1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hard drive w/ constant activity - system slow

Discussion in 'Virus & Other Malware Removal' started by digitaldave55, May 2, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. digitaldave55

    digitaldave55 Thread Starter

    Joined:
    May 1, 2010
    Messages:
    11
    Hello to all,
    I have a problem w/ HD being active almost all the time... system has become very slow, especially browsing. Ran spyware removal tools & I was infected with something. (don't remember, but was removed, so claimed) I believe is was in my daughters music files I backed up to a secondary partition on my drive. I had scanned these files before back-up but appeared to be ok.
    Before I format & install I want to try & clean the system.
    Thanks in advance for all that help.

    System configuration: Win XP Pro SP 2, Pentium 4 1.3 GHz w/512 MB RAM


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:01:35 AM, on 5/2/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Shortcut to WIN2DO.lnk = C:\Program Files\WIN_2_DO\WIN2DO.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252121219177
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

    --
    End of file - 5275 bytes

    Note: win2do.exe is an old calender program I have used for years, on all my systems.
    Startup: Shortcut to WIN2DO.lnk = C:\Program Files\WIN_2_DO\WIN2DO.EXE
     
  2. schrauber

    schrauber

    Joined:
    Apr 25, 2010
    Messages:
    77
    Hello, digitaldave55
    Welcome to the TechSupportGuy Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



    Please take note of some guidelines for this fix:

    • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
    • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
    • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
    • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
    • Please set your system to show all files.
      Click Start, open My Computer, select the Tools menu and click Folder Options.
      Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
      Uncheck: Hide file extensions for known file types
      Uncheck the Hide protected operating system files (recommended) option.
      Click Yes to confirm.



    Sorry for the delay in response. If you still need help, please do the following.



    1. Please download OTL from one of the following mirrors:
    2. Save it to your desktop.
    3. Double click on the [​IMG] icon on your desktop.
    4. Under the Custom Scan box paste this in
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
     
  3. digitaldave55

    digitaldave55 Thread Starter

    Joined:
    May 1, 2010
    Messages:
    11
    OTL Extras logfile created on: 5/15/2010 9:38:55 PM - Run 1
    OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\DigitalDave\Desktop
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.00 Mb Total Physical Memory | 93.00 Mb Available Physical Memory | 18.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1024 1280 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 127.99 Gb Total Space | 43.26 Gb Free Space | 33.80% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    Drive F: | 74.52 Gb Total Space | 4.66 Gb Free Space | 6.26% Space Free | Partition Type: NTFS
    G: Drive not present or media not loaded
    Drive H: | 104.89 Gb Total Space | 2.86 Gb Free Space | 2.73% Space Free | Partition Type: NTFS
    I: Drive not present or media not loaded

    Computer Name: ROAD-RUNNER
    Current User Name: DigitalDave
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Disabled:btdownloadgui -- ()
    "C:\Documents and Settings\DigitalDave\Local Settings\Temp\usmt\migwiz.exe" = C:\Documents and Settings\DigitalDave\Local Settings\Temp\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard -- File not found
    "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote -- (Microsoft Corporation)
    "C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Disabled:Nero ControlCenter -- File not found
    "C:\Documents and Settings\DigitalDave\Local Settings\Temp\OnlineUpdate8\SetupXu.exe" = C:\Documents and Settings\DigitalDave\Local Settings\Temp\OnlineUpdate8\SetupXu.exe:*:Disabled:Nero ControlCenter -- File not found
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600" = Canon MP600
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
    "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 18
    "{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
    "{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
    "{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
    "{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3C391720-EAA2-012B-AE98-000000000000}" = TurboTax 2009 wpaiper
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3E73666F-BC62-49A9-857D-C90A5B2CF899}" = Diskeeper 2009 Home
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6D3423C7-7F9B-4453-B807-5994A5F39B9D}" = BitDefender Antivirus 2010
    "{7078B4DE-B9C5-45D2-845C-F67F9BD8065D}" = Garmin Mobile PC
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7EACD74C-147F-478C-9389-F9F52EE3C88A}" = LightScribe System Software
    "{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
    "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
    "{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A4D58580-EA01-11D3-9318-008048B86EFE}" = Santa Cruz
    "{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
    "{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
    "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C2E8B236-7554-45FE-92C0-94EF76E4D182}" = Garmin City Navigator North America NT 2010.20
    "{C4D26D60-7B43-4CE9-AE19-A380D9DF126B}" = Garmin MapSource
    "{CB4544EA-C189-41FE-9E3A-76591DDB852B}" = Roxio Easy Media Creator 7
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0A3275D-F67F-4C6B-AE4A-753170C2EAC8}" = Garmin MapInstall
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AnarkClient" = Anark Client 1.0
    "BitTornado" = BitTornado 0.3.17
    "Canon MP600 User Registration" = Canon MP600 User Registration
    "CanonMyPrinter" = Canon My Printer
    "CCleaner" = CCleaner
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Identifier_is1" = DVD Identifier
    "DVD Shrink_is1" = DVD Shrink 3.2
    "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
    "Easy-WebPrint" = Easy-WebPrint
    "foobar2000" = foobar2000 v0.9.5.5
    "HijackThis" = HijackThis 2.0.2
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "ImgBurn" = ImgBurn
    "IsoBuster_is1" = IsoBuster 2.6
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
    "MP Navigator 3.0" = Canon MP Navigator 3.0
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "NVIDIA Screen Saver_is1" = NVIDIA Screen Saver 1.2
    "Outlook Express Backup_is1" = Outlook Express Backup V6.5
    "SM1FX_AT" = USB Storage Adapter FX (SM1)
    "SystemRequirementsLab" = System Requirements Lab
    "TurboTax 2009" = TurboTax 2009
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 2
    "WinRAR archiver" = WinRAR archiver

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/8/2010 1:05:09 AM | Computer Name = ROAD-RUNNER | Source = Application Error | ID = 1000
    Description = Faulting application setup.exe, version 0.0.0.0, faulting module user32.dll,
    version 5.1.2600.2180, fault address 0x0001294d.

    [ System Events ]
    Error - 5/11/2010 6:07:20 AM | Computer Name = ROAD-RUNNER | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the WMI Performance Adapter
    service to connect.

    Error - 5/11/2010 6:07:27 AM | Computer Name = ROAD-RUNNER | Source = Service Control Manager | ID = 7000
    Description = The WMI Performance Adapter service failed to start due to the following
    error: %%1053

    Error - 5/11/2010 6:08:19 AM | Computer Name = ROAD-RUNNER | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the WMI Performance Adapter
    service to connect.

    Error - 5/11/2010 6:08:20 AM | Computer Name = ROAD-RUNNER | Source = Service Control Manager | ID = 7000
    Description = The WMI Performance Adapter service failed to start due to the following
    error: %%1053

    Error - 5/12/2010 12:43:41 AM | Computer Name = ROAD-RUNNER | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x800706be: Windows Malicious Software Removal Tool - May 2010 (KB890830).

    Error - 5/13/2010 10:51:26 PM | Computer Name = ROAD-RUNNER | Source = BROWSER | ID = 8032
    Description = The browser service has failed to retrieve the backup list too many
    times on transport \Device\NetBT_Tcpip_{62E6D4EC-3A08-489A-B5D3-7E972EDD6A2C}. The
    backup browser is stopping.

    Error - 5/13/2010 11:35:31 PM | Computer Name = ROAD-RUNNER | Source = Service Control Manager | ID = 7034
    Description = The BitDefender Virus Shield service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 5/13/2010 11:43:44 PM | Computer Name = ROAD-RUNNER | Source = Service Control Manager | ID = 7034
    Description = The BitDefender Virus Shield service terminated unexpectedly. It
    has done this 2 time(s).

    Error - 5/14/2010 12:05:50 AM | Computer Name = ROAD-RUNNER | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the WMI Performance Adapter
    service to connect.

    Error - 5/14/2010 12:05:50 AM | Computer Name = ROAD-RUNNER | Source = Service Control Manager | ID = 7000
    Description = The WMI Performance Adapter service failed to start due to the following
    error: %%1053


    < End of report >
     
  4. digitaldave55

    digitaldave55 Thread Starter

    Joined:
    May 1, 2010
    Messages:
    11
    OTL logfile created on: 5/15/2010 9:38:55 PM - Run 1
    OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\DigitalDave\Desktop
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.00 Mb Total Physical Memory | 93.00 Mb Available Physical Memory | 18.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1024 1280 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 127.99 Gb Total Space | 43.26 Gb Free Space | 33.80% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    Drive F: | 74.52 Gb Total Space | 4.66 Gb Free Space | 6.26% Space Free | Partition Type: NTFS
    G: Drive not present or media not loaded
    Drive H: | 104.89 Gb Total Space | 2.86 Gb Free Space | 2.73% Space Free | Partition Type: NTFS
    I: Drive not present or media not loaded

    Computer Name: ROAD-RUNNER
    Current User Name: DigitalDave
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/05/13 01:13:52 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DigitalDave\Desktop\OTL.exe
    PRC - [2010/05/04 23:22:20 | 001,615,688 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
    PRC - [2010/04/02 18:54:14 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/04/01 23:34:56 | 001,123,360 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
    PRC - [2010/04/01 23:33:38 | 001,091,984 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
    PRC - [2010/01/11 14:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2009/04/17 14:17:40 | 001,349,912 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2004/08/04 00:56:56 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/05/13 01:13:52 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DigitalDave\Desktop\OTL.exe
    MOD - [2004/08/04 00:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
    MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/05/04 23:22:20 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
    SRV - [2010/04/01 23:33:39 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
    SRV - [2010/01/11 14:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
    SRV - [2009/11/06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2009/10/19 17:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
    SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2009/04/17 14:17:40 | 001,349,912 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
    SRV - [2006/10/16 21:13:28 | 000,230,944 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/05/04 23:22:25 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
    DRV - [2010/05/04 23:22:24 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
    DRV - [2010/04/01 23:33:50 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
    DRV - [2010/02/24 01:40:51 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
    DRV - [2010/02/24 01:40:51 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
    DRV - [2010/02/24 01:40:48 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
    DRV - [2009/11/20 22:34:54 | 010,235,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2009/06/29 02:59:42 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\timntr.sys -- (timounter)
    DRV - [2009/06/29 02:59:42 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2009/06/29 02:59:38 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\snapman.sys -- (snapman)
    DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2004/01/27 17:40:26 | 000,284,928 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
    DRV - [2004/01/27 17:39:56 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd_2k.sys -- (dvd_2K)
    DRV - [2004/01/27 17:34:56 | 000,140,416 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
    DRV - [2004/01/27 17:34:46 | 000,043,008 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2004/01/27 17:32:00 | 000,024,576 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2004/01/27 17:29:44 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mmc_2k.sys -- (mmc_2K)
    DRV - [2004/01/27 17:29:40 | 000,197,632 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Udfreadr.sys -- (UDFReadr)
    DRV - [2004/01/27 17:16:38 | 000,117,248 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pwd_2k.sys -- (pwd_2k)
    DRV - [2002/10/15 01:00:00 | 000,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(R)
    DRV - [2002/10/15 01:00:00 | 000,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
    DRV - [2001/08/17 09:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
    DRV - [2001/08/17 08:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
    DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
    DRV - [2000/07/26 14:04:38 | 000,457,472 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbcwdm.sys -- (tbcwdm)
    DRV - [2000/07/26 14:04:34 | 000,158,352 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbcspud.sys -- (tbcspud)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Webster"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com"
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
    FF - prefs.js..extensions.enabledItems: 6
    FF - prefs.js..extensions.enabledItems: 2
    FF - prefs.js..extensions.enabledItems: 49
    FF - prefs.js..extensions.enabledItems: [email protected]:2.0
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.74
    FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

    FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/04/02 17:06:56 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 18:54:20 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/26 20:59:08 | 000,000,000 | ---D | M]

    [2009/06/30 01:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Extensions
    [2010/05/15 01:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\extensions
    [2010/05/03 00:05:26 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2009/12/06 17:44:52 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/04/08 01:58:47 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\searchplugins\askcom.xml
    [2009/07/15 01:22:35 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\searchplugins\webster.xml
    [2010/05/15 01:09:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/04/17 16:47:57 | 000,391,944 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 13540 more lines...
    O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
    O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - Startup: C:\Documents and Settings\DigitalDave\Start Menu\Programs\Startup\Shortcut to WIN2DO.lnk = C:\Program Files\WIN_2_DO\WIN2DO.EXE (Softdisk, Inc)
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252121219177 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\DigitalDave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\DigitalDave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/29 02:37:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/06/29 02:37:25 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16620634377289728)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/05/13 01:13:51 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DigitalDave\Desktop\OTL.exe
    [2010/05/12 21:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Desktop\RC Warrington 22
    [2010/05/12 00:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\PcSetup
    [2010/05/05 00:42:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2010/05/02 00:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/04/24 01:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Application Data\Malwarebytes
    [2010/04/24 01:44:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/24 01:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/04/24 01:44:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/24 01:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/04/22 23:26:41 | 000,000,000 | ---D | C] -- C:\MapSource
    [2010/04/22 22:38:24 | 000,000,000 | ---D | C] -- C:\Garmin
    [2010/04/18 02:32:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\DigitalDave\Recent
    [2010/04/17 00:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2010/04/17 00:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/04/10 18:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\XPRepairPro2006
    [2010/04/08 01:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Application Data\ImgBurn
    [2010/04/08 01:52:51 | 004,614,113 | ---- | C] (LIGHTNING UK!) -- C:\SetupImgBurn_2.5.1.0.exe
    [2010/04/08 01:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
    [2010/04/08 01:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Application Data\foobar2000
    [2010/04/08 01:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\foobar2000
    [2010/04/04 04:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Local Settings\Application Data\Intuit
    [2010/04/04 03:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Local Settings\Application Data\IsolatedStorage
    [2010/04/04 03:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax
    [2010/04/04 01:56:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
    [2010/04/04 01:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
    [2010/04/04 01:55:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
    [2010/04/04 01:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
    [2010/04/04 01:51:01 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
    [2010/04/04 01:51:01 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
    [2010/04/04 01:51:00 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
    [2010/04/04 01:50:59 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
    [2010/04/04 01:50:57 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
    [2010/04/04 01:50:57 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
    [2010/04/04 01:50:49 | 000,000,000 | ---D | C] -- C:\40890036d1ffefefa6
    [2010/04/04 01:49:09 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
    [2010/04/04 01:47:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
    [2010/04/04 01:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
    [2010/04/03 19:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\Downloads
    [2010/04/03 18:50:30 | 000,000,000 | ---D | C] -- C:\Gateway_MX6625
    [2010/03/27 02:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Application Data\Apple Computer
    [2010/03/27 02:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/03/27 02:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/03/27 02:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/03/27 02:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/03/27 02:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
    [2010/03/27 02:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Local Settings\Application Data\Apple
    [2010/03/27 02:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010/03/27 02:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2010/03/27 02:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
    [2010/03/27 02:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Local Settings\Application Data\Apple Computer
    [2010/03/20 00:24:57 | 000,000,000 | ---D | C] -- C:\PerfLogs
    [2010/03/16 01:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\WinZip.v14.0.Build.8688+keygen
    [2010/03/11 03:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
    [2010/02/26 06:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/02/26 06:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/02/24 00:42:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Application Data\BitDefender
    [2010/01/20 01:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\DVDFab
    [2010/01/08 06:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\My Garmin
    [2010/01/06 03:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\An-Expert-Explains-the-Flu-Vaccine-Deception-and-the-Swine-Flu-Hoax.aspx_files
    [2010/01/01 18:51:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
    [2009/12/04 00:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\Resume
    [2009/12/02 21:26:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
    [2009/09/22 01:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\466 Milano Dr. 2007
    [2009/09/05 15:56:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Desktop\Tricorp
    [2009/08/14 02:09:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2009/07/21 23:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\Electronic Bills
    [2009/07/21 23:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\dvd decrypter settings_files
    [2009/07/21 23:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\Diskeeper
    [2009/07/21 23:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\bitpim
    [2009/07/21 23:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\Azureus Downloads
    [2009/07/21 23:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\Amusement Files
    [2009/07/19 03:29:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
    [2009/07/05 18:00:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
    [2009/07/04 13:23:44 | 000,266,240 | R--- | C] (Cypress Semiconductor) -- C:\WINDOWS\SM1nint.exe
    [2009/07/04 13:23:44 | 000,086,106 | R--- | C] (Cypress Semiconductor) -- C:\WINDOWS\System32\SM1un.exe
    [2009/07/04 13:23:44 | 000,012,382 | R--- | C] (Cypress Semiconductor) -- C:\WINDOWS\System32\SM1ui32.dll
    [2009/07/04 13:23:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\DRIVERS
    [2009/07/04 13:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\My Music
    [2009/07/04 12:32:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\DigitalDave\My Documents\My Pictures
    [2009/07/01 01:23:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
    [2009/07/01 01:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\Quicken
    [2009/07/01 00:19:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
    [2009/06/30 02:24:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
    [2009/06/30 02:10:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\tbcdata
    [2009/06/30 02:10:43 | 000,221,184 | ---- | C] (Voyetra Turtle Beach, Inc.) -- C:\WINDOWS\System32\tbctray.exe
    [2009/06/30 02:10:37 | 000,131,072 | ---- | C] (Voyetra Turtle Beach, Inc.) -- C:\WINDOWS\System32\Tbccpnl.cpl
    [2009/06/30 02:10:34 | 000,425,760 | ---- | C] (Voyetra Turtle Beach) -- C:\WINDOWS\System32\tbclang.dll
    [2009/06/30 00:51:10 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL
    [2009/06/29 04:11:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
    [2009/06/29 04:10:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
    [2009/06/29 04:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2009/06/29 04:02:59 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spiisupd.exe
    [2009/06/29 04:02:46 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sbeio.dll
    [2009/06/29 04:02:46 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\strmfilt.dll
    [2009/06/29 04:02:46 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sdhcinst.dll
    [2009/06/29 04:02:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
    [2009/06/29 04:02:46 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smbinst.exe
    [2009/06/29 04:02:45 | 001,116,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmsdmoe2.dll
    [2009/06/29 04:02:45 | 000,937,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winbrand.dll
    [2009/06/29 04:02:45 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmerror.dll
    [2009/06/29 04:02:45 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmidx.dll
    [2009/06/29 04:02:45 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpasf.dll
    [2009/06/29 04:02:45 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winshfhc.dll
    [2009/06/29 04:02:44 | 000,999,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvdmoe2.dll
    [2009/06/29 04:02:44 | 000,936,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmspdmoe.dll
    [2009/06/29 04:02:44 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
    [2009/06/29 04:02:44 | 000,531,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmspdmod.dll
    [2009/06/29 04:02:44 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
    [2009/06/29 04:02:44 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
    [2009/06/29 04:02:44 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscui.cpl
    [2009/06/29 04:02:43 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpob2res.dll
    [2009/06/29 04:02:43 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
    [2009/06/29 04:02:43 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp1res.dll
    [2009/06/29 04:02:43 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlprovi.dll
    [2009/06/29 04:02:43 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
    [2009/06/29 04:02:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
    [2009/06/29 04:02:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
    [2009/06/29 04:00:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
    [2009/06/29 03:58:32 | 002,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll
    [2009/06/29 03:57:25 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
    [2009/06/29 03:56:41 | 000,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
    [2009/06/29 03:54:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
    [2009/06/29 03:54:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
    [2009/06/29 02:54:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2009/06/29 02:53:48 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
    [2009/06/29 02:38:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
    [2009/06/29 02:36:41 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
    [2009/06/29 02:36:41 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
    [2009/06/29 02:36:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
    [2009/06/29 02:35:32 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
    [2009/06/29 02:35:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH
    [2009/06/29 02:35:23 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
    [2009/06/29 02:35:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
    [2009/06/29 02:35:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
    [2009/06/29 02:34:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
    [2009/06/29 02:33:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
    [2009/06/29 02:33:50 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
    [2009/06/29 02:33:50 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
    [2009/06/29 02:33:49 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
    [2009/06/29 02:33:43 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
    [2009/06/29 02:33:43 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
    [2009/06/29 02:33:43 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
    [2009/06/29 02:33:42 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
    [2009/06/29 02:33:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
    [2009/06/29 02:33:41 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
    [2009/06/29 02:33:41 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
    [2009/06/29 02:33:41 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
    [2009/06/29 02:33:41 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
    [2009/06/29 02:33:41 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
    [2009/06/29 02:33:39 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
    [2009/06/29 02:33:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
    [2009/06/29 02:33:27 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
    [2009/06/28 23:27:09 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
    [2009/06/28 23:25:43 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
    [2009/06/28 23:25:43 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
    [2009/06/28 23:25:43 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
    [2009/06/28 23:25:43 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
    [2009/06/28 23:25:43 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
    [2009/06/28 23:25:43 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
    [2009/06/28 23:25:43 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
    [2009/06/28 23:25:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
    [2009/06/28 23:25:43 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
    [2009/06/28 23:25:43 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
    [2009/06/28 23:25:43 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
    [2009/06/28 23:25:43 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
    [2009/06/28 23:25:42 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
    [2009/06/28 23:25:42 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
    [2009/06/28 23:25:42 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
    [2009/06/28 23:25:42 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\mmsystem.dll
    [2009/06/28 23:25:42 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
    [2009/06/28 23:25:42 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
    [2009/06/28 23:25:42 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
    [2009/06/28 23:25:42 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
    [2009/06/28 23:25:42 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
    [2009/06/28 23:25:42 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
    [2009/06/28 23:25:42 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
    [2009/06/28 23:25:42 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
    [2009/06/28 23:25:41 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
    [2009/06/28 23:19:58 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
    [2009/06/28 23:19:58 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
    [2009/06/28 23:19:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
    [2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/05/15 15:26:42 | 026,848,700 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Local Settings\Application Data\imageCache7.db
    [2010/05/14 22:53:23 | 000,000,217 | ---- | M] () -- C:\WINDOWS\WIN2DO.INI
    [2010/05/14 21:50:25 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Dataprivacy.xml
    [2010/05/14 21:49:41 | 000,272,372 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2010/05/14 21:49:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/05/14 21:49:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/05/14 06:18:05 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\DigitalDave\NTUSER.DAT
    [2010/05/14 06:17:57 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
    [2010/05/13 22:12:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/05/13 01:13:52 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DigitalDave\Desktop\OTL.exe
    [2010/05/12 00:40:12 | 000,025,374 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100512_003943.reg
    [2010/05/12 00:34:51 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Data\inst.exe
    [2010/05/12 00:34:50 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Data\pcouffin.cat
    [2010/05/12 00:34:49 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\DigitalDave\Application Data\pcouffin.sys
    [2010/05/12 00:34:49 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Data\pcouffin.inf
    [2010/05/06 10:45:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/05/02 02:48:08 | 000,004,196 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\Document.rtf
    [2010/05/02 00:59:39 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Desktop\HijackThis.lnk
    [2010/05/01 22:59:35 | 000,355,430 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\GLOCK_en.pdf
    [2010/04/30 01:42:10 | 000,000,519 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/04/30 01:42:10 | 000,000,271 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/04/30 01:42:10 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/26 20:50:59 | 000,177,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/04/25 23:47:53 | 000,037,136 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/04/24 11:26:18 | 000,000,916 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100424_112614.reg
    [2010/04/22 22:33:20 | 000,010,512 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100422_223304.reg
    [2010/04/17 16:47:57 | 000,391,944 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/04/14 21:05:12 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/04/10 23:50:12 | 000,010,680 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100410_234945.reg
    [2010/04/09 21:53:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\DigitalDave\ntuser.ini
    [2010/04/09 00:21:14 | 000,015,329 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\Messages from the Stars (Celebrities).eml
    [2010/04/08 01:52:59 | 004,614,113 | ---- | M] (LIGHTNING UK!) -- C:\SetupImgBurn_2.5.1.0.exe
    [2010/04/04 02:32:45 | 000,488,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/04/04 02:32:45 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/04/04 02:32:45 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/04/04 00:34:45 | 000,004,964 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100404_003441.reg
    [2010/04/01 23:36:48 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
    [2010/04/01 23:33:50 | 000,291,352 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
    [2010/03/27 02:03:11 | 000,021,504 | ---- | M] () -- C:\WINDOWS\jestertb.dll
    [2010/03/20 00:50:36 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\event_log_3_19_10.evt
    [2010/03/15 01:05:07 | 000,304,585 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Desktop\daves.WAB
    [2010/03/13 02:44:49 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100313_014444.reg
    [2010/03/11 03:41:57 | 002,207,744 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Desktop\Diag504fCD.iso
    [2010/03/06 17:06:41 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Desktop\Shortcut to Polaroid_Camera_t1035 Manual.lnk
    [2010/02/26 23:48:13 | 000,027,528 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100226_224805.reg
    [2010/02/26 14:12:36 | 001,648,902 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Desktop\RC Northampton break-in loss report - 2-25-2010.jpg
    [2010/02/25 02:01:18 | 000,094,763 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Desktop\Armed Resistance to Crime.htm
    [2010/02/24 10:15:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords2.dat
    [2010/02/24 10:15:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords.dat
    [2010/02/24 10:15:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
    [2010/02/24 10:15:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_sign.slf
    [2010/02/24 10:15:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_searchengines.dat
    [2010/02/24 10:15:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
    [2010/02/24 10:15:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_pornography.dat
    [2010/02/24 10:15:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinedating.dat
    [2010/02/24 10:15:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_news.dat
    [2010/02/24 10:15:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_im.dat
    [2010/02/24 10:15:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_webproxy.dat
    [2010/02/24 10:15:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_video.dat
    [2010/02/24 10:15:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_tabloids.dat
    [2010/02/24 10:15:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlineshop.dat
    [2010/02/24 10:15:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinepay.dat
    [2010/02/24 10:15:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_illegal.dat
    [2010/02/24 10:15:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_hate.dat
    [2010/02/24 10:15:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_games.dat
    [2010/02/24 10:15:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_gambling.dat
    [2010/02/24 10:15:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_drugs.dat
    [2010/02/24 03:27:17 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application DataProductTweaks.xml
    [2010/02/24 03:27:17 | 000,000,385 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Datauser_gensett.xml
    [2010/02/24 02:33:12 | 000,885,183 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\stop0584.pdf
    [2010/02/24 01:40:48 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys
    [2010/02/24 01:40:47 | 000,106,464 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdhv.sys
    [2010/02/24 00:18:52 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
    [2010/01/30 23:31:34 | 000,000,300 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
    [2010/01/07 02:31:28 | 000,000,522 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100107_013124.reg
    [2010/01/07 02:30:40 | 000,051,726 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100107_013026.reg
    [2010/01/07 02:11:31 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\DigitalDave\.rnd
    [2010/01/07 01:42:10 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/01/07 01:40:53 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Data\default.pls
    [2010/01/06 03:38:04 | 000,104,221 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\An-Expert-Explains-the-Flu-Vaccine-Deception-and-the-Swine-Flu-Hoax.aspx.htm
    [2010/01/01 22:24:09 | 000,018,340 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100101_212403.reg
    [2010/01/01 21:22:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Irremote.ini
    [2010/01/01 18:51:54 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2009/12/23 11:17:43 | 3988,623,359 | ---- | M] () -- C:\GODFATHER_III.ISO
    [2009/12/23 11:17:43 | 000,008,426 | ---- | M] () -- C:\GODFATHER_III.MDS
    [2009/12/14 04:47:53 | 000,010,500 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20091214_034747.reg
    [2009/12/06 21:50:00 | 000,000,413 | ---- | M] () -- C:\Shortcut to My Documents.lnk
    [2009/12/06 18:11:45 | 000,008,628 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20091206_171139.reg
    [2009/12/05 05:09:21 | 005,337,476 | -H-- | M] () -- C:\Documents and Settings\DigitalDave\Local Settings\Application Data\IconCache.db
    [2009/12/03 00:23:12 | 000,072,774 | ---- | M] (Jordan Russell) -- C:\WINDOWS\unins000.exe
    [2009/12/03 00:23:12 | 000,001,057 | ---- | M] () -- C:\WINDOWS\unins000.dat
    [2009/12/02 21:52:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/12/02 21:52:36 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2009/11/20 22:34:54 | 002,293,286 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
    [2009/11/20 22:34:54 | 000,069,632 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
    [2009/11/20 22:34:54 | 000,025,699 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
    [2009/11/20 22:34:54 | 000,008,743 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
    [2009/11/20 21:32:00 | 000,064,882 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
    [2009/11/18 02:12:20 | 000,070,058 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20091118_011013.reg
    [2009/08/16 17:20:49 | 000,103,107 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\DriveCheck-Windows Instructions.pdf
    [2009/08/07 21:31:47 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [2009/08/06 19:24:18 | 000,327,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
    [2009/08/06 19:24:18 | 000,327,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
    [2009/08/06 19:24:18 | 000,209,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
    [2009/08/06 19:24:18 | 000,021,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
    [2009/08/06 19:24:12 | 000,015,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
    [2009/08/06 19:24:10 | 000,217,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
    [2009/08/06 19:24:10 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
    [2009/08/06 19:24:10 | 000,035,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
    [2009/08/06 19:24:10 | 000,035,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
    [2009/08/06 19:24:06 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
    [2009/08/06 19:24:06 | 000,015,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
    [2009/08/06 19:24:04 | 000,096,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
    [2009/08/06 19:24:04 | 000,096,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
    [2009/08/06 19:24:00 | 000,017,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
    [2009/08/06 19:23:54 | 000,575,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
    [2009/08/06 19:23:54 | 000,575,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
    [2009/08/06 19:23:46 | 001,929,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
    [2009/08/06 19:23:46 | 000,274,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
    [2009/08/06 19:23:46 | 000,016,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
    [2009/07/31 00:57:32 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
    [2009/07/16 00:08:15 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Start Menu\Programs\Startup\Shortcut to WIN2DO.lnk
    [2009/07/06 01:20:16 | 000,952,125 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\
    [2009/07/04 15:29:13 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Desktop\Disc Copier.lnk
    [2009/07/04 15:27:47 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\BurnData.bin
    [2009/07/02 23:02:10 | 000,323,899 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\bit_ddefendere_log_7_2_2009.xml
    [2009/07/02 20:25:15 | 000,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml
    [2009/07/02 20:25:15 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
    [2009/07/02 02:20:02 | 000,000,165 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
    [2009/06/30 22:27:38 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\AutoPartNt.let
    [2009/06/30 02:10:40 | 000,000,012 | ---- | M] () -- C:\WINDOWS\WinInit.INI
    [2009/06/30 01:33:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
    [2009/06/30 00:53:46 | 000,000,419 | ---- | M] () -- C:\WINDOWS\MAXLINK.INI
    [2009/06/29 03:58:21 | 000,250,032 | RHS- | M] () -- C:\ntldr
    [2009/06/29 03:58:21 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/06/29 02:53:46 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
    [2009/06/29 02:50:03 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
    [2009/06/29 02:40:52 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
    [2009/06/29 02:37:57 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2009/06/29 02:37:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2009/06/29 02:37:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/06/29 02:37:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
    [2009/06/29 02:37:57 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009/06/29 02:37:57 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/06/29 02:37:53 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2009/06/29 02:37:53 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2009/06/29 02:37:51 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
    [2009/06/29 02:37:44 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
    [2009/06/29 02:36:41 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
    [2009/06/29 02:36:41 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
    [2009/06/29 02:36:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
    [2009/06/29 02:36:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
    [2009/06/29 02:36:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
    [2009/06/29 02:36:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
    [2009/06/29 02:36:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
    [2009/06/29 02:36:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
    [2009/06/29 02:34:34 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2009/06/29 02:34:24 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
    [2009/06/29 02:34:24 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/05/12 00:39:54 | 000,025,374 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100512_003943.reg
    [2010/05/02 02:48:08 | 000,004,196 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\Document.rtf
    [2010/05/02 00:59:38 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Desktop\HijackThis.lnk
    [2010/05/01 22:59:34 | 000,355,430 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\GLOCK_en.pdf
    [2010/04/24 11:26:16 | 000,000,916 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100424_112614.reg
    [2010/04/22 22:33:09 | 000,010,512 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100422_223304.reg
    [2010/04/10 23:50:04 | 000,010,680 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100410_234945.reg
    [2010/04/09 00:21:13 | 000,015,329 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\Messages from the Stars (Celebrities).eml
    [2010/04/04 04:34:31 | 000,102,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/04/04 00:34:44 | 000,004,964 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100404_003441.reg
    [2010/03/27 02:21:19 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/03/27 02:03:11 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
    [2010/03/23 01:49:48 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
    [2010/03/20 00:50:36 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\event_log_3_19_10.evt
    [2010/03/13 02:44:47 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100313_014444.reg
    [2010/03/11 03:41:55 | 002,207,744 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Desktop\Diag504fCD.iso
    [2010/03/06 17:06:41 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Desktop\Shortcut to Polaroid_Camera_t1035 Manual.lnk
    [2010/03/05 10:21:05 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Application Dataprivacy.xml
    [2010/02/26 23:48:08 | 000,027,528 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100226_224805.reg
    [2010/02/26 14:12:33 | 001,648,902 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Desktop\RC Northampton break-in loss report - 2-25-2010.jpg
    [2010/02/25 02:01:10 | 000,094,763 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Desktop\Armed Resistance to Crime.htm
    [2010/02/24 10:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
    [2010/02/24 10:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
    [2010/02/24 10:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
    [2010/02/24 10:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_sign.slf
    [2010/02/24 10:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
    [2010/02/24 10:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
    [2010/02/24 10:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
    [2010/02/24 10:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
    [2010/02/24 10:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
    [2010/02/24 10:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
    [2010/02/24 10:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
    [2010/02/24 10:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
    [2010/02/24 10:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
    [2010/02/24 10:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
    [2010/02/24 10:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
    [2010/02/24 10:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
    [2010/02/24 10:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
    [2010/02/24 10:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
    [2010/02/24 10:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
    [2010/02/24 10:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
    [2010/02/24 03:27:17 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Application DataProductTweaks.xml
    [2010/02/24 03:27:17 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Application Datauser_gensett.xml
    [2010/02/24 02:33:12 | 000,885,183 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\stop0584.pdf
    [2010/02/24 01:41:12 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\ashttpstats.csv
    [2010/01/07 02:31:26 | 000,000,522 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100107_013124.reg
    [2010/01/07 02:30:31 | 000,051,726 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100107_013026.reg
    [2010/01/06 03:38:00 | 000,104,221 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\An-Expert-Explains-the-Flu-Vaccine-Deception-and-the-Swine-Flu-Hoax.aspx.htm
    [2010/01/03 01:53:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2010/01/01 22:24:06 | 000,018,340 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100101_212403.reg
    [2010/01/01 21:22:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
    [2009/12/14 04:47:49 | 000,010,500 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20091214_034747.reg
    [2009/12/06 18:11:42 | 000,008,628 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20091206_171139.reg
    [2009/12/03 00:23:11 | 000,001,057 | ---- | C] () -- C:\WINDOWS\unins000.dat
    [2009/11/18 02:10:16 | 000,070,058 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20091118_011013.reg
    [2009/09/15 00:37:15 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\
    [2009/09/15 00:36:55 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\
    [2009/09/11 03:19:12 | 000,304,585 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Desktop\daves.WAB
    [2009/08/16 17:20:49 | 000,103,107 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\DriveCheck-Windows Instructions.pdf
    [2009/08/07 21:31:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/07/16 00:08:15 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Start Menu\Programs\Startup\Shortcut to WIN2DO.lnk
    [2009/07/13 22:14:00 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
    [2009/07/06 01:20:15 | 000,952,125 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\
    [2009/07/04 15:29:13 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Desktop\Disc Copier.lnk
    [2009/07/02 23:02:10 | 000,323,899 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\bit_ddefendere_log_7_2_2009.xml
    [2009/07/02 20:25:15 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
    [2009/07/01 01:45:21 | 000,000,217 | ---- | C] () -- C:\WINDOWS\WIN2DO.INI
    [2009/06/30 02:30:58 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2009/06/30 02:10:40 | 000,000,012 | ---- | C] () -- C:\WINDOWS\WinInit.INI
    [2009/06/30 01:33:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2009/06/30 00:53:46 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
    [2009/06/29 04:03:58 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
    [2009/06/29 04:02:59 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax
    [2009/06/29 04:02:59 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbicodec.ax
    [2009/06/29 04:02:58 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax
    [2009/06/29 04:02:49 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
    [2009/06/29 02:50:03 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
    [2009/06/29 02:40:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2009/06/29 02:37:53 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
    [2009/06/29 02:37:51 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
    [2009/06/29 02:36:41 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
    [2009/06/29 02:36:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
    [2009/06/29 02:36:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
    [2009/06/29 02:36:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
    [2009/06/29 02:35:38 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
    [2009/06/29 02:35:37 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
    [2009/06/29 02:33:45 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
    [2009/06/29 02:33:45 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
    [2009/06/29 02:33:45 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
    [2009/06/29 02:33:45 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
    [2009/06/29 02:33:45 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
    [2009/06/29 02:33:45 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
    [2009/06/29 02:33:45 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
    [2009/06/29 02:33:45 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
    [2009/06/29 02:33:45 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
    [2009/06/29 02:33:45 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
    [2009/06/29 02:33:45 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
    [2009/06/29 02:33:44 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
    [2009/06/29 02:33:44 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
    [2009/06/29 02:33:41 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
    [2009/06/29 02:33:41 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
    [2009/06/29 02:33:27 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
    [2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
    [2008/09/18 00:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
    [2001/08/23 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

    ========== LOP Check ==========

    [2009/06/30 01:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
    [2010/02/24 00:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
    [2009/06/30 00:47:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2009/07/03 02:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
    [2010/01/08 02:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
    [2010/01/01 19:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2010/05/05 00:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
    [2009/06/30 00:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2009/12/15 21:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
    [2010/03/27 02:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/07/09 01:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\.BitTornado
    [2010/02/24 00:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\BitDefender
    [2010/02/26 14:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\Canon
    [2009/12/06 12:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/01/23 21:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\DVDFab
    [2010/04/14 21:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\foobar2000
    [2010/04/25 02:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\GARMIN
    [2009/07/01 01:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\Genie-Soft
    [2010/04/08 01:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\ImgBurn
    [2009/07/04 12:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\InterVideo
    [2010/05/05 23:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\RipIt4Me
    [2009/06/30 00:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\ScanSoft
    [2009/12/02 23:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\SystemRequirementsLab
    [2010/05/12 00:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\Vso

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >
    [2010/04/08 01:52:59 | 004,614,113 | ---- | M] (LIGHTNING UK!) -- C:\SetupImgBurn_2.5.1.0.exe


    < MD5 for: AGP440.SYS >
    [2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
    [2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
    [2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS
    [2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS
    [2001/08/17 09:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
    [2001/08/23 08:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
    [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
    [2009/06/25 16:04:32 | 000,001,536 | ---- | M] () MD5=8D4CD834292293F4055BAC313268E2DE -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
    [2001/08/23 08:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: IDECHNDR.SYS >
    [2002/10/15 01:00:00 | 000,101,431 | ---- | M] (Intel Corporation) MD5=7D2B8BE9E89628663C1FB571F7C34062 -- C:\Program Files\Intel\Intel Application Accelerator\Driver\IdeChnDr.sys
    [2002/10/15 01:00:00 | 000,101,431 | ---- | M] (Intel Corporation) MD5=7D2B8BE9E89628663C1FB571F7C34062 -- C:\WINDOWS\system32\drivers\IdeChnDr.sys

    < MD5 for: NETLOGON.DLL >
    [2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
    [2001/08/23 08:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
    [2001/08/23 08:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

    < %systemroot%\*. /mp /s >

    < CREATERESTOREPOINT >

    < >
    < End of report >
     
  5. schrauber

    schrauber

    Joined:
    Apr 25, 2010
    Messages:
    77
    Hi,

    Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
    • Click on this link to see a list of programs that should be disabled.
    • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
    • Allow the driver to load if asked.
    • You may be prompted to scan immediately if it detects rootkit activity.
    • If you are prompted to scan your system click "No", save the log and post back the results.
    • If not prompted, click the "Rootkit/Malware" tab.
    • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
    • Select all drives that are connected to your system to be scanned.
    • Click the Scan button to begin. (Please be patient as it can take some time to complete)
    • When the scan is finished, click Save to save the scan results to your Desktop.
    • Save the file as Results.log and copy/paste the contents in your next reply.
    • Exit the program and re-enable all active protection when done.
     
  6. digitaldave55

    digitaldave55 Thread Starter

    Joined:
    May 1, 2010
    Messages:
    11
    Hi Tom,
    Thank you for taking the time to help with my problem.
    I had turned of my anti virus (Bitdefender) and rebooted, but it appears the drivers are still loading.

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit quick scan 2010-05-23 16:38:25
    Windows 5.1.2600 Service Pack 2
    Running: 6vjgci8c.exe; Driver: C:\DOCUME~1\DIGITA~1\LOCALS~1\Temp\kfrcyaob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
    AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
    AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
    AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

    ---- EOF - GMER 1.0.15 ----
     
  7. digitaldave55

    digitaldave55 Thread Starter

    Joined:
    May 1, 2010
    Messages:
    11
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-05-23 21:04:06
    Windows 5.1.2600 Service Pack 2
    Running: 6vjgci8c.exe; Driver: C:\DOCUME~1\DIGITA~1\LOCALS~1\Temp\kfrcyaob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwAllocateVirtualMemory [0xB8083AE4]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwAssignProcessToJobObject [0xB8083E4E]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwConnectPort [0xB808513E]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateFile [0xB8084868]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateKey [0xB80855C6]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateProcess [0xB8083F98]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateProcessEx [0xB808401A]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateSection [0xB808468C]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateThread [0xB80836E6]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwDeviceIoControlFile [0xB80856C6]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwDuplicateObject [0xB80882F4]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwFsControlFile [0xB8085804]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwLoadDriver [0xB808625C]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenFile [0xB808477C]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenProcess [0xB8088046]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenSection [0xB80845AC]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenThread [0xB8088174]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwProtectVirtualMemory [0xB80839E2]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwQueueApcThread [0xB8083EF0]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwReplaceKey [0xB8085DBE]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRequestPort [0xB80851CE]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRequestWaitReplyPort [0xB8084F6A]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRestoreKey [0xB8085E2E]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSecureConnectPort [0xB8085374]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetContextThread [0xB80837D6]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetSecurityObject [0xB8085D4E]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetSystemInformation [0xB8083BE8]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSuspendProcess [0xB8083944]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSuspendThread [0xB80838A6]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSystemDebugControl [0xB8083DAC]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwTerminateProcess [0xB8087FB6]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwTerminateThread [0xB8088402]
    SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwWriteVirtualMemory [0xB80835E4]

    INT 0x34 ? FEB7E044

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!_abnormal_termination + 114 804E2770 1 Byte [8C]
    .text ntoskrnl.exe!_abnormal_termination + 40C 804E2A68 4 Bytes CALL A80632A8
    .text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [44, 39, 08, B8, A6, 38, 08, ...]
    .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF348F380, 0x5414D5, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[3808] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\Explorer.EXE[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [012F2070] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
    IAT C:\WINDOWS\Explorer.EXE[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [012F20B0] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
    IAT C:\WINDOWS\Explorer.EXE[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [012F2030] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
    IAT C:\WINDOWS\Explorer.EXE[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [012F2000] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
    IAT C:\WINDOWS\Explorer.EXE[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [012F4C50] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
    AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
    AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
    AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  8. schrauber

    schrauber

    Joined:
    Apr 25, 2010
    Messages:
    77
    Hi,


    Please go here and have a look how you can disable your security software.

    Download Combofix from any of the links below but rename it to <schrauber> before saving it to your desktop.

    Link 1
    Link 2



    --------------------------------------------------------------------

    Double click on the renamed Combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes, to continue scanning for malware.

    When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper


    If you need help, see this link:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
     
  9. digitaldave55

    digitaldave55 Thread Starter

    Joined:
    May 1, 2010
    Messages:
    11
    ComboFix 10-05-24.03 - DigitalDave 05/25/2010 2:06.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.170 [GMT -4:00]
    Running from: c:\downloads\schrauber.exe
    AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\DigitalDave\Application Data\inst.exe
    c:\windows\jestertb.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 )))))))))))))))))))))))))))))))
    .

    2010-05-25 03:21 . 2004-08-04 04:56 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
    2010-05-24 00:50 . 2010-05-24 00:54 -------- d-----w- c:\program files\QuickTime
    2010-05-21 03:20 . 2010-05-21 03:20 -------- d-----w- C:\DVD_VIDEO
    2010-05-21 02:24 . 2010-05-21 02:14 293376 ----a-w- C:\6vjgci8c.exe
    2010-05-21 01:09 . 2010-05-21 01:25 -------- d-----w- C:\DVD_VIDEO_SPANGLISH
    2010-05-20 05:47 . 2010-05-20 07:29 -------- d-----w- C:\PANGLISH_VIDEO
    2010-05-19 03:38 . 2006-11-01 17:07 334720 ----a-w- C:\RootkitRevealer.exe
    2010-05-02 04:59 . 2010-05-02 04:59 -------- d-----w- c:\program files\Trend Micro

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-24 04:45 . 2010-04-17 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-05-21 01:25 . 2009-07-04 04:50 -------- d-----w- c:\documents and settings\DigitalDave\Application Data\RipIt4Me
    2010-05-21 00:52 . 2009-07-04 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
    2010-05-19 02:36 . 2010-04-24 05:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-12 04:34 . 2009-07-04 06:14 -------- d-----w- c:\documents and settings\DigitalDave\Application Data\Vso
    2010-05-12 04:34 . 2009-07-04 06:14 47360 ----a-w- c:\documents and settings\DigitalDave\Application Data\pcouffin.sys
    2010-05-12 04:34 . 2009-07-04 06:14 47360 ----a-w- c:\documents and settings\DigitalDave\Application Data\pcouffin.sys
    2010-05-05 04:44 . 2009-07-04 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Napster
    2010-05-05 04:43 . 2009-07-04 17:04 -------- d-----w- c:\program files\Common Files\Roxio Shared
    2010-05-05 04:36 . 2010-03-27 06:18 -------- d-----w- c:\program files\Common Files\Apple
    2010-04-29 19:39 . 2010-04-24 05:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 19:39 . 2010-04-24 05:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-26 03:47 . 2009-06-29 08:11 37136 ----a-w- c:\documents and settings\DigitalDave\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-26 03:09 . 2009-07-05 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-04-25 06:00 . 2009-07-20 05:03 -------- d-----w- c:\documents and settings\DigitalDave\Application Data\GARMIN
    2010-04-24 14:43 . 2010-04-10 22:35 -------- d-----w- c:\program files\XPRepairPro2006
    2010-04-24 05:45 . 2010-04-24 05:45 -------- d-----w- c:\documents and settings\DigitalDave\Application Data\Malwarebytes
    2010-04-24 05:44 . 2010-04-24 05:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-21 05:34 . 2009-07-20 05:30 -------- d-----w- c:\program files\Garmin
    2010-04-17 04:44 . 2010-04-17 04:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-04-15 07:27 . 2010-04-04 08:34 102272 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-04-15 01:14 . 2010-04-08 05:40 -------- d-----w- c:\documents and settings\DigitalDave\Application Data\foobar2000
    2010-04-08 05:58 . 2010-04-08 05:47 -------- d-----w- c:\program files\ImgBurn
    2010-04-08 05:54 . 2010-04-08 05:54 -------- d-----w- c:\documents and settings\DigitalDave\Application Data\ImgBurn
    2010-04-08 05:52 . 2010-04-08 05:52 4614113 ----a-w- C:\SetupImgBurn_2.5.1.0.exe
    2010-04-08 05:40 . 2010-04-08 05:39 -------- d-----w- c:\program files\foobar2000
    2010-04-04 07:56 . 2009-06-30 06:31 -------- d-----w- c:\documents and settings\DigitalDave\Application Data\Intuit
    2010-04-04 07:33 . 2009-06-30 06:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
    2010-04-04 07:30 . 2009-06-30 06:31 -------- d-----w- c:\program files\Common Files\Intuit
    2010-04-04 07:29 . 2010-04-04 07:29 -------- d-----w- c:\program files\TurboTax
    2010-04-04 05:55 . 2010-04-04 05:55 -------- d-----w- c:\program files\MSBuild
    2010-04-04 05:55 . 2010-04-04 05:55 -------- d-----w- c:\program files\Reference Assemblies
    2010-04-04 05:43 . 2010-04-04 05:43 -------- d-----w- c:\program files\MSXML 6.0
    2010-04-04 04:43 . 2009-07-04 05:25 -------- d-----w- c:\program files\CCleaner
    2010-04-02 03:33 . 2009-07-24 16:26 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
    2010-03-27 20:10 . 2010-03-27 06:30 -------- d-----w- c:\documents and settings\DigitalDave\Application Data\Apple Computer
    2010-03-27 06:29 . 2010-03-27 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2010-03-27 06:29 . 2010-03-27 06:24 -------- d-----w- c:\program files\iTunes
    2010-03-27 06:26 . 2010-03-27 06:26 -------- d-----w- c:\program files\iPod
    2010-03-27 06:24 . 2010-03-27 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2010-03-27 06:21 . 2010-03-27 06:21 -------- d-----w- c:\program files\Apple Software Update
    2010-03-27 06:18 . 2010-03-27 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2010-03-14 23:15 . 2010-03-14 23:15 6725632 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181625-18178.dll
    2010-03-14 23:15 . 2009-07-02 06:16 245760 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
    2010-02-26 10:06 . 2010-02-26 10:06 348160 ------w- c:\documents and settings\DigitalDave\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5d19de7b-n\msvcr71.dll
    2010-02-26 10:06 . 2010-02-26 10:06 503808 ------w- c:\documents and settings\DigitalDave\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5d19de7b-n\msvcp71.dll
    2010-02-26 10:06 . 2010-02-26 10:06 61440 ------w- c:\documents and settings\DigitalDave\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7d6f0494-n\decora-sse.dll
    2010-02-26 10:06 . 2010-02-26 10:06 499712 ------w- c:\documents and settings\DigitalDave\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5d19de7b-n\jmc.dll
    2010-02-26 10:06 . 2010-02-26 10:06 12800 ------w- c:\documents and settings\DigitalDave\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7d6f0494-n\decora-d3d.dll
    2003-08-27 18:19 . 2009-07-04 17:23 36963 ------w- c:\program files\Common Files\SM1updtr.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
    "SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-02 1123360]

    c:\documents and settings\DigitalDave\Start Menu\Programs\Startup\
    Shortcut to WIN2DO.lnk - c:\program files\WIN_2_DO\WIN2DO.EXE [2009-7-15 131664]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
    2006-10-17 01:13 87584 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
    2006-10-17 01:17 1941784 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2006-03-22 01:30 1191936 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-02-15 22:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2009-11-21 01:32 110184 ----a-w- c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    2006-03-21 17:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
    2005-11-29 17:22 1544099 ----a-w- c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2004-01-27 21:39 1179648 ----a-w- c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
    2003-08-27 18:20 94208 ----a-r- c:\windows\SM1bg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2003-09-30 04:14 155648 ------w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TraySantaCruz]
    2000-07-26 17:46 221184 ----a-w- c:\windows\system32\tbctray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
    2006-10-17 01:12 1164912 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AcrSch2Svc"=2 (0x2)
    "FastUserSwitchingCompatibility"=3 (0x3)
    "LightScribeService"=2 (0x2)
    "IntuitUpdateService"=2 (0x2)
    "idsvc"=3 (0x3)
    "VSSERV"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [12/7/2009 7:46 PM 153448]
    R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [6/30/2009 2:10 AM 158352]
    R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [6/30/2009 2:10 AM 457472]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - UPNPHOST

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    bdx REG_MULTI_SZ scan

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-11-20 19:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    Trusted Zone: intuit.com\ttlc
    DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
    FF - ProfilePath - c:\documents and settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\
    FF - prefs.js: browser.search.selectedEngine - Webster
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff2.dll
    FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.6.dll
    FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.dll
    FF - plugin: c:\documents and settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    MSConfigStartUp-InCD - c:\program files\Nero\Nero8\InCD\InCD.exe
    MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
    MSConfigStartUp-nwiz - nwiz.exe
    MSConfigStartUp-SecurDisc - c:\program files\Nero\Nero8\InCD\NBHGui.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-25 02:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(808)
    c:\windows\system32\relog_ap.dll
    .
    Completion time: 2010-05-25 02:24:01
    ComboFix-quarantined-files.txt 2010-05-25 06:23

    Pre-Run: 25,619,726,336 bytes free
    Post-Run: 25,685,729,280 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

    - - End Of File - - 8407250E199277700C44AAD3BE25617F
     
  10. schrauber

    schrauber

    Joined:
    Apr 25, 2010
    Messages:
    77
    Hi :)

    Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile.

    Also please open OTL, set the extra registry tab to use safe list and hit the run scan button, post back with the 2 logfiles.


    How is it running?
     
  11. digitaldave55

    digitaldave55 Thread Starter

    Joined:
    May 1, 2010
    Messages:
    11
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4150

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    5/27/2010 10:51:14 PM
    mbam-log-2010-05-27 (22-51-14).txt

    Scan type: Quick scan
    Objects scanned: 129782
    Time elapsed: 15 minute(s), 0 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  12. digitaldave55

    digitaldave55 Thread Starter

    Joined:
    May 1, 2010
    Messages:
    11
    OTL logfile created on: 5/27/2010 11:07:10 PM - Run 3
    OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.00 Mb Total Physical Memory | 186.00 Mb Available Physical Memory | 36.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1024 1280 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 127.99 Gb Total Space | 11.03 Gb Free Space | 8.62% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    Drive F: | 74.52 Gb Total Space | 4.64 Gb Free Space | 6.23% Space Free | Partition Type: NTFS
    G: Drive not present or media not loaded
    Drive H: | 104.89 Gb Total Space | 2.86 Gb Free Space | 2.73% Space Free | Partition Type: NTFS
    I: Drive not present or media not loaded

    Computer Name: ROAD-RUNNER
    Current User Name: DigitalDave
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2010/05/13 01:13:52 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\OTL.exe
    PRC - [2010/05/04 23:22:20 | 001,615,688 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
    PRC - [2010/04/02 18:54:14 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/04/01 23:34:56 | 001,123,360 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
    PRC - [2010/04/01 23:33:38 | 001,091,984 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
    PRC - [2010/01/11 14:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    PRC - [2009/04/17 14:17:40 | 001,349,912 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2004/08/04 00:56:56 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/05/13 01:13:52 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\OTL.exe
    MOD - [2004/08/04 00:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
    MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (RIWQBFBC)
    SRV - [2010/05/04 23:22:20 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
    SRV - [2010/04/01 23:33:39 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
    SRV - [2010/01/11 14:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
    SRV - [2009/11/06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2009/10/19 17:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
    SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2009/04/17 14:17:40 | 001,349,912 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
    SRV - [2006/10/16 21:13:28 | 000,230,944 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/05/04 23:22:25 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
    DRV - [2010/05/04 23:22:24 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
    DRV - [2010/04/01 23:33:50 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
    DRV - [2010/02/24 01:40:51 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
    DRV - [2010/02/24 01:40:51 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
    DRV - [2010/02/24 01:40:48 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
    DRV - [2009/11/20 22:34:54 | 010,235,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2009/06/29 02:59:42 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\timntr.sys -- (timounter)
    DRV - [2009/06/29 02:59:42 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2009/06/29 02:59:38 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\snapman.sys -- (snapman)
    DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2004/01/27 17:40:26 | 000,284,928 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
    DRV - [2004/01/27 17:39:56 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd_2k.sys -- (dvd_2K)
    DRV - [2004/01/27 17:34:56 | 000,140,416 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
    DRV - [2004/01/27 17:34:46 | 000,043,008 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2004/01/27 17:32:00 | 000,024,576 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2004/01/27 17:29:44 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mmc_2k.sys -- (mmc_2K)
    DRV - [2004/01/27 17:29:40 | 000,197,632 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Udfreadr.sys -- (UDFReadr)
    DRV - [2004/01/27 17:16:38 | 000,117,248 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pwd_2k.sys -- (pwd_2k)
    DRV - [2002/10/15 01:00:00 | 000,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(R)
    DRV - [2002/10/15 01:00:00 | 000,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
    DRV - [2001/08/17 09:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
    DRV - [2001/08/17 08:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
    DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
    DRV - [2000/07/26 14:04:38 | 000,457,472 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbcwdm.sys -- (tbcwdm)
    DRV - [2000/07/26 14:04:34 | 000,158,352 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbcspud.sys -- (tbcspud)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Webster"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com"
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
    FF - prefs.js..extensions.enabledItems: 6
    FF - prefs.js..extensions.enabledItems: 2
    FF - prefs.js..extensions.enabledItems: 49
    FF - prefs.js..extensions.enabledItems: [email protected]:2.0
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.77
    FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

    FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/04/02 17:06:56 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/23 20:54:46 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/23 21:01:42 | 000,000,000 | ---D | M]

    [2009/06/30 01:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Extensions
    [2010/05/27 22:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\extensions
    [2010/05/18 23:21:18 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2009/12/06 17:44:52 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/04/08 01:58:47 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\searchplugins\askcom.xml
    [2009/07/15 01:22:35 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\searchplugins\webster.xml
    [2010/05/27 22:32:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/05/25 02:14:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
    O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
    O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - Startup: C:\Documents and Settings\DigitalDave\Start Menu\Programs\Startup\Shortcut to WIN2DO.lnk = C:\Program Files\WIN_2_DO\WIN2DO.EXE (Softdisk, Inc)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252121219177 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\DigitalDave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\DigitalDave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/29 02:37:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/05/26 22:24:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/05/25 02:04:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/05/25 01:50:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/05/25 01:50:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/05/25 01:50:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/05/25 01:50:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/05/25 01:50:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/05/25 01:48:54 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/05/24 00:43:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\DigitalDave\Recent
    [2010/05/23 20:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/05/22 15:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\Computer Tech
    [2010/05/20 23:20:45 | 000,000,000 | ---D | C] -- C:\DVD_VIDEO
    [2010/05/20 21:09:27 | 000,000,000 | ---D | C] -- C:\DVD_VIDEO_SPANGLISH
    [2010/05/20 01:47:51 | 000,000,000 | ---D | C] -- C:\PANGLISH_VIDEO
    [2010/05/19 23:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR
    [2010/05/18 23:38:32 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\RootkitRevealer.exe
    [2010/05/12 21:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Desktop\RC Warrington 22
    [2010/05/12 00:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\PcSetup
    [2010/05/02 00:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/05/27 22:21:56 | 000,000,217 | ---- | M] () -- C:\WINDOWS\WIN2DO.INI
    [2010/05/27 22:21:19 | 000,272,372 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2010/05/27 21:20:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/05/27 21:20:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/05/27 21:20:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/05/27 02:33:28 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
    [2010/05/27 02:33:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\DigitalDave\ntuser.ini
    [2010/05/27 02:33:12 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\DigitalDave\NTUSER.DAT
    [2010/05/27 00:05:33 | 029,076,924 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Local Settings\Application Data\imageCache7.db
    [2010/05/26 09:58:06 | 386,420,735 | ---- | M] () -- C:\THE_BRAVE_ONE.ISO
    [2010/05/26 09:10:26 | 386,527,231 | ---- | M] () -- C:\HEARTBREAK_KID_AC_169.ISO
    [2010/05/26 01:27:29 | 386,504,703 | ---- | M] () -- C:\NOTHING_LIKE_THE_HOLIDAYS.ISO
    [2010/05/25 23:55:08 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/05/25 23:09:23 | 000,000,519 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/05/25 23:09:23 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/05/25 23:09:23 | 000,000,271 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/05/25 02:14:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/05/24 23:22:16 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
    [2010/05/24 22:39:12 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/05/23 21:25:30 | 000,004,658 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100523_212524.reg
    [2010/05/20 22:14:34 | 000,293,376 | ---- | M] () -- C:\6vjgci8c.exe
    [2010/05/20 20:59:45 | 3753,936,896 | ---- | M] () -- C:\THE_HANGOVER_EXTENDED_CUT.ISO
    [2010/05/14 21:50:25 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Dataprivacy.xml
    [2010/05/12 00:40:12 | 000,025,374 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100512_003943.reg
    [2010/05/12 00:34:50 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Data\pcouffin.cat
    [2010/05/12 00:34:49 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\DigitalDave\Application Data\pcouffin.sys
    [2010/05/12 00:34:49 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Data\pcouffin.inf
    [2010/05/06 10:45:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/05/02 02:48:08 | 000,004,196 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\Document.rtf
    [2010/05/01 22:59:35 | 000,355,430 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\GLOCK_en.pdf
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/05/26 09:22:07 | 386,420,735 | ---- | C] () -- C:\THE_BRAVE_ONE.ISO
    [2010/05/26 08:20:28 | 386,527,231 | ---- | C] () -- C:\HEARTBREAK_KID_AC_169.ISO
    [2010/05/26 00:53:05 | 386,504,703 | ---- | C] () -- C:\NOTHING_LIKE_THE_HOLIDAYS.ISO
    [2010/05/25 23:55:08 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/05/25 02:04:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/05/25 02:04:35 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/05/25 01:50:28 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/05/25 01:50:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/05/25 01:50:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/05/25 01:50:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/05/25 01:50:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/05/23 21:25:28 | 000,004,658 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100523_212524.reg
    [2010/05/20 22:24:25 | 000,293,376 | ---- | C] () -- C:\6vjgci8c.exe
    [2010/05/20 20:53:09 | 3753,936,896 | ---- | C] () -- C:\THE_HANGOVER_EXTENDED_CUT.ISO
    [2010/05/18 23:38:32 | 000,102,160 | ---- | C] () -- C:\RootkitRevealer.chm
    [2010/05/12 00:39:54 | 000,025,374 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100512_003943.reg
    [2010/05/02 02:48:08 | 000,004,196 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\Document.rtf
    [2010/05/01 22:59:34 | 000,355,430 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\GLOCK_en.pdf
    [2010/01/03 01:53:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2010/01/01 21:22:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
    [2009/08/07 21:31:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/07/13 22:14:00 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
    [2009/07/01 01:45:21 | 000,000,217 | ---- | C] () -- C:\WINDOWS\WIN2DO.INI
    [2009/06/30 02:30:58 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2009/06/30 02:10:40 | 000,000,012 | ---- | C] () -- C:\WINDOWS\WinInit.INI
    [2009/06/30 00:53:46 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
    [2009/06/29 04:02:49 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
    [2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
    [2008/09/18 00:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
    [2001/08/23 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
    < End of report >
     
  13. digitaldave55

    digitaldave55 Thread Starter

    Joined:
    May 1, 2010
    Messages:
    11
    Tom,
    In response to your question: How is it running?
    It is much better, but can still have spurts of heavy HD activity without my input. I am beginning to believe the OS has a lot of garbage in it. I have used CC cleaner for several years and it does a good job of cleaning the registry, but there are some programs, like windows update that doesn't seem to quit...by that I mean it is always looking to update, and I do not patch everything they suggest. I know more memory would help, but for the type I need it would cost me about $80 - $100 to get to a gig.
    I will wait for your response on the last set of logs.
    Thank You.
     
  14. schrauber

    schrauber

    Joined:
    Apr 25, 2010
    Messages:
    77
    :eek:

    What kind or RAM do you need?

    Download TFC to your desktop

    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean





    Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic




    Please open OTL, set the extra registry tab to use safe list and hit the run scan button, post back with the 2 logfiles.
     
  15. digitaldave55

    digitaldave55 Thread Starter

    Joined:
    May 1, 2010
    Messages:
    11
    RIMM - would need 4 256's to make a gig. Machine has 4 slots....2 - 256's now. I tried e-bay for over a month & gave up....always started low & ended up around $80.
    (supply & demand.....low supply & high demand for ram not being manufactured)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/920532

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice