 42.00% Paging File free
Paging file location(s): F:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
C: Drive not present or media not loaded
Drive D: | 483.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 149.00 Gb Total Space | 4.22 Gb Free Space | 2.83% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIVINGROOM3
Current User Name: Mom and Dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - F:\Documents and Settings\Mom and Dad\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - F:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
PRC - F:\Program Files\BitDefender\BitDefender 2010\noviceui.exe (BitDefender S.R.L.)
PRC - F:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
PRC - F:\Program Files\BitDefender\BitDefender 2010\uiscan.exe (BitDefender S.R.L.)
PRC - F:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
PRC - F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - F:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - F:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - F:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - F:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
PRC - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - F:\Program Files\Upromise\UpromiseTray.exe ()
PRC - F:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - F:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - F:\Program Files\Autobahn\autobahn.exe ()
PRC - F:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - F:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.)
PRC - F:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - F:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - F:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe (Orb Networks)
PRC - F:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin)
PRC - F:\Program Files\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
PRC - F:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
PRC - F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe (TiVo Inc.)
PRC - F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe (TiVo Inc.)
PRC - F:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - F:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - F:\Program Files\SiteAdvisor\6172\SiteAdv.exe (McAfee, Inc.)
PRC - F:\Program Files\Google\Google Talk\googletalk.exe (Google)
PRC - F:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Co.)
PRC - F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - F:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - F:\Program Files\Analog Devices\SoundMAX\spkrmon.exe ()
PRC - F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)

========== Modules (SafeList) ==========

MOD - F:\Documents and Settings\Mom and Dad\Desktop\OTL.exe (OldTimer Tools)
MOD - F:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - F:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - F:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - F:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - F:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - F:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - F:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - F:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)
MOD - F:\Program Files\SiteAdvisor\6172\saHook.dll ()

========== Win32 Services (SafeList) ==========

SRV - (VSSERV) -- F:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV - (LIVESRV) -- F:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV - (gupdate) Google Update Service (gupdate) -- F:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (GoogleDesktopManager-110309-193829) -- F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (scan) -- F:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (Arrakis3) -- F:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV - (WDDMService) -- F:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (IntuitUpdateService) -- F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (iPod Service) -- F:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (WDSmartWareBackgroundService) -- F:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (Apple Mobile Device) -- F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PCPitstop Scheduling) -- F:\Program Files\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)
SRV - (gusvc) -- F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (JavaQuickStarterService) -- F:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (getPlus(R) Helper) getPlus(R) -- F:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (Bonjour Service) -- F:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (NVSvc) -- F:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (KodakDigitalDisplayService) -- F:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe (Orb Networks)
SRV - (TivoBeacon2) -- F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe (TiVo Inc.)
SRV - (Pml Driver HPZ12) -- F:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Imapi Helper) -- F:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)
SRV - (ose) -- F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (spkrmon) -- F:\Program Files\Analog Devices\SoundMAX\spkrmon.exe ()
SRV - (ICDSPTSV) -- F:\WINDOWS\system32\IcdSptSv.exe (Sony Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1007\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1007\S-1-5-21-1275210071-1450960922-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1008\S-1-5-21-1275210071-1450960922-725345543-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=966134"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1650a312-02bc-40ee-977e-83f158701739}:26.6
FF - prefs.js..extensions.enabledItems: FFToolbar@upromise:6.2.2.1363
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p="
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"

FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: F:\Program Files\eMusic Download Manager\xulrunner\components [2009/09/19 19:04:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: F:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/01/07 10:57:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: F:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/02/21 12:20:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010/02/22 16:11:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010/02/22 16:11:55 | 000,000,000 | ---D | M]

[2009/07/12 19:36:42 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Extensions
[2010/02/24 09:16:01 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\p0i2ozcu.default\extensions
[2009/12/19 17:11:24 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\p0i2ozcu.default\extensions\FFToolbar@upromise
[2010/01/12 20:00:45 | 000,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/21 14:36:28 | 000,616,340 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 a9rhiwa.cn #[Google.Warning]
O1 - Hosts: 127.0.0.1 www.a9rhiwa.cn
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 16258 more lines...
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - F:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - F:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - F:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (no name) - {4fe8e2eb-f905-45a9-8de9-9ad2f228ccc9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKU\S-1-5-21-1275210071-1450960922-725345543-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1450960922-725345543-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1450960922-725345543-1007\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDAgent] F:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] F:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [dla] F:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [F5D7050v3] F:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [Google Desktop Search] F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [googletalk] F:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] F:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] F:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] F:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] F:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] F:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SiteAdvisor] F:\Program Files\SiteAdvisor\6172\SiteAdv.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinPatrol] F:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004..\Run: [Microsoft Works Update Detection] File not found
O4 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004..\Run: [NvMediaCenter] F:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004..\Run: [P2kAutostart] File not found
O4 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004..\Run: [TivoNotify] F:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
O4 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004..\Run: [TivoServer] F:\Program Files\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
O4 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004..\Run: [TivoTransfer] F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe (TiVo Inc.)
O4 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004..\Run: [Upromise Tray] F:\Program Files\Upromise\UpromiseTray.exe ()
O4 - HKU\S-1-5-21-1275210071-1450960922-725345543-1007..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004..\RunOnce: [FlashPlayerUpdate] F:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-1275210071-1450960922-725345543-1007..\RunOnce: [FlashPlayerUpdate] F:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\autobahn.lnk = F:\Program Files\Autobahn\autobahn.exe ()
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = F:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = F:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: F:\Documents and Settings\Mom and Dad\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-1450960922-725345543-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-1450960922-725345543-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - F:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1275210071-1450960922-725345543-1007\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1275210071-1450960922-725345543-1007\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1275210071-1450960922-725345543-1007\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-1275210071-1450960922-725345543-1008\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} http://www.shockwave.com/content/chocol ... 0.0.13.cab (CPlayFirstChocolatierControl Object)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... p43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scan ... ProExe.cab (Scanner.SysScanner)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 8842907250 (MUWebControl Class)
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} http://vhost.oddcast.com/admin/hostClientIE.cab (hostCntrlIE Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/softwa ... Plugin.cab (ScorchPlugin Class)
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} http://a248.e.akamai.net/f/248/5462/2h/ ... mDlBrg.cab (Reg Error: Key error.)
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} http://support.f-secure.com/enu/home/on ... /fscax.cab (F-Secure Health Check 1.1)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v50/di ... erdash.cab (DinerDash Control)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://my.firmenich.com/dana-cached/se ... tupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} http://liveca07.custhelp.com/8201-b499h ... a/RntX.cab (Live Collaboration)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab (DownloadManager Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll ()
O20 - AppInit_DLLs: (F:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - F:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: F:\Documents and Settings\Mom and Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: F:\Documents and Settings\Mom and Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/03 19:29:22 | 000,000,113 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1c759cc0-e364-11dd-ab37-000cf1b64644}\Shell\AutoRun\command - "" = G:\system32.vbs -- File not found
O33 - MountPoints2\{1c759cc0-e364-11dd-ab37-000cf1b64644}\Shell\open\command - "" = G:\system32.vbs -- File not found
O33 - MountPoints2\{68d99743-f0d6-11de-abc0-000cf1b64644}\Shell - "" = AutoRun
O33 - MountPoints2\{68d99743-f0d6-11de-abc0-000cf1b64644}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{68d99743-f0d6-11de-abc0-000cf1b64644}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{68d99781-f0d6-11de-abc0-000cf1b64644}\Shell - "" = AutoRun
O33 - MountPoints2\{68d99781-f0d6-11de-abc0-000cf1b64644}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{68d99781-f0d6-11de-abc0-000cf1b64644}\Shell\AutoRun\command - "" = I:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - F:\WINDOWS\system32\ias [2006/12/26 19:14:29 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - F:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (66712962504589312)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/25 13:45:42 | 000,549,888 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Mom and Dad\Desktop\OTL.exe
[2010/02/25 03:00:40 | 000,000,000 | ---D | C] -- F:\WINDOWS\LastGood
[2010/02/23 21:41:48 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Mom and Dad\My Documents\2009 Taxes
[2010/02/21 12:01:42 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Mom and Dad\Application Data\BitDefender
[2010/02/21 12:01:42 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\BitDefender
[2010/02/21 11:59:59 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\BitDefender
[2010/02/19 10:10:22 | 000,000,000 | --SD | M] -- F:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/19 10:04:44 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2010/02/16 15:33:21 | 000,000,000 | ---D | C] -- F:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2010/02/15 20:14:38 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Mom and Dad\Application Data\Toolbar4
[2010/02/15 19:50:40 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Mom and Dad\Application Data\Add-in Express Ltd
[2010/02/15 17:30:21 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Mom and Dad\Application Data\AccurateRip
[2010/02/15 16:20:32 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Mom and Dad\Local Settings\Application Data\VS Revo Group
[2010/02/15 16:19:03 | 000,027,064 | ---- | C] (VS Revo Group) -- F:\WINDOWS\System32\drivers\revoflt.sys
[2010/02/15 14:27:13 | 000,000,000 | ---D | C] -- F:\Program Files\BitDefender
[2010/02/13 22:19:39 | 000,451,968 | ---- | C] (Ralink Technology, Corp.) -- F:\WINDOWS\System32\drivers\rt73.sys
[2010/02/13 22:19:25 | 000,000,000 | ---D | C] -- F:\Program Files\Belkin
[2010/02/12 18:00:51 | 000,000,000 | ---D | C] -- F:\Program Files\AirPort
[2010/01/05 22:20:11 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/04 21:32:49 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\ServiceTest
[2009/07/22 16:57:50 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/01/01 05:00:16 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
[2008/11/10 15:54:34 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Application Data\Malwarebytes
[2008/07/12 17:59:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/06/29 16:03:40 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/12/22 17:38:29 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\TiVo Desktop
[2007/03/26 19:09:36 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2007/03/17 07:34:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Application Data\SiteAdvisor
[2006/12/26 19:19:24 | 000,000,000 | --SD | M] -- F:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/05/12 02:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- F:\WINDOWS\Fonts\RandFont.dll
[8 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]
[8 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/25 13:55:00 | 000,000,420 | -H-- | M] () -- F:\WINDOWS\tasks\User_Feed_Synchronization-{C85A52A9-DEE3-40ED-93B1-CDF5F6BE7DED}.job
[2010/02/25 13:45:43 | 000,549,888 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Mom and Dad\Desktop\OTL.exe
[2010/02/25 06:24:32 | 000,000,868 | ---- | M] () -- F:\WINDOWS\tasks\Google Software Updater.job
[2010/02/24 18:24:14 | 000,000,376 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\Application Dataprivacy.xml
[2010/02/23 16:02:05 | 000,000,025 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\Application Data\bdfvconp.ini
[2010/02/22 16:05:04 | 000,179,818 | ---- | M] () -- F:\WINDOWS\System32\nvapps.xml
[2010/02/21 20:16:34 | 000,136,192 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/21 19:12:56 | 000,878,448 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\My Documents\BML Feb 2010 - Clip 001.avi.sfk
[2010/02/21 18:38:59 | 000,001,768 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\My Documents\Default.sfvidcap
[2010/02/21 18:38:28 | 3176,983,552 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\My Documents\BML Feb 2010 - Clip 001.avi
[2010/02/21 18:02:03 | 000,000,850 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\Application DataProductTweaks.xml
[2010/02/21 18:02:03 | 000,000,385 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\Application Datauser_gensett.xml
[2010/02/21 18:01:06 | 000,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2010/02/21 18:01:00 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2010/02/21 14:36:28 | 000,616,340 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\HOSTS
[2010/02/21 12:17:11 | 000,000,385 | ---- | M] () -- F:\WINDOWS\System32\user_gensett.xml
[2010/02/21 12:15:40 | 000,000,052 | ---- | M] () -- F:\WINDOWS\System32\ashttpstats.csv
[2010/02/21 12:15:37 | 010,223,616 | -H-- | M] () -- F:\Documents and Settings\Mom and Dad\NTUSER.DAT
[2010/02/21 12:15:37 | 000,000,278 | -HS- | M] () -- F:\Documents and Settings\Mom and Dad\ntuser.ini
[2010/02/21 12:14:27 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- F:\WINDOWS\System32\drivers\bdfm.sys
[2010/02/21 12:14:27 | 000,106,464 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- F:\WINDOWS\System32\drivers\bdhv.sys
[2010/02/21 12:02:40 | 000,001,869 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\BitDefender Internet Security 2010.lnk
[2010/02/21 11:50:07 | 000,327,327 | ---- | M] () -- F:\BdUninstallTool2010.02.21-11.47.11.reg
[2010/02/21 11:34:01 | 000,026,112 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\My Documents\girl scout Nut orders.doc
[2010/02/21 11:32:45 | 000,662,451 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\Desktop\fppatch.exe
[2010/02/19 09:55:45 | 000,001,880 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/02/16 15:47:16 | 000,001,734 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\Desktop\Hijackthis.lnk
[2010/02/16 15:20:22 | 000,000,004 | ---- | M] () -- F:\WINDOWS\System32\aspdict-en.dat
[2010/02/16 15:10:50 | 000,000,821 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/02/16 15:07:30 | 000,116,648 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/16 15:04:03 | 000,376,056 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/15 15:30:53 | 000,000,016 | ---- | M] () -- F:\WINDOWS\System32\asdict.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\wsbl.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\phar_unmip.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\phar_histprot.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\ph_white.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\ph_summ.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\ph_spoof.sig
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\ph_sign.slf
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\ph_fuzzy.sig
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\ph_black.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pcwords2.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pcwords.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_webproxy.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_video.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_tabloids.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_socialnetworks.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_sign.slf
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_searchengines.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_regionaltlds.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_pornography.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_onlineshop.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_onlinepay.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_onlinedating.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_news.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_im.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_illegal.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_hate.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_games.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_gambling.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_drugs.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\ab_sbl.sig
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\ab_bl.sig
[2010/02/15 14:30:38 | 000,525,946 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/15 14:30:38 | 000,445,704 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2010/02/15 14:30:38 | 000,072,620 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2010/02/13 22:19:37 | 000,001,684 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Belkin Wireless Networking Utility.lnk
[8 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]
[8 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/23 16:02:05 | 000,000,025 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Application Data\bdfvconp.ini
[2010/02/21 18:38:33 | 000,878,448 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\My Documents\BML Feb 2010 - Clip 001.avi.sfk
[2010/02/21 18:23:29 | 3176,983,552 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\My Documents\BML Feb 2010 - Clip 001.avi
[2010/02/21 18:02:03 | 000,000,850 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Application DataProductTweaks.xml
[2010/02/21 18:02:03 | 000,000,385 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Application Datauser_gensett.xml
[2010/02/21 18:02:03 | 000,000,376 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Application Dataprivacy.xml
[2010/02/21 12:17:11 | 000,000,385 | ---- | C] () -- F:\WINDOWS\System32\user_gensett.xml
[2010/02/21 12:02:40 | 000,001,869 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\BitDefender Internet Security 2010.lnk
[2010/02/21 11:47:11 | 000,327,327 | ---- | C] () -- F:\BdUninstallTool2010.02.21-11.47.11.reg
[2010/02/21 11:36:48 | 000,225,784 | ---- | C] () -- F:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/21 11:34:00 | 000,026,112 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\My Documents\girl scout Nut orders.doc
[2010/02/21 11:32:44 | 000,662,451 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Desktop\fppatch.exe
[2010/02/19 09:55:45 | 000,001,880 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/02/16 15:20:22 | 000,000,004 | ---- | C] () -- F:\WINDOWS\System32\aspdict-en.dat
[2010/02/15 16:19:04 | 000,000,821 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/02/15 15:30:53 | 000,000,016 | ---- | C] () -- F:\WINDOWS\System32\asdict.dat
[2010/02/15 14:46:34 | 000,000,052 | ---- | C] () -- F:\WINDOWS\System32\ashttpstats.csv
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\wsbl.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\phar_unmip.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\phar_histprot.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\ph_white.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\ph_summ.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\ph_spoof.sig
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\ph_sign.slf
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\ph_fuzzy.sig
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\ph_black.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pcwords2.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pcwords.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_webproxy.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_video.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_tabloids.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_socialnetworks.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_sign.slf
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_searchengines.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_regionaltlds.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_pornography.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_onlineshop.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_onlinepay.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_onlinedating.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_news.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_im.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_illegal.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_hate.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_games.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_gambling.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_drugs.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\ab_sbl.sig
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\ab_bl.sig
[2010/02/13 22:19:37 | 000,001,684 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Belkin Wireless Networking Utility.lnk
[2010/02/13 22:19:36 | 000,200,704 | ---- | C] () -- F:\WINDOWS\System32\UpdateDriver.exe
[2010/02/13 22:19:36 | 000,005,224 | ---- | C] () -- F:\WINDOWS\System32\ucuiinfo.ini
[2009/11/06 16:53:27 | 001,970,176 | ---- | C] () -- F:\WINDOWS\System32\d3dx9.dll
[2009/06/17 14:12:09 | 000,000,368 | ---- | C] () -- F:\WINDOWS\pagebreeze.ini
[2009/06/17 14:12:09 | 000,000,044 | ---- | C] () -- F:\WINDOWS\formbreeze.ini
[2009/05/30 15:14:57 | 000,000,293 | ---- | C] () -- F:\WINDOWS\AndreaMosaic.INI
[2009/05/27 15:31:31 | 000,000,141 | ---- | C] () -- F:\WINDOWS\thinkfst.ini
[2009/05/27 11:56:42 | 000,508,200 | ---- | C] () -- F:\WINDOWS\System32\ICCProfiles.dll
[2009/05/25 17:37:02 | 000,109,440 | ---- | C] () -- F:\WINDOWS\System32\drivers\KbdCap.sys
[2009/05/20 14:50:28 | 000,000,176 | -HS- | C] () -- F:\WINDOWS\WSYS049.SYS
[2009/02/11 15:15:33 | 000,000,937 | ---- | C] () -- F:\WINDOWS\ProxyChecker.INI
[2009/01/28 15:38:24 | 000,765,952 | ---- | C] () -- F:\WINDOWS\System32\xvidcore.dll
[2009/01/28 15:38:22 | 000,180,224 | ---- | C] () -- F:\WINDOWS\System32\xvidvfw.dll
[2009/01/15 12:45:34 | 000,181,248 | ---- | C] () -- F:\WINDOWS\System32\txmlutil.dll
[2008/09/30 17:17:12 | 012,816,405 | ---- | C] () -- F:\Program Files\themehospital-demo.zip
[2008/09/30 17:16:27 | 012,816,405 | ---- | C] () -- F:\Program Files\hospital.zip
[2008/09/30 17:08:50 | 007,502,919 | ---- | C] () -- F:\Program Files\theme.zip
[2008/09/23 08:03:07 | 000,084,677 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2008/09/23 08:03:07 | 000,000,227 | ---- | C] () -- F:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/09/23 07:57:54 | 000,002,927 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Application Data\PatchUpdate_InstantShareJPG.log
[2008/09/23 07:57:54 | 000,000,214 | ---- | C] () -- F:\WINDOWS\HP_InstantSHareJPG.ini
[2008/09/23 07:57:23 | 000,003,702 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Application Data\PatchUpdate_IZClosingDiscError.log
[2008/09/23 07:57:23 | 000,000,217 | ---- | C] () -- F:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2008/09/23 07:48:04 | 000,040,133 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2008/09/23 07:48:04 | 000,000,221 | ---- | C] () -- F:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/07/11 20:54:54 | 000,001,631 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Application Data\autobahn.log
[2008/06/17 07:34:53 | 000,000,836 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Application Data\ViewerApp.dat
[2008/01/20 17:08:39 | 000,061,952 | ---- | C] () -- F:\WINDOWS\rbap350.dll
[2008/01/20 17:04:47 | 000,061,952 | ---- | C] () -- F:\WINDOWS\System32\rbap350.dll
[2008/01/09 14:01:48 | 000,000,453 | ---- | C] () -- F:\WINDOWS\bdoscandellang.ini
[2007/10/26 15:11:38 | 000,000,021 | ---- | C] () -- F:\WINDOWS\atid.ini
[2007/09/29 21:04:37 | 000,001,506 | ---- | C] () -- F:\WINDOWS\SKCMSUSR.INI
[2007/09/18 18:43:42 | 000,000,034 | ---- | C] () -- F:\WINDOWS\iTunesQLoudEx.INI
[2007/09/09 13:23:55 | 000,749,568 | ---- | C] () -- F:\WINDOWS\System32\swfgen.dll
[2007/08/15 14:00:23 | 000,000,327 | ---- | C] () -- F:\WINDOWS\SIERRA.INI
[2007/08/15 13:58:56 | 000,000,060 | ---- | C] () -- F:\WINDOWS\Constrct.ini
[2007/07/27 16:52:57 | 000,000,000 | ---- | C] () -- F:\WINDOWS\SETUP32.INI
[2007/07/26 09:07:48 | 000,040,960 | ---- | C] () -- F:\WINDOWS\System32\IDMC1Reg.dll
[2007/07/11 12:06:11 | 000,000,000 | ---- | C] () -- F:\WINDOWS\DVEdit.INI
[2007/07/11 11:48:33 | 000,024,576 | ---- | C] () -- F:\WINDOWS\System32\IcdSptSvps.dll
[2007/07/11 11:48:32 | 000,122,880 | ---- | C] () -- F:\WINDOWS\System32\trc.dll
[2007/07/11 11:48:32 | 000,081,920 | ---- | C] () -- F:\WINDOWS\System32\dsp_trc.dll
[2007/06/25 20:06:25 | 000,094,208 | ---- | C] () -- F:\WINDOWS\System32\HWDiag.dll
[2007/06/25 20:06:25 | 000,027,648 | ---- | C] () -- F:\WINDOWS\System32\UsbReady.dll
[2007/06/25 17:42:30 | 000,065,536 | R--- | C] () -- F:\WINDOWS\System32\bmpproc.dll
[2007/04/18 16:22:14 | 000,000,361 | ---- | C] () -- F:\WINDOWS\KNP.INI
[2007/04/16 07:49:23 | 000,176,235 | ---- | C] () -- F:\WINDOWS\System32\Primomonnt.dll
[2007/04/13 22:04:12 | 000,003,654 | ---- | C] () -- F:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/03/29 13:16:47 | 000,000,865 | ---- | C] () -- F:\WINDOWS\hegames.ini
[2007/03/27 13:42:21 | 000,000,043 | ---- | C] () -- F:\WINDOWS\gswin32.ini
[2007/03/01 04:17:48 | 000,974,848 | ---- | C] () -- F:\WINDOWS\System32\vorbis.dll
[2007/03/01 04:17:48 | 000,880,640 | ---- | C] () -- F:\WINDOWS\System32\vorbisenc.dll
[2007/03/01 04:17:48 | 000,049,152 | ---- | C] () -- F:\WINDOWS\System32\ogg.dll
[2007/03/01 04:16:58 | 000,765,952 | ---- | C] () -- F:\WINDOWS\System32\tvqenc.dll
[2007/02/17 13:34:32 | 000,000,356 | ---- | C] () -- F:\WINDOWS\TLCAPPS.INI
[2007/02/17 13:11:16 | 000,000,601 | ---- | C] () -- F:\WINDOWS\Rrk.ini
[2007/02/10 13:42:28 | 000,027,648 | ---- | C] () -- F:\WINDOWS\System32\AVSredirect.dll
[2007/02/10 13:42:27 | 000,845,312 | ---- | C] () -- F:\WINDOWS\System32\Smab.dll
[2007/02/10 09:16:02 | 000,000,344 | ---- | C] () -- F:\WINDOWS\QTW.INI
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- F:\WINDOWS\System32\xreglib.dll
[2007/01/23 18:19:53 | 000,000,810 | ---- | C] () -- F:\WINDOWS\cdplayer.ini
[2007/01/20 18:38:48 | 000,136,192 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/18 12:15:56 | 000,000,117 | ---- | C] () -- F:\WINDOWS\KA.INI
[2007/01/12 10:24:16 | 000,001,581 | ---- | C] () -- F:\WINDOWS\disney.ini
[2007/01/07 08:12:19 | 000,017,408 | ---- | C] () -- F:\WINDOWS\System32\shctxex.dll
[2007/01/07 08:12:17 | 000,073,728 | ---- | C] () -- F:\WINDOWS\System32\DetectDxQT.dll
[2007/01/07 08:04:15 | 000,363,520 | ---- | C] () -- F:\WINDOWS\System32\psisdecd.dll
[2006/12/27 01:54:35 | 000,006,174 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/26 19:50:42 | 000,000,144 | ---- | C] () -- F:\WINDOWS\wininit.ini
[2006/12/26 19:45:04 | 000,000,376 | ---- | C] () -- F:\WINDOWS\ODBC.INI
[2006/12/26 19:32:34 | 000,000,134 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Local Settings\Application Data\fusioncache.dat
[2006/12/26 19:24:22 | 000,001,191 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/11/06 17:49:36 | 000,000,310 | ---- | C] () -- F:\WINDOWS\primopdf.ini
[2005/12/10 03:06:00 | 001,703,936 | ---- | C] () -- F:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/10 03:06:00 | 001,486,848 | ---- | C] () -- F:\WINDOWS\System32\nview.dll
[2005/12/10 03:06:00 | 001,019,904 | ---- | C] () -- F:\WINDOWS\System32\nvwimg.dll
[2005/12/10 03:06:00 | 000,573,440 | ---- | C] () -- F:\WINDOWS\System32\nvhwvid.dll
[2005/12/10 03:06:00 | 000,466,944 | ---- | C] () -- F:\WINDOWS\System32\nvshell.dll
[2005/12/10 03:06:00 | 000,286,720 | ---- | C] () -- F:\WINDOWS\System32\nvnt4cpl.dll
[2005/04/27 13:38:00 | 000,372,736 | ---- | C] () -- F:\WINDOWS\System32\hpzidi01.dll
[2004/03/23 16:49:48 | 000,131,072 | ---- | C] () -- F:\WINDOWS\System32\sfarkxt.dll
[2004/03/23 16:49:47 | 000,068,096 | ---- | C] () -- F:\WINDOWS\System32\SFARKL.DLL
[2003/08/07 15:01:50 | 000,237,568 | ---- | C] () -- F:\WINDOWS\System32\lame_enc.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- F:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/02/06 22:09:39 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Acronis
[2010/02/21 12:06:54 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\BitDefender
[2009/09/10 02:05:12 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\KEDDS
[2007/12/23 20:47:43 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\MakeMusic
[2009/08/31 17:31:00 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Nitro PDF
[2008/12/24 11:15:04 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\OrbNetworks
[2009/05/07 16:26:04 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/06/09 15:08:56 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\RoboForm
[2007/01/20 18:40:17 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/02/16 15:31:30 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TEMP
[2007/12/22 17:42:54 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TiVo
[2009/03/23 20:49:36 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/10/22 14:37:39 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\vsosdk
[2010/01/04 21:32:57 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Western Digital
[2007/01/19 15:16:04 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\WildTangent
[2007/12/08 08:18:20 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/19 19:09:29 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/28 18:30:56 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/07/26 08:57:58 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\acccore
[2009/02/06 22:13:36 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Acronis
[2009/05/01 14:09:53 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Add-in Express Ltd
[2009/12/31 21:35:03 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Any Video Converter
[2009/02/04 20:43:55 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\CoffeeCup Software
[2008/10/23 15:19:17 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\CoreFTP
[2007/01/07 16:50:04 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Eltima Software
[2008/12/23 16:59:11 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\eMusic
[2009/05/29 17:28:55 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\FileZilla
[2007/11/10 08:30:48 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\GetRightToGo
[2008/11/23 13:48:09 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\HTML Executable
[2009/05/06 14:25:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\ieSpell
[2009/05/16 16:03:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\ImgBurn
[2009/02/03 15:32:33 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Launchy
[2007/01/27 19:46:16 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Leadertech
[2009/05/29 06:45:26 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2007/04/21 15:45:06 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Mobipocket
[2007/07/31 15:17:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\MonkeyJam
[2007/01/07 17:26:07 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\MoyeaFLV2Video
[2009/08/31 17:33:03 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Nitro PDF
[2008/01/18 18:16:00 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\OverDrive
[2007/01/07 08:09:45 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Publish Providers
[2008/01/17 18:58:33 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\rockbox.org
[2007/04/03 14:11:44 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Shockwave.com
[2007/04/03 13:16:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Simple Star
[2007/10/13 07:31:28 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Sony
[2009/07/27 16:15:55 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\uTorrent
[2007/09/13 13:39:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Viewpoint
[2008/10/22 14:14:12 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Vso
[2007/12/23 20:18:35 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\WebStripper
[2008/11/28 09:13:23 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\WinPatrol
[2010/02/15 19:50:40 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Add-in Express Ltd
[2009/11/04 18:25:47 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Any Video Converter
[2007/08/07 14:35:28 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\bang
[2010/02/21 12:01:42 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\BitDefender
[2007/01/20 09:13:15 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Eltima Software
[2009/08/29 10:01:45 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\ImgBurn
[2008/10/02 16:50:47 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Juniper Networks
[2007/01/20 09:37:26 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\MoyeaFLV2Video
[2007/01/15 13:32:08 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Publish Providers
[2007/10/11 19:52:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\ServantPC
[2007/01/11 20:28:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Shockwave.com
[2009/03/17 19:12:12 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Sony
[2010/02/15 20:14:57 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Toolbar4
[2008/06/02 15:24:30 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\upromise
[2010/01/04 21:33:22 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Western Digital
[2008/11/10 16:26:30 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\WinPatrol
[2010/02/25 13:55:00 | 000,000,420 | -H-- | M] () -- F:\WINDOWS\Tasks\User_Feed_Synchronization-{C85A52A9-DEE3-40ED-93B1-CDF5F6BE7DED}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2004/07/09 03:08:36 | 000,472,576 | ---- | M] (Microsoft Corporation) -- F:\dxsetup.exe
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- F:\install.exe
[2007/03/29 17:05:52 | 000,090,624 | ---- | M] (Frank Heyne Software) -- F:\RegDACL.exe

< MD5 for: AGP440.SYS >
[2008/06/29 15:06:07 | 022,245,337 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/06/29 18:09:30 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/06/29 15:06:07 | 022,245,337 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/06/29 18:09:30 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- F:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- F:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- F:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/07/16 15:46:14 | 010,158,890 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008/06/29 15:06:07 | 022,245,337 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/06/29 18:09:30 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/06/29 15:06:07 | 022,245,337 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/06/29 18:09:30 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/07/16 15:24:25 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- F:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2002/08/29 04:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- F:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- F:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- F:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2009/06/25 15:04:32 | 000,001,536 | ---- | M] () MD5=8D4CD834292293F4055BAC313268E2DE -- F:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- F:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- F:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/01/05 05:00:20 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\WINDOWS\system32\dxtmsft.dll
[2010/01/05 05:00:21 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\WINDOWS\system32\dxtrans.dll
[8 F:\WINDOWS\system32\*.tmp files -> F:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/02/21 12:14:27 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- F:\WINDOWS\system32\drivers\bdfm.sys
[2009/10/19 16:04:00 | 000,110,984 | ---- | M] (BitDefender LLC) Unable to obtain MD5 -- F:\WINDOWS\system32\drivers\bdfndisf.sys
[2009/07/24 11:26:08 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- F:\WINDOWS\system32\drivers\bdfsfltr.sys

< %systemroot%\System32\config\*.sav >
[2006/12/26 10:52:14 | 000,094,208 | ---- | M] () -- F:\WINDOWS\system32\config\default.sav
[2006/12/26 10:52:14 | 000,602,112 | ---- | M] () -- F:\WINDOWS\system32\config\software.sav
[2006/12/26 10:52:14 | 000,417,792 | ---- | M] () -- F:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

by **rlmark** » February 25th, 2010, 3:28 pm

OTL Extras logfile created on: 2/25/2010 1:47:27 PM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = F:\Documents and Settings\Mom and Dad\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 42.00% Paging File free
Paging file location(s): F:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
C: Drive not present or media not loaded
Drive D: | 483.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 149.00 Gb Total Space | 4.22 Gb Free Space | 2.83% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIVINGROOM3
Current User Name: Mom and Dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- F:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "F:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\TiVo\Desktop\TiVoServer.exe" = F:\Program Files\TiVo\Desktop\TiVoServer.exe:*:Enabled:TiVo Server Service Process -- (TiVo Inc.)
"G:\Program Files\uTorrent\uTorrent.exe" = G:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"H:\Program Files\uTorrent\uTorrent.exe" = H:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"H:\utorrent.exe" = H:\utorrent.exe:*:Enabled:µTorrent -- File not found
"I:\Program Files\uTorrent\uTorrent.exe" = I:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"I:\utorrent.exe" = I:\utorrent.exe:*:Enabled:µTorrent -- File not found
"F:\Program Files\Bonjour\mDNSResponder.exe" = F:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"F:\Program Files\Autobahn\autobahn.exe" = F:\Program Files\Autobahn\autobahn.exe:*:Enabled:autobahn -- ()
"F:\Program Files\iTunes\iTunes.exe" = F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"F:\Program Files\Google\Google Talk\googletalk.exe" = F:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"F:\Program Files\AirPort\APAgent.exe" = F:\Program Files\AirPort\APAgent.exe:*:Enabled:AirPort -- (Apple Inc.)
"F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41D9-8CFF-DC44E895C7A7}" = PhotoGallery
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B1D6DF0-EAA2-012B-AE51-000000000000}" = TurboTax 2009 wnjiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{7299052B-02A4-4627-81F2-1818DA5D550D}" = Microsoft Visual C++ 2005 Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A149E33D-74B9-4033-9B53-A5DE82864850}" = BitDefender Internet Security 2010
"HijackThis" = HijackThis 2.0.2
"Mozilla Firefox (3.5.

" = Mozilla Firefox (3.5.

"TurboTax 2009" = TurboTax 2009

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Networks_Cache_Cleaner 6.0.0" = Juniper Networks Cache Cleaner 6.0.0
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/15/2010 3:45:32 PM | Computer Name = LIVINGROOM3 | Source = Arrakis3 | ID = 131073
Description = An error has occurred (StartServiceCtrlDispatcher failed with 997).

[ Application Events ]
Error - 2/15/2010 3:45:32 PM | Computer Name = LIVINGROOM3 | Source = Arrakis3 | ID = 131073
Description = An error has occurred (StartServiceCtrlDispatcher failed with 997).

[ System Events ]
Error - 2/21/2010 12:38:40 PM | Computer Name = LIVINGROOM3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/21/2010 12:39:27 PM | Computer Name = LIVINGROOM3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/21/2010 12:40:29 PM | Computer Name = LIVINGROOM3 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the BitDefender Desktop Update
Service service to connect.

Error - 2/21/2010 12:40:29 PM | Computer Name = LIVINGROOM3 | Source = Service Control Manager | ID = 7000
Description = The BitDefender Desktop Update Service service failed to start due
to the following error: %%1053

Error - 2/21/2010 12:40:29 PM | Computer Name = LIVINGROOM3 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the BitDefender Virus Shield
service to connect.

Error - 2/21/2010 12:40:29 PM | Computer Name = LIVINGROOM3 | Source = Service Control Manager | ID = 7000
Description = The BitDefender Virus Shield service failed to start due to the following
error: %%1053

Error - 2/23/2010 9:47:47 AM | Computer Name = LIVINGROOM3 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 2/24/2010 4:25:26 AM | Computer Name = LIVINGROOM3 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 2/24/2010 10:01:39 PM | Computer Name = LIVINGROOM3 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 2/25/2010 4:12:55 AM | Computer Name = LIVINGROOM3 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

< End of report >

by **Dakeyras** » February 25th, 2010, 5:37 pm

Hi.

OK, thanks for the idea. I wouldn't be surprised if it's not malware, but I just wanted to check and make sure!

Post-Scan Update: When running OTL, this error came up close to a hundred times during "Manual File Scan- Looking in folder: ". It came up for 16 different folders, all starting with c:\temp1\temp\ . I wrote them all down if you want me to list them out here.

You're welcome!

OK one of the problems is the below:-

Drive F: | 149.00 Gb Total Space | 4.22 Gb Free Space | 2.83% Space Free |

This is considered dangerously low. A Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, but at least 25% is better in my opinion.

Unfortunatley, when I reinstalled BitDefender I seem to have lost those logs Sorry!

Not a problem.

Thanks again for the advice. I really didn't know. Should I try and see if I can restore any of the registry backups from Uninstaller?

No not at this time.

Next:

There looks to be a possible Rootkit infection but at this time it may problematic for myself to ask you to run any further scans to confirm or not until the Hard-Drive free space issue has been resolved. Though we can try.

I advise you choose to uninstall some software you do not need and or move any documents/files/pictures etc to a form of removable media.

This is just my advice as the lack of current Hard-Drive space will be impacting on overall system performance. Plus eventually any type of system maintenance will prove to be problematic and a distinct possibility the actual Hard-Drive will cease to function.

Scan with GMER:

Please download GMER Rootkit Scanner from here.

Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.

by **rlmark** » February 26th, 2010, 10:07 am

GMER has been running for 10 hours now, and is only on SOFTWARE\Classes, somewhere in the Cs

Is this normal? I'm not running any other programs. What should I do? Just let it continue to run?

by **Dakeyras** » February 26th, 2010, 10:23 am

Hi.

That is far from normal and a GMER scan should not take that amount of time, so by all means halt the scan for now.

Have you managed to free up any Hard-Drive free space at all?

by **rlmark** » February 26th, 2010, 11:11 am

Yup, I cleaned out plenty of room. There's around 17-18% free now. I can clean more when I have a little more time to move things to an external hard drive.

Given that I cleaned the HD, should I reboot and try the scan again? What are my next instructions?

by **Dakeyras** » February 26th, 2010, 11:17 am

Aye by all means do so but run this application below first. If then the Gmer scan appears to be taking a inordinate amount of time and or stalls, inform myself and we will take a different approach.

TFC(Temp File Cleaner):

Please download TFC to your desktop,
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
Click the Start button in the bottom left of TFC
If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

by **rlmark** » February 26th, 2010, 2:33 pm

I ran TFC, and it did prompt me to reboot afterwards. I did so. No problems, seemed like it got rid of a bunch of junk too!

However, GMER still doesn't work. I tried several times, and it always stalled/crashed, forcing me to hard restart. I tried disabling BitDefender and running GMER, and this time it got started, but stalled about 1/2 hour in in the registry area of SOFTWARE\Microsoft\Windows NT\CurrentVersion

I guess GMER won't work, at least in normal boot. Waiting for further instructions...

by **Dakeyras** » February 26th, 2010, 3:26 pm

Hi.

OK we will try a alternative method as I do not think using a different scanner will make any difference.

Next:

Now I will be asking you to boot into Safe Mode for the next part of the fix. It may prove beneficial if you print of the following instructions or save them to notepad as you will not have Internet access whilst in the aforementioned safe mode.

How to boot into Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should come up where you will be given the option to enter Safe Mode, do so.

If any problems refer to this tutorial.

In safe mode carry out the following:

Double click the randomly named gmer .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.

Next:

When the scan is complete, reboot your computer as normal and post the Gmer.txt, thank you.

by **rlmark** » February 26th, 2010, 9:08 pm

That seems to have done the trick! After a pretty long scan, here's the GMER log.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-26 20:00:50
Windows 5.1.2600 Service Pack 3
Running: c7hmidyj.exe; Driver: F:\DOCUME~1\MOMAND~1\LOCALS~1\Temp\awrdapod.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{14427C58-FFDA-DC11-C543-A85CDB4A49C1}\InprocServer32@ OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{14427C58-FFDA-DC11-C543-A85CDB4A49C1}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{17427CE8-FB94-BE9D-4CC9-1E5A6B8BEC02}\RTFClassName@WrdPrfctDos
Reg HKLM\SOFTWARE\Classes\CLSID\{17427CE8-FB94-BE9D-4CC9-1E5A6B8BEC02}\RTFClassName@ WrdPrfctDos
Reg HKLM\SOFTWARE\Classes\CLSID\{63CF60AE-B1ED-504B-6209-AFF75F1583C5}\InprocServer32@ F:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{63CF60AE-B1ED-504B-6209-AFF75F1583C5}\InprocServer32@InprocServer32 8mlqVn-}f(ZXfeAR6.jiTranslationHidden>CFG$0D+!g(3?!!!_GX=b?
Reg HKLM\SOFTWARE\Classes\CLSID\{63CF60AE-B1ED-504B-6209-AFF75F1583C5}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{63CF60AE-B1ED-504B-6209-AFF75F1583C5}\ProgID@ Microsoft.ITSS.OrdinalSet
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\InprocServer32@ OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{CB6BC9CA-077F-D196-79C4-8F96EBA4E8B6}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}
Reg HKLM\SOFTWARE\Classes\CLSID\{CB6BC9CA-077F-D196-79C4-8F96EBA4E8B6}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@
Reg HKLM\SOFTWARE\Classes\CLSID\{CB6BC9CA-077F-D196-79C4-8F96EBA4E8B6}\InprocServer32@ mscoree.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{CB6BC9CA-077F-D196-79C4-8F96EBA4E8B6}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{CB6BC9CA-077F-D196-79C4-8F96EBA4E8B6}\InprocServer32@Class System.Runtime.Remoting.Metadata.W3cXsd2001.SoapNmtokens
Reg HKLM\SOFTWARE\Classes\CLSID\{CB6BC9CA-077F-D196-79C4-8F96EBA4E8B6}\InprocServer32@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\CLSID\{CB6BC9CA-077F-D196-79C4-8F96EBA4E8B6}\InprocServer32@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{CB6BC9CA-077F-D196-79C4-8F96EBA4E8B6}\InprocServer32\1.0.5000.0
Reg HKLM\SOFTWARE\Classes\CLSID\{CB6BC9CA-077F-D196-79C4-8F96EBA4E8B6}\InprocServer32\1.0.5000.0@Class System.Runtime.Remoting.Metadata.W3cXsd2001.SoapNmtokens
Reg HKLM\SOFTWARE\Classes\CLSID\{CB6BC9CA-077F-D196-79C4-8F96EBA4E8B6}\InprocServer32\1.0.5000.0@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\CLSID\{CB6BC9CA-077F-D196-79C4-8F96EBA4E8B6}\InprocServer32\1.0.5000.0@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{CB6BC9CA-077F-D196-79C4-8F96EBA4E8B6}\ProgId@ System.Runtime.Remoting.Metadata.W3cXsd2001.SoapNmtokens

---- EOF - GMER 1.0.15 ----

by **Dakeyras** » February 27th, 2010, 8:45 am

Hi.

Below I am going to ask your good self to run three different scans, one is proactive and the other two are benign in nature. The latter are so I can review the current status of your machine.

Scan with TDSSKiller:

Please download TDSSKiller.zip and extract it to the Desktop.

From within the newly created tdsskiller folder move TDSSKiller.exe to the desktop and delete the tdsskiller folder.

Click on Start >> Run... >> copy in the following text, and press Enter:

Code: Select all

"%userprofile%\desktop\TDSSKiller.exe" -l report.txt -v

A Command Window will appear, follow the prompts.
There will be a log on your desktop when the scan is completed with the name report.
Copy and paste the contents of this log into your next reply.

Scan with Rooter:

Please download Rooter to your desktop.

Double click on Rooter.exe to start the application.
Now click on the Scan button.
When the scan is completed a text file called Rooter.txt will appear on your desktop, post the contents in your next reply.
Now click on Close button to exit Rooter.

Note: The logfile can also be located within this folder Rooter$ at the root of your installed Hard-Drive. EG: F:\Rooter$

Scan with RSIT:

Please download Random's System Information Tool by random/random from here and save it to your desktop.

Make sure that RSIT.exe is on the your Desktop before running the application!

Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
- log.txt will be opened maximized.
- info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.

Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: F:\rsit

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
TDSSKiller Log.
Rooter Log.
Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.

Free Malware Removal Forum

REALLY weird stuff happening...

REALLY weird stuff happening...

Re: REALLY weird stuff happening...

Re: REALLY weird stuff happening...

Re: REALLY weird stuff happening...

Re: REALLY weird stuff happening...

Re: REALLY weird stuff happening...

Re: REALLY weird stuff happening...

Re: REALLY weird stuff happening...

Re: REALLY weird stuff happening...

Re: REALLY weird stuff happening...

Re: REALLY weird stuff happening...

Re: REALLY weird stuff happening...

Re: REALLY weird stuff happening...

Re: REALLY weird stuff happening...

Re: REALLY weird stuff happening...

Who is online