hard drive w/ constant activity - system slow

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

digitaldave55

Thread Starter
Joined
May 1, 2010
Messages
11
Hello to all,
I have a problem w/ HD being active almost all the time... system has become very slow, especially browsing. Ran spyware removal tools & I was infected with something. (don't remember, but was removed, so claimed) I believe is was in my daughters music files I backed up to a secondary partition on my drive. I had scanned these files before back-up but appeared to be ok.
Before I format & install I want to try & clean the system.
Thanks in advance for all that help.

System configuration: Win XP Pro SP 2, Pentium 4 1.3 GHz w/512 MB RAM


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:35 AM, on 5/2/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Shortcut to WIN2DO.lnk = C:\Program Files\WIN_2_DO\WIN2DO.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252121219177
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

--
End of file - 5275 bytes

Note: win2do.exe is an old calender program I have used for years, on all my systems.
Startup: Shortcut to WIN2DO.lnk = C:\Program Files\WIN_2_DO\WIN2DO.EXE
 
Joined
Apr 25, 2010
Messages
77
Hello, digitaldave55
Welcome to the TechSupportGuy Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:

  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.



Sorry for the delay in response. If you still need help, please do the following.



  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the
    icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
 

digitaldave55

Thread Starter
Joined
May 1, 2010
Messages
11
OTL Extras logfile created on: 5/15/2010 9:38:55 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\DigitalDave\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 93.00 Mb Available Physical Memory | 18.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 43.26 Gb Free Space | 33.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 74.52 Gb Total Space | 4.66 Gb Free Space | 6.26% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 104.89 Gb Total Space | 2.86 Gb Free Space | 2.73% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: ROAD-RUNNER
Current User Name: DigitalDave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Disabled:btdownloadgui -- ()
"C:\Documents and Settings\DigitalDave\Local Settings\Temp\usmt\migwiz.exe" = C:\Documents and Settings\DigitalDave\Local Settings\Temp\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard -- File not found
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Disabled:Nero ControlCenter -- File not found
"C:\Documents and Settings\DigitalDave\Local Settings\Temp\OnlineUpdate8\SetupXu.exe" = C:\Documents and Settings\DigitalDave\Local Settings\Temp\OnlineUpdate8\SetupXu.exe:*:Disabled:Nero ControlCenter -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600" = Canon MP600
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 18
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C391720-EAA2-012B-AE98-000000000000}" = TurboTax 2009 wpaiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3E73666F-BC62-49A9-857D-C90A5B2CF899}" = Diskeeper 2009 Home
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3423C7-7F9B-4453-B807-5994A5F39B9D}" = BitDefender Antivirus 2010
"{7078B4DE-B9C5-45D2-845C-F67F9BD8065D}" = Garmin Mobile PC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7EACD74C-147F-478C-9389-F9F52EE3C88A}" = LightScribe System Software
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D58580-EA01-11D3-9318-008048B86EFE}" = Santa Cruz
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E8B236-7554-45FE-92C0-94EF76E4D182}" = Garmin City Navigator North America NT 2010.20
"{C4D26D60-7B43-4CE9-AE19-A380D9DF126B}" = Garmin MapSource
"{CB4544EA-C189-41FE-9E3A-76591DDB852B}" = Roxio Easy Media Creator 7
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A3275D-F67F-4C6B-AE4A-753170C2EAC8}" = Garmin MapInstall
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnarkClient" = Anark Client 1.0
"BitTornado" = BitTornado 0.3.17
"Canon MP600 User Registration" = Canon MP600 User Registration
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Identifier_is1" = DVD Identifier
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"foobar2000" = foobar2000 v0.9.5.5
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"IsoBuster_is1" = IsoBuster 2.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"NVIDIA Screen Saver_is1" = NVIDIA Screen Saver 1.2
"Outlook Express Backup_is1" = Outlook Express Backup V6.5
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"SystemRequirementsLab" = System Requirements Lab
"TurboTax 2009" = TurboTax 2009
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/8/2010 1:05:09 AM | Computer Name = ROAD-RUNNER | Source = Application Error | ID = 1000
Description = Faulting application setup.exe, version 0.0.0.0, faulting module user32.dll,
version 5.1.2600.2180, fault address 0x0001294d.

[ System Events ]
Error - 5/11/2010 6:07:20 AM | Computer Name = ROAD-RUNNER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the WMI Performance Adapter
service to connect.

Error - 5/11/2010 6:07:27 AM | Computer Name = ROAD-RUNNER | Source = Service Control Manager | ID = 7000
Description = The WMI Performance Adapter service failed to start due to the following
error: %%1053

Error - 5/11/2010 6:08:19 AM | Computer Name = ROAD-RUNNER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the WMI Performance Adapter
service to connect.

Error - 5/11/2010 6:08:20 AM | Computer Name = ROAD-RUNNER | Source = Service Control Manager | ID = 7000
Description = The WMI Performance Adapter service failed to start due to the following
error: %%1053

Error - 5/12/2010 12:43:41 AM | Computer Name = ROAD-RUNNER | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706be: Windows Malicious Software Removal Tool - May 2010 (KB890830).

Error - 5/13/2010 10:51:26 PM | Computer Name = ROAD-RUNNER | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{62E6D4EC-3A08-489A-B5D3-7E972EDD6A2C}. The
backup browser is stopping.

Error - 5/13/2010 11:35:31 PM | Computer Name = ROAD-RUNNER | Source = Service Control Manager | ID = 7034
Description = The BitDefender Virus Shield service terminated unexpectedly. It
has done this 1 time(s).

Error - 5/13/2010 11:43:44 PM | Computer Name = ROAD-RUNNER | Source = Service Control Manager | ID = 7034
Description = The BitDefender Virus Shield service terminated unexpectedly. It
has done this 2 time(s).

Error - 5/14/2010 12:05:50 AM | Computer Name = ROAD-RUNNER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the WMI Performance Adapter
service to connect.

Error - 5/14/2010 12:05:50 AM | Computer Name = ROAD-RUNNER | Source = Service Control Manager | ID = 7000
Description = The WMI Performance Adapter service failed to start due to the following
error: %%1053


< End of report >
 

digitaldave55

Thread Starter
Joined
May 1, 2010
Messages
11
OTL logfile created on: 5/15/2010 9:38:55 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\DigitalDave\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 93.00 Mb Available Physical Memory | 18.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 43.26 Gb Free Space | 33.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 74.52 Gb Total Space | 4.66 Gb Free Space | 6.26% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 104.89 Gb Total Space | 2.86 Gb Free Space | 2.73% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: ROAD-RUNNER
Current User Name: DigitalDave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/13 01:13:52 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DigitalDave\Desktop\OTL.exe
PRC - [2010/05/04 23:22:20 | 001,615,688 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2010/04/02 18:54:14 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 23:34:56 | 001,123,360 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2010/04/01 23:33:38 | 001,091,984 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2010/01/11 14:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/17 14:17:40 | 001,349,912 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 00:56:56 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe


========== Modules (SafeList) ==========

MOD - [2010/05/13 01:13:52 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DigitalDave\Desktop\OTL.exe
MOD - [2004/08/04 00:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/04 23:22:20 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV - [2010/04/01 23:33:39 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2010/01/11 14:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/11/06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/10/19 17:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/04/17 14:17:40 | 001,349,912 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006/10/16 21:13:28 | 000,230,944 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - [2010/05/04 23:22:25 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2010/05/04 23:22:24 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/04/01 23:33:50 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/02/24 01:40:51 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2010/02/24 01:40:51 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2010/02/24 01:40:48 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2009/11/20 22:34:54 | 010,235,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/06/29 02:59:42 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/06/29 02:59:42 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/06/29 02:59:38 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\snapman.sys -- (snapman)
DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/01/27 17:40:26 | 000,284,928 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/01/27 17:39:56 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2004/01/27 17:34:56 | 000,140,416 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/01/27 17:34:46 | 000,043,008 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/01/27 17:32:00 | 000,024,576 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/01/27 17:29:44 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2004/01/27 17:29:40 | 000,197,632 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2004/01/27 17:16:38 | 000,117,248 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2002/10/15 01:00:00 | 000,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(R)
DRV - [2002/10/15 01:00:00 | 000,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2001/08/17 09:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 08:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2000/07/26 14:04:38 | 000,457,472 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbcwdm.sys -- (tbcwdm)
DRV - [2000/07/26 14:04:34 | 000,158,352 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbcspud.sys -- (tbcspud)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Webster"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.74
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/04/02 17:06:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 18:54:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/26 20:59:08 | 000,000,000 | ---D | M]

[2009/06/30 01:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Extensions
[2010/05/15 01:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\extensions
[2010/05/03 00:05:26 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/12/06 17:44:52 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/04/08 01:58:47 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\searchplugins\askcom.xml
[2009/07/15 01:22:35 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\searchplugins\webster.xml
[2010/05/15 01:09:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/17 16:47:57 | 000,391,944 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13540 more lines...
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\DigitalDave\Start Menu\Programs\Startup\Shortcut to WIN2DO.lnk = C:\Program Files\WIN_2_DO\WIN2DO.EXE (Softdisk, Inc)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252121219177 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\DigitalDave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DigitalDave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/29 02:37:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/06/29 02:37:25 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16620634377289728)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/13 01:13:51 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DigitalDave\Desktop\OTL.exe
[2010/05/12 21:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Desktop\RC Warrington 22
[2010/05/12 00:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\PcSetup
[2010/05/05 00:42:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/02 00:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/24 01:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Application Data\Malwarebytes
[2010/04/24 01:44:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/24 01:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/24 01:44:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/24 01:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/22 23:26:41 | 000,000,000 | ---D | C] -- C:\MapSource
[2010/04/22 22:38:24 | 000,000,000 | ---D | C] -- C:\Garmin
[2010/04/18 02:32:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\DigitalDave\Recent
[2010/04/17 00:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/17 00:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/04/10 18:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\XPRepairPro2006
[2010/04/08 01:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Application Data\ImgBurn
[2010/04/08 01:52:51 | 004,614,113 | ---- | C] (LIGHTNING UK!) -- C:\SetupImgBurn_2.5.1.0.exe
[2010/04/08 01:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010/04/08 01:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Application Data\foobar2000
[2010/04/08 01:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\foobar2000
[2010/04/04 04:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Local Settings\Application Data\Intuit
[2010/04/04 03:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Local Settings\Application Data\IsolatedStorage
[2010/04/04 03:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax
[2010/04/04 01:56:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/04 01:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/04/04 01:55:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/04/04 01:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/04/04 01:51:01 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/04/04 01:51:01 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/04/04 01:51:00 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/04/04 01:50:59 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/04/04 01:50:57 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/04/04 01:50:57 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/04/04 01:50:49 | 000,000,000 | ---D | C] -- C:\40890036d1ffefefa6
[2010/04/04 01:49:09 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/04/04 01:47:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/04/04 01:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/04/03 19:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\Downloads
[2010/04/03 18:50:30 | 000,000,000 | ---D | C] -- C:\Gateway_MX6625
[2010/03/27 02:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Application Data\Apple Computer
[2010/03/27 02:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/27 02:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/27 02:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/27 02:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/27 02:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/03/27 02:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Local Settings\Application Data\Apple
[2010/03/27 02:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/03/27 02:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/03/27 02:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/03/27 02:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Local Settings\Application Data\Apple Computer
[2010/03/20 00:24:57 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2010/03/16 01:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\WinZip.v14.0.Build.8688+keygen
[2010/03/11 03:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010/02/26 06:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/26 06:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/02/24 00:42:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Application Data\BitDefender
[2010/01/20 01:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\DVDFab
[2010/01/08 06:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\My Garmin
[2010/01/06 03:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\An-Expert-Explains-the-Flu-Vaccine-Deception-and-the-Swine-Flu-Hoax.aspx_files
[2010/01/01 18:51:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2009/12/04 00:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\Resume
[2009/12/02 21:26:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2009/09/22 01:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\466 Milano Dr. 2007
[2009/09/05 15:56:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Desktop\Tricorp
[2009/08/14 02:09:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/07/21 23:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\Electronic Bills
[2009/07/21 23:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\dvd decrypter settings_files
[2009/07/21 23:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\Diskeeper
[2009/07/21 23:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\bitpim
[2009/07/21 23:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\Azureus Downloads
[2009/07/21 23:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\Amusement Files
[2009/07/19 03:29:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/07/05 18:00:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2009/07/04 13:23:44 | 000,266,240 | R--- | C] (Cypress Semiconductor) -- C:\WINDOWS\SM1nint.exe
[2009/07/04 13:23:44 | 000,086,106 | R--- | C] (Cypress Semiconductor) -- C:\WINDOWS\System32\SM1un.exe
[2009/07/04 13:23:44 | 000,012,382 | R--- | C] (Cypress Semiconductor) -- C:\WINDOWS\System32\SM1ui32.dll
[2009/07/04 13:23:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\DRIVERS
[2009/07/04 13:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\My Music
[2009/07/04 12:32:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\DigitalDave\My Documents\My Pictures
[2009/07/01 01:23:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/07/01 01:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\Quicken
[2009/07/01 00:19:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/06/30 02:24:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2009/06/30 02:10:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\tbcdata
[2009/06/30 02:10:43 | 000,221,184 | ---- | C] (Voyetra Turtle Beach, Inc.) -- C:\WINDOWS\System32\tbctray.exe
[2009/06/30 02:10:37 | 000,131,072 | ---- | C] (Voyetra Turtle Beach, Inc.) -- C:\WINDOWS\System32\Tbccpnl.cpl
[2009/06/30 02:10:34 | 000,425,760 | ---- | C] (Voyetra Turtle Beach) -- C:\WINDOWS\System32\tbclang.dll
[2009/06/30 00:51:10 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL
[2009/06/29 04:11:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2009/06/29 04:10:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/06/29 04:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/06/29 04:02:59 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spiisupd.exe
[2009/06/29 04:02:46 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sbeio.dll
[2009/06/29 04:02:46 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\strmfilt.dll
[2009/06/29 04:02:46 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sdhcinst.dll
[2009/06/29 04:02:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2009/06/29 04:02:46 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smbinst.exe
[2009/06/29 04:02:45 | 001,116,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmsdmoe2.dll
[2009/06/29 04:02:45 | 000,937,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winbrand.dll
[2009/06/29 04:02:45 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmerror.dll
[2009/06/29 04:02:45 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmidx.dll
[2009/06/29 04:02:45 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpasf.dll
[2009/06/29 04:02:45 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winshfhc.dll
[2009/06/29 04:02:44 | 000,999,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvdmoe2.dll
[2009/06/29 04:02:44 | 000,936,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmspdmoe.dll
[2009/06/29 04:02:44 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2009/06/29 04:02:44 | 000,531,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmspdmod.dll
[2009/06/29 04:02:44 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2009/06/29 04:02:44 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2009/06/29 04:02:44 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscui.cpl
[2009/06/29 04:02:43 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpob2res.dll
[2009/06/29 04:02:43 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2009/06/29 04:02:43 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp1res.dll
[2009/06/29 04:02:43 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlprovi.dll
[2009/06/29 04:02:43 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2009/06/29 04:02:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2009/06/29 04:02:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2009/06/29 04:00:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/06/29 03:58:32 | 002,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll
[2009/06/29 03:57:25 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/06/29 03:56:41 | 000,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2009/06/29 03:54:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/06/29 03:54:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2009/06/29 02:54:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/06/29 02:53:48 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2009/06/29 02:38:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/06/29 02:36:41 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2009/06/29 02:36:41 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009/06/29 02:36:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009/06/29 02:35:32 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2009/06/29 02:35:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH
[2009/06/29 02:35:23 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2009/06/29 02:35:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/06/29 02:35:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/06/29 02:34:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2009/06/29 02:33:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2009/06/29 02:33:50 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2009/06/29 02:33:50 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2009/06/29 02:33:49 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2009/06/29 02:33:43 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2009/06/29 02:33:43 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2009/06/29 02:33:43 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2009/06/29 02:33:42 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2009/06/29 02:33:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2009/06/29 02:33:41 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2009/06/29 02:33:41 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2009/06/29 02:33:41 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2009/06/29 02:33:41 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2009/06/29 02:33:41 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2009/06/29 02:33:39 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2009/06/29 02:33:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2009/06/29 02:33:27 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2009/06/28 23:27:09 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2009/06/28 23:25:43 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2009/06/28 23:25:43 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2009/06/28 23:25:43 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2009/06/28 23:25:43 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2009/06/28 23:25:43 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2009/06/28 23:25:43 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2009/06/28 23:25:43 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2009/06/28 23:25:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2009/06/28 23:25:43 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2009/06/28 23:25:43 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2009/06/28 23:25:43 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2009/06/28 23:25:43 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2009/06/28 23:25:42 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2009/06/28 23:25:42 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2009/06/28 23:25:42 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2009/06/28 23:25:42 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\mmsystem.dll
[2009/06/28 23:25:42 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2009/06/28 23:25:42 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2009/06/28 23:25:42 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2009/06/28 23:25:42 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2009/06/28 23:25:42 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2009/06/28 23:25:42 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2009/06/28 23:25:42 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2009/06/28 23:25:42 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2009/06/28 23:25:41 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2009/06/28 23:19:58 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2009/06/28 23:19:58 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2009/06/28 23:19:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2009/06/28 23:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/15 15:26:42 | 026,848,700 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Local Settings\Application Data\imageCache7.db
[2010/05/14 22:53:23 | 000,000,217 | ---- | M] () -- C:\WINDOWS\WIN2DO.INI
[2010/05/14 21:50:25 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Dataprivacy.xml
[2010/05/14 21:49:41 | 000,272,372 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/05/14 21:49:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/14 21:49:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/14 06:18:05 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\DigitalDave\NTUSER.DAT
[2010/05/14 06:17:57 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
[2010/05/13 22:12:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/13 01:13:52 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DigitalDave\Desktop\OTL.exe
[2010/05/12 00:40:12 | 000,025,374 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100512_003943.reg
[2010/05/12 00:34:51 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Data\inst.exe
[2010/05/12 00:34:50 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Data\pcouffin.cat
[2010/05/12 00:34:49 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\DigitalDave\Application Data\pcouffin.sys
[2010/05/12 00:34:49 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Data\pcouffin.inf
[2010/05/06 10:45:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/02 02:48:08 | 000,004,196 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\Document.rtf
[2010/05/02 00:59:39 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Desktop\HijackThis.lnk
[2010/05/01 22:59:35 | 000,355,430 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\GLOCK_en.pdf
[2010/04/30 01:42:10 | 000,000,519 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/30 01:42:10 | 000,000,271 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/30 01:42:10 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 20:50:59 | 000,177,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/25 23:47:53 | 000,037,136 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/24 11:26:18 | 000,000,916 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100424_112614.reg
[2010/04/22 22:33:20 | 000,010,512 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100422_223304.reg
[2010/04/17 16:47:57 | 000,391,944 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/14 21:05:12 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/10 23:50:12 | 000,010,680 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100410_234945.reg
[2010/04/09 21:53:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\DigitalDave\ntuser.ini
[2010/04/09 00:21:14 | 000,015,329 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\Messages from the Stars (Celebrities).eml
[2010/04/08 01:52:59 | 004,614,113 | ---- | M] (LIGHTNING UK!) -- C:\SetupImgBurn_2.5.1.0.exe
[2010/04/04 02:32:45 | 000,488,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/04 02:32:45 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/04 02:32:45 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/04 00:34:45 | 000,004,964 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100404_003441.reg
[2010/04/01 23:36:48 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2010/04/01 23:33:50 | 000,291,352 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2010/03/27 02:03:11 | 000,021,504 | ---- | M] () -- C:\WINDOWS\jestertb.dll
[2010/03/20 00:50:36 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\event_log_3_19_10.evt
[2010/03/15 01:05:07 | 000,304,585 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Desktop\daves.WAB
[2010/03/13 02:44:49 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100313_014444.reg
[2010/03/11 03:41:57 | 002,207,744 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Desktop\Diag504fCD.iso
[2010/03/06 17:06:41 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Desktop\Shortcut to Polaroid_Camera_t1035 Manual.lnk
[2010/02/26 23:48:13 | 000,027,528 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100226_224805.reg
[2010/02/26 14:12:36 | 001,648,902 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Desktop\RC Northampton break-in loss report - 2-25-2010.jpg
[2010/02/25 02:01:18 | 000,094,763 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Desktop\Armed Resistance to Crime.htm
[2010/02/24 10:15:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/02/24 10:15:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords.dat
[2010/02/24 10:15:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/02/24 10:15:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_sign.slf
[2010/02/24 10:15:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/02/24 10:15:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/02/24 10:15:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/02/24 10:15:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/02/24 10:15:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_news.dat
[2010/02/24 10:15:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_im.dat
[2010/02/24 10:15:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/02/24 10:15:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_video.dat
[2010/02/24 10:15:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/02/24 10:15:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/02/24 10:15:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/02/24 10:15:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/02/24 10:15:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/02/24 10:15:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_games.dat
[2010/02/24 10:15:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/02/24 10:15:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/02/24 03:27:17 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application DataProductTweaks.xml
[2010/02/24 03:27:17 | 000,000,385 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Datauser_gensett.xml
[2010/02/24 02:33:12 | 000,885,183 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\stop0584.pdf
[2010/02/24 01:40:48 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys
[2010/02/24 01:40:47 | 000,106,464 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdhv.sys
[2010/02/24 00:18:52 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2010/01/30 23:31:34 | 000,000,300 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2010/01/07 02:31:28 | 000,000,522 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100107_013124.reg
[2010/01/07 02:30:40 | 000,051,726 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100107_013026.reg
[2010/01/07 02:11:31 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\DigitalDave\.rnd
[2010/01/07 01:42:10 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/07 01:40:53 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Data\default.pls
[2010/01/06 03:38:04 | 000,104,221 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\An-Expert-Explains-the-Flu-Vaccine-Deception-and-the-Swine-Flu-Hoax.aspx.htm
[2010/01/01 22:24:09 | 000,018,340 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100101_212403.reg
[2010/01/01 21:22:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Irremote.ini
[2010/01/01 18:51:54 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/12/23 11:17:43 | 3988,623,359 | ---- | M] () -- C:\GODFATHER_III.ISO
[2009/12/23 11:17:43 | 000,008,426 | ---- | M] () -- C:\GODFATHER_III.MDS
[2009/12/14 04:47:53 | 000,010,500 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20091214_034747.reg
[2009/12/06 21:50:00 | 000,000,413 | ---- | M] () -- C:\Shortcut to My Documents.lnk
[2009/12/06 18:11:45 | 000,008,628 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20091206_171139.reg
[2009/12/05 05:09:21 | 005,337,476 | -H-- | M] () -- C:\Documents and Settings\DigitalDave\Local Settings\Application Data\IconCache.db
[2009/12/03 00:23:12 | 000,072,774 | ---- | M] (Jordan Russell) -- C:\WINDOWS\unins000.exe
[2009/12/03 00:23:12 | 000,001,057 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2009/12/02 21:52:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/02 21:52:36 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/11/20 22:34:54 | 002,293,286 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2009/11/20 22:34:54 | 000,069,632 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2009/11/20 22:34:54 | 000,025,699 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2009/11/20 22:34:54 | 000,008,743 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2009/11/20 21:32:00 | 000,064,882 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/11/18 02:12:20 | 000,070,058 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20091118_011013.reg
[2009/08/16 17:20:49 | 000,103,107 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\DriveCheck-Windows Instructions.pdf
[2009/08/07 21:31:47 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/08/06 19:24:18 | 000,327,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2009/08/06 19:24:18 | 000,327,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2009/08/06 19:24:18 | 000,209,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2009/08/06 19:24:18 | 000,021,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2009/08/06 19:24:12 | 000,015,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2009/08/06 19:24:10 | 000,217,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2009/08/06 19:24:10 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2009/08/06 19:24:10 | 000,035,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2009/08/06 19:24:10 | 000,035,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2009/08/06 19:24:06 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2009/08/06 19:24:06 | 000,015,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009/08/06 19:24:04 | 000,096,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2009/08/06 19:24:04 | 000,096,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2009/08/06 19:24:00 | 000,017,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2009/08/06 19:23:54 | 000,575,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2009/08/06 19:23:54 | 000,575,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2009/08/06 19:23:46 | 001,929,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2009/08/06 19:23:46 | 000,274,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/08/06 19:23:46 | 000,016,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/07/31 00:57:32 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/07/16 00:08:15 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Start Menu\Programs\Startup\Shortcut to WIN2DO.lnk
[2009/07/06 01:20:16 | 000,952,125 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\
[2009/07/04 15:29:13 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Desktop\Disc Copier.lnk
[2009/07/04 15:27:47 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\BurnData.bin
[2009/07/02 23:02:10 | 000,323,899 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\bit_ddefendere_log_7_2_2009.xml
[2009/07/02 20:25:15 | 000,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2009/07/02 20:25:15 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/07/02 02:20:02 | 000,000,165 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2009/06/30 22:27:38 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\AutoPartNt.let
[2009/06/30 02:10:40 | 000,000,012 | ---- | M] () -- C:\WINDOWS\WinInit.INI
[2009/06/30 01:33:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/06/30 00:53:46 | 000,000,419 | ---- | M] () -- C:\WINDOWS\MAXLINK.INI
[2009/06/29 03:58:21 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2009/06/29 03:58:21 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/06/29 02:53:46 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2009/06/29 02:50:03 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2009/06/29 02:40:52 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/06/29 02:37:57 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/06/29 02:37:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/06/29 02:37:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/29 02:37:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2009/06/29 02:37:57 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/06/29 02:37:57 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/06/29 02:37:53 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/06/29 02:37:53 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/06/29 02:37:51 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2009/06/29 02:37:44 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/29 02:36:41 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/06/29 02:36:41 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/06/29 02:36:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/06/29 02:36:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/06/29 02:36:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/06/29 02:36:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/06/29 02:36:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/06/29 02:36:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/06/29 02:34:34 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/29 02:34:24 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/06/29 02:34:24 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/12 00:39:54 | 000,025,374 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100512_003943.reg
[2010/05/02 02:48:08 | 000,004,196 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\Document.rtf
[2010/05/02 00:59:38 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Desktop\HijackThis.lnk
[2010/05/01 22:59:34 | 000,355,430 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\GLOCK_en.pdf
[2010/04/24 11:26:16 | 000,000,916 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100424_112614.reg
[2010/04/22 22:33:09 | 000,010,512 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100422_223304.reg
[2010/04/10 23:50:04 | 000,010,680 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100410_234945.reg
[2010/04/09 00:21:13 | 000,015,329 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\Messages from the Stars (Celebrities).eml
[2010/04/04 04:34:31 | 000,102,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/04 00:34:44 | 000,004,964 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100404_003441.reg
[2010/03/27 02:21:19 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/27 02:03:11 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/03/23 01:49:48 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2010/03/20 00:50:36 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\event_log_3_19_10.evt
[2010/03/13 02:44:47 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100313_014444.reg
[2010/03/11 03:41:55 | 002,207,744 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Desktop\Diag504fCD.iso
[2010/03/06 17:06:41 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Desktop\Shortcut to Polaroid_Camera_t1035 Manual.lnk
[2010/03/05 10:21:05 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Application Dataprivacy.xml
[2010/02/26 23:48:08 | 000,027,528 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100226_224805.reg
[2010/02/26 14:12:33 | 001,648,902 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Desktop\RC Northampton break-in loss report - 2-25-2010.jpg
[2010/02/25 02:01:10 | 000,094,763 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Desktop\Armed Resistance to Crime.htm
[2010/02/24 10:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/02/24 10:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2010/02/24 10:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/02/24 10:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_sign.slf
[2010/02/24 10:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/02/24 10:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/02/24 10:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/02/24 10:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/02/24 10:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2010/02/24 10:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2010/02/24 10:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/02/24 10:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2010/02/24 10:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/02/24 10:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/02/24 10:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/02/24 10:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/02/24 10:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/02/24 10:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2010/02/24 10:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/02/24 10:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/02/24 03:27:17 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Application DataProductTweaks.xml
[2010/02/24 03:27:17 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Application Datauser_gensett.xml
[2010/02/24 02:33:12 | 000,885,183 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\stop0584.pdf
[2010/02/24 01:41:12 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\ashttpstats.csv
[2010/01/07 02:31:26 | 000,000,522 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100107_013124.reg
[2010/01/07 02:30:31 | 000,051,726 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100107_013026.reg
[2010/01/06 03:38:00 | 000,104,221 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\An-Expert-Explains-the-Flu-Vaccine-Deception-and-the-Swine-Flu-Hoax.aspx.htm
[2010/01/03 01:53:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/01 22:24:06 | 000,018,340 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100101_212403.reg
[2010/01/01 21:22:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/12/14 04:47:49 | 000,010,500 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20091214_034747.reg
[2009/12/06 18:11:42 | 000,008,628 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20091206_171139.reg
[2009/12/03 00:23:11 | 000,001,057 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2009/11/18 02:10:16 | 000,070,058 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20091118_011013.reg
[2009/09/15 00:37:15 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\
[2009/09/15 00:36:55 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\
[2009/09/11 03:19:12 | 000,304,585 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Desktop\daves.WAB
[2009/08/16 17:20:49 | 000,103,107 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\DriveCheck-Windows Instructions.pdf
[2009/08/07 21:31:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/16 00:08:15 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Start Menu\Programs\Startup\Shortcut to WIN2DO.lnk
[2009/07/13 22:14:00 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/07/06 01:20:15 | 000,952,125 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\
[2009/07/04 15:29:13 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\DigitalDave\Desktop\Disc Copier.lnk
[2009/07/02 23:02:10 | 000,323,899 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\bit_ddefendere_log_7_2_2009.xml
[2009/07/02 20:25:15 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/07/01 01:45:21 | 000,000,217 | ---- | C] () -- C:\WINDOWS\WIN2DO.INI
[2009/06/30 02:30:58 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/06/30 02:10:40 | 000,000,012 | ---- | C] () -- C:\WINDOWS\WinInit.INI
[2009/06/30 01:33:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/30 00:53:46 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/06/29 04:03:58 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2009/06/29 04:02:59 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax
[2009/06/29 04:02:59 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbicodec.ax
[2009/06/29 04:02:58 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax
[2009/06/29 04:02:49 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2009/06/29 02:50:03 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/06/29 02:40:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/29 02:37:53 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2009/06/29 02:37:51 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2009/06/29 02:36:41 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/06/29 02:36:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/06/29 02:36:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/06/29 02:36:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/06/29 02:35:38 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2009/06/29 02:35:37 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2009/06/29 02:33:45 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2009/06/29 02:33:45 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/06/29 02:33:45 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/06/29 02:33:45 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/06/29 02:33:45 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/06/29 02:33:45 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/06/29 02:33:45 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2009/06/29 02:33:45 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2009/06/29 02:33:45 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2009/06/29 02:33:45 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2009/06/29 02:33:45 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2009/06/29 02:33:44 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2009/06/29 02:33:44 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2009/06/29 02:33:41 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2009/06/29 02:33:41 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2009/06/29 02:33:27 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/09/18 00:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2001/08/23 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2009/06/30 01:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/02/24 00:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/06/30 00:47:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/07/03 02:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2010/01/08 02:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/01/01 19:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/05/05 00:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/06/30 00:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/12/15 21:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/03/27 02:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/09 01:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\.BitTornado
[2010/02/24 00:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\BitDefender
[2010/02/26 14:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\Canon
[2009/12/06 12:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/23 21:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\DVDFab
[2010/04/14 21:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\foobar2000
[2010/04/25 02:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\GARMIN
[2009/07/01 01:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\Genie-Soft
[2010/04/08 01:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\ImgBurn
[2009/07/04 12:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\InterVideo
[2010/05/05 23:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\RipIt4Me
[2009/06/30 00:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\ScanSoft
[2009/12/02 23:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\SystemRequirementsLab
[2010/05/12 00:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\Vso

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/04/08 01:52:59 | 004,614,113 | ---- | M] (LIGHTNING UK!) -- C:\SetupImgBurn_2.5.1.0.exe


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS
[2001/08/17 09:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2001/08/23 08:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2009/06/25 16:04:32 | 000,001,536 | ---- | M] () MD5=8D4CD834292293F4055BAC313268E2DE -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
[2001/08/23 08:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IDECHNDR.SYS >
[2002/10/15 01:00:00 | 000,101,431 | ---- | M] (Intel Corporation) MD5=7D2B8BE9E89628663C1FB571F7C34062 -- C:\Program Files\Intel\Intel Application Accelerator\Driver\IdeChnDr.sys
[2002/10/15 01:00:00 | 000,101,431 | ---- | M] (Intel Corporation) MD5=7D2B8BE9E89628663C1FB571F7C34062 -- C:\WINDOWS\system32\drivers\IdeChnDr.sys

< MD5 for: NETLOGON.DLL >
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
[2001/08/23 08:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2001/08/23 08:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >

< CREATERESTOREPOINT >

< >
< End of report >
 
Joined
Apr 25, 2010
Messages
77
Hi,

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.
 

digitaldave55

Thread Starter
Joined
May 1, 2010
Messages
11
Hi Tom,
Thank you for taking the time to help with my problem.
I had turned of my anti virus (Bitdefender) and rebooted, but it appears the drivers are still loading.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-23 16:38:25
Windows 5.1.2600 Service Pack 2
Running: 6vjgci8c.exe; Driver: C:\DOCUME~1\DIGITA~1\LOCALS~1\Temp\kfrcyaob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

---- EOF - GMER 1.0.15 ----
 

digitaldave55

Thread Starter
Joined
May 1, 2010
Messages
11
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-23 21:04:06
Windows 5.1.2600 Service Pack 2
Running: 6vjgci8c.exe; Driver: C:\DOCUME~1\DIGITA~1\LOCALS~1\Temp\kfrcyaob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwAllocateVirtualMemory [0xB8083AE4]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwAssignProcessToJobObject [0xB8083E4E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwConnectPort [0xB808513E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateFile [0xB8084868]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateKey [0xB80855C6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateProcess [0xB8083F98]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateProcessEx [0xB808401A]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateSection [0xB808468C]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateThread [0xB80836E6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwDeviceIoControlFile [0xB80856C6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwDuplicateObject [0xB80882F4]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwFsControlFile [0xB8085804]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwLoadDriver [0xB808625C]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenFile [0xB808477C]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenProcess [0xB8088046]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenSection [0xB80845AC]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenThread [0xB8088174]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwProtectVirtualMemory [0xB80839E2]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwQueueApcThread [0xB8083EF0]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwReplaceKey [0xB8085DBE]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRequestPort [0xB80851CE]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRequestWaitReplyPort [0xB8084F6A]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRestoreKey [0xB8085E2E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSecureConnectPort [0xB8085374]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetContextThread [0xB80837D6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetSecurityObject [0xB8085D4E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetSystemInformation [0xB8083BE8]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSuspendProcess [0xB8083944]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSuspendThread [0xB80838A6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSystemDebugControl [0xB8083DAC]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwTerminateProcess [0xB8087FB6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwTerminateThread [0xB8088402]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwWriteVirtualMemory [0xB80835E4]

INT 0x34 ? FEB7E044

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 114 804E2770 1 Byte [8C]
.text ntoskrnl.exe!_abnormal_termination + 40C 804E2A68 4 Bytes CALL A80632A8
.text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [44, 39, 08, B8, A6, 38, 08, ...]
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF348F380, 0x5414D5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3808] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [012F2070] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
IAT C:\WINDOWS\Explorer.EXE[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [012F20B0] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
IAT C:\WINDOWS\Explorer.EXE[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [012F2030] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
IAT C:\WINDOWS\Explorer.EXE[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [012F2000] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
IAT C:\WINDOWS\Explorer.EXE[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [012F4C50] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
Joined
Apr 25, 2010
Messages
77
Hi,


Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to <schrauber> before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
 

digitaldave55

Thread Starter
Joined
May 1, 2010
Messages
11
ComboFix 10-05-24.03 - DigitalDave 05/25/2010 2:06.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.170 [GMT -4:00]
Running from: c:\downloads\schrauber.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\DigitalDave\Application Data\inst.exe
c:\windows\jestertb.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 )))))))))))))))))))))))))))))))
.

2010-05-25 03:21 . 2004-08-04 04:56 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-05-24 00:50 . 2010-05-24 00:54 -------- d-----w- c:\program files\QuickTime
2010-05-21 03:20 . 2010-05-21 03:20 -------- d-----w- C:\DVD_VIDEO
2010-05-21 02:24 . 2010-05-21 02:14 293376 ----a-w- C:\6vjgci8c.exe
2010-05-21 01:09 . 2010-05-21 01:25 -------- d-----w- C:\DVD_VIDEO_SPANGLISH
2010-05-20 05:47 . 2010-05-20 07:29 -------- d-----w- C:\PANGLISH_VIDEO
2010-05-19 03:38 . 2006-11-01 17:07 334720 ----a-w- C:\RootkitRevealer.exe
2010-05-02 04:59 . 2010-05-02 04:59 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 04:45 . 2010-04-17 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-21 01:25 . 2009-07-04 04:50 -------- d-----w- c:\documents and settings\DigitalDave\Application Data\RipIt4Me
2010-05-21 00:52 . 2009-07-04 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-05-19 02:36 . 2010-04-24 05:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-12 04:34 . 2009-07-04 06:14 -------- d-----w- c:\documents and settings\DigitalDave\Application Data\Vso
2010-05-12 04:34 . 2009-07-04 06:14 47360 ----a-w- c:\documents and settings\DigitalDave\Application Data\pcouffin.sys
2010-05-12 04:34 . 2009-07-04 06:14 47360 ----a-w- c:\documents and settings\DigitalDave\Application Data\pcouffin.sys
2010-05-05 04:44 . 2009-07-04 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Napster
2010-05-05 04:43 . 2009-07-04 17:04 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-05-05 04:36 . 2010-03-27 06:18 -------- d-----w- c:\program files\Common Files\Apple
2010-04-29 19:39 . 2010-04-24 05:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-04-24 05:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 03:47 . 2009-06-29 08:11 37136 ----a-w- c:\documents and settings\DigitalDave\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-26 03:09 . 2009-07-05 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-25 06:00 . 2009-07-20 05:03 -------- d-----w- c:\documents and settings\DigitalDave\Application Data\GARMIN
2010-04-24 14:43 . 2010-04-10 22:35 -------- d-----w- c:\program files\XPRepairPro2006
2010-04-24 05:45 . 2010-04-24 05:45 -------- d-----w- c:\documents and settings\DigitalDave\Application Data\Malwarebytes
2010-04-24 05:44 . 2010-04-24 05:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-21 05:34 . 2009-07-20 05:30 -------- d-----w- c:\program files\Garmin
2010-04-17 04:44 . 2010-04-17 04:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-15 07:27 . 2010-04-04 08:34 102272 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-15 01:14 . 2010-04-08 05:40 -------- d-----w- c:\documents and settings\DigitalDave\Application Data\foobar2000
2010-04-08 05:58 . 2010-04-08 05:47 -------- d-----w- c:\program files\ImgBurn
2010-04-08 05:54 . 2010-04-08 05:54 -------- d-----w- c:\documents and settings\DigitalDave\Application Data\ImgBurn
2010-04-08 05:52 . 2010-04-08 05:52 4614113 ----a-w- C:\SetupImgBurn_2.5.1.0.exe
2010-04-08 05:40 . 2010-04-08 05:39 -------- d-----w- c:\program files\foobar2000
2010-04-04 07:56 . 2009-06-30 06:31 -------- d-----w- c:\documents and settings\DigitalDave\Application Data\Intuit
2010-04-04 07:33 . 2009-06-30 06:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2010-04-04 07:30 . 2009-06-30 06:31 -------- d-----w- c:\program files\Common Files\Intuit
2010-04-04 07:29 . 2010-04-04 07:29 -------- d-----w- c:\program files\TurboTax
2010-04-04 05:55 . 2010-04-04 05:55 -------- d-----w- c:\program files\MSBuild
2010-04-04 05:55 . 2010-04-04 05:55 -------- d-----w- c:\program files\Reference Assemblies
2010-04-04 05:43 . 2010-04-04 05:43 -------- d-----w- c:\program files\MSXML 6.0
2010-04-04 04:43 . 2009-07-04 05:25 -------- d-----w- c:\program files\CCleaner
2010-04-02 03:33 . 2009-07-24 16:26 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2010-03-27 20:10 . 2010-03-27 06:30 -------- d-----w- c:\documents and settings\DigitalDave\Application Data\Apple Computer
2010-03-27 06:29 . 2010-03-27 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-27 06:29 . 2010-03-27 06:24 -------- d-----w- c:\program files\iTunes
2010-03-27 06:26 . 2010-03-27 06:26 -------- d-----w- c:\program files\iPod
2010-03-27 06:24 . 2010-03-27 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-03-27 06:21 . 2010-03-27 06:21 -------- d-----w- c:\program files\Apple Software Update
2010-03-27 06:18 . 2010-03-27 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-14 23:15 . 2010-03-14 23:15 6725632 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181625-18178.dll
2010-03-14 23:15 . 2009-07-02 06:16 245760 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-02-26 10:06 . 2010-02-26 10:06 348160 ------w- c:\documents and settings\DigitalDave\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5d19de7b-n\msvcr71.dll
2010-02-26 10:06 . 2010-02-26 10:06 503808 ------w- c:\documents and settings\DigitalDave\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5d19de7b-n\msvcp71.dll
2010-02-26 10:06 . 2010-02-26 10:06 61440 ------w- c:\documents and settings\DigitalDave\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7d6f0494-n\decora-sse.dll
2010-02-26 10:06 . 2010-02-26 10:06 499712 ------w- c:\documents and settings\DigitalDave\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5d19de7b-n\jmc.dll
2010-02-26 10:06 . 2010-02-26 10:06 12800 ------w- c:\documents and settings\DigitalDave\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7d6f0494-n\decora-d3d.dll
2003-08-27 18:19 . 2009-07-04 17:23 36963 ------w- c:\program files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-02 1123360]

c:\documents and settings\DigitalDave\Start Menu\Programs\Startup\
Shortcut to WIN2DO.lnk - c:\program files\WIN_2_DO\WIN2DO.EXE [2009-7-15 131664]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2006-10-17 01:13 87584 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2006-10-17 01:17 1941784 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2006-03-22 01:30 1191936 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 22:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-11-21 01:32 110184 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-03-21 17:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
2005-11-29 17:22 1544099 ----a-w- c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2004-01-27 21:39 1179648 ----a-w- c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
2003-08-27 18:20 94208 ----a-r- c:\windows\SM1bg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-30 04:14 155648 ------w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TraySantaCruz]
2000-07-26 17:46 221184 ----a-w- c:\windows\system32\tbctray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2006-10-17 01:12 1164912 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AcrSch2Svc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"LightScribeService"=2 (0x2)
"IntuitUpdateService"=2 (0x2)
"idsvc"=3 (0x3)
"VSSERV"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [12/7/2009 7:46 PM 153448]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [6/30/2009 2:10 AM 158352]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [6/30/2009 2:10 AM 457472]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - UPNPHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 19:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
Trusted Zone: intuit.com\ttlc
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\
FF - prefs.js: browser.search.selectedEngine - Webster
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff2.dll
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.6.dll
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.dll
FF - plugin: c:\documents and settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-InCD - c:\program files\Nero\Nero8\InCD\InCD.exe
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-SecurDisc - c:\program files\Nero\Nero8\InCD\NBHGui.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-25 02:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(808)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-05-25 02:24:01
ComboFix-quarantined-files.txt 2010-05-25 06:23

Pre-Run: 25,619,726,336 bytes free
Post-Run: 25,685,729,280 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 8407250E199277700C44AAD3BE25617F
 
Joined
Apr 25, 2010
Messages
77
Hi :)

Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile.

Also please open OTL, set the extra registry tab to use safe list and hit the run scan button, post back with the 2 logfiles.


How is it running?
 

digitaldave55

Thread Starter
Joined
May 1, 2010
Messages
11
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4150

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/27/2010 10:51:14 PM
mbam-log-2010-05-27 (22-51-14).txt

Scan type: Quick scan
Objects scanned: 129782
Time elapsed: 15 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

digitaldave55

Thread Starter
Joined
May 1, 2010
Messages
11
OTL logfile created on: 5/27/2010 11:07:10 PM - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 186.00 Mb Available Physical Memory | 36.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 11.03 Gb Free Space | 8.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 74.52 Gb Total Space | 4.64 Gb Free Space | 6.23% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 104.89 Gb Total Space | 2.86 Gb Free Space | 2.73% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: ROAD-RUNNER
Current User Name: DigitalDave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/13 01:13:52 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\OTL.exe
PRC - [2010/05/04 23:22:20 | 001,615,688 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2010/04/02 18:54:14 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 23:34:56 | 001,123,360 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2010/04/01 23:33:38 | 001,091,984 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2010/01/11 14:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/04/17 14:17:40 | 001,349,912 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 00:56:56 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe


========== Modules (SafeList) ==========

MOD - [2010/05/13 01:13:52 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\OTL.exe
MOD - [2004/08/04 00:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (RIWQBFBC)
SRV - [2010/05/04 23:22:20 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV - [2010/04/01 23:33:39 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2010/01/11 14:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/11/06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/10/19 17:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/04/17 14:17:40 | 001,349,912 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006/10/16 21:13:28 | 000,230,944 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - [2010/05/04 23:22:25 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2010/05/04 23:22:24 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/04/01 23:33:50 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/02/24 01:40:51 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2010/02/24 01:40:51 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2010/02/24 01:40:48 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2009/11/20 22:34:54 | 010,235,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/06/29 02:59:42 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/06/29 02:59:42 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/06/29 02:59:38 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\snapman.sys -- (snapman)
DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/01/27 17:40:26 | 000,284,928 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/01/27 17:39:56 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2004/01/27 17:34:56 | 000,140,416 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/01/27 17:34:46 | 000,043,008 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/01/27 17:32:00 | 000,024,576 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/01/27 17:29:44 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2004/01/27 17:29:40 | 000,197,632 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2004/01/27 17:16:38 | 000,117,248 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2002/10/15 01:00:00 | 000,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(R)
DRV - [2002/10/15 01:00:00 | 000,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2001/08/17 09:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 08:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2000/07/26 14:04:38 | 000,457,472 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbcwdm.sys -- (tbcwdm)
DRV - [2000/07/26 14:04:34 | 000,158,352 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbcspud.sys -- (tbcspud)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Webster"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.77
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/04/02 17:06:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/23 20:54:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/23 21:01:42 | 000,000,000 | ---D | M]

[2009/06/30 01:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Extensions
[2010/05/27 22:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\extensions
[2010/05/18 23:21:18 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/12/06 17:44:52 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/04/08 01:58:47 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\searchplugins\askcom.xml
[2009/07/15 01:22:35 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Data\Mozilla\Firefox\Profiles\1hkaadbs.default\searchplugins\webster.xml
[2010/05/27 22:32:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/25 02:14:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\DigitalDave\Start Menu\Programs\Startup\Shortcut to WIN2DO.lnk = C:\Program Files\WIN_2_DO\WIN2DO.EXE (Softdisk, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252121219177 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\DigitalDave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DigitalDave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/29 02:37:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/26 22:24:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/25 02:04:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/25 01:50:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/25 01:50:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/25 01:50:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/25 01:50:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/25 01:50:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/25 01:48:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/24 00:43:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\DigitalDave\Recent
[2010/05/23 20:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/22 15:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\Computer Tech
[2010/05/20 23:20:45 | 000,000,000 | ---D | C] -- C:\DVD_VIDEO
[2010/05/20 21:09:27 | 000,000,000 | ---D | C] -- C:\DVD_VIDEO_SPANGLISH
[2010/05/20 01:47:51 | 000,000,000 | ---D | C] -- C:\PANGLISH_VIDEO
[2010/05/19 23:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR
[2010/05/18 23:38:32 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\RootkitRevealer.exe
[2010/05/12 21:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\Desktop\RC Warrington 22
[2010/05/12 00:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DigitalDave\My Documents\PcSetup
[2010/05/02 00:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/27 22:21:56 | 000,000,217 | ---- | M] () -- C:\WINDOWS\WIN2DO.INI
[2010/05/27 22:21:19 | 000,272,372 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/05/27 21:20:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/27 21:20:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/27 21:20:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/27 02:33:28 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
[2010/05/27 02:33:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\DigitalDave\ntuser.ini
[2010/05/27 02:33:12 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\DigitalDave\NTUSER.DAT
[2010/05/27 00:05:33 | 029,076,924 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Local Settings\Application Data\imageCache7.db
[2010/05/26 09:58:06 | 386,420,735 | ---- | M] () -- C:\THE_BRAVE_ONE.ISO
[2010/05/26 09:10:26 | 386,527,231 | ---- | M] () -- C:\HEARTBREAK_KID_AC_169.ISO
[2010/05/26 01:27:29 | 386,504,703 | ---- | M] () -- C:\NOTHING_LIKE_THE_HOLIDAYS.ISO
[2010/05/25 23:55:08 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/25 23:09:23 | 000,000,519 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/25 23:09:23 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/25 23:09:23 | 000,000,271 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/25 02:14:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/24 23:22:16 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/05/24 22:39:12 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/05/23 21:25:30 | 000,004,658 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100523_212524.reg
[2010/05/20 22:14:34 | 000,293,376 | ---- | M] () -- C:\6vjgci8c.exe
[2010/05/20 20:59:45 | 3753,936,896 | ---- | M] () -- C:\THE_HANGOVER_EXTENDED_CUT.ISO
[2010/05/14 21:50:25 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Dataprivacy.xml
[2010/05/12 00:40:12 | 000,025,374 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100512_003943.reg
[2010/05/12 00:34:50 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Data\pcouffin.cat
[2010/05/12 00:34:49 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\DigitalDave\Application Data\pcouffin.sys
[2010/05/12 00:34:49 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\DigitalDave\Application Data\pcouffin.inf
[2010/05/06 10:45:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/02 02:48:08 | 000,004,196 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\Document.rtf
[2010/05/01 22:59:35 | 000,355,430 | ---- | M] () -- C:\Documents and Settings\DigitalDave\My Documents\GLOCK_en.pdf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/26 09:22:07 | 386,420,735 | ---- | C] () -- C:\THE_BRAVE_ONE.ISO
[2010/05/26 08:20:28 | 386,527,231 | ---- | C] () -- C:\HEARTBREAK_KID_AC_169.ISO
[2010/05/26 00:53:05 | 386,504,703 | ---- | C] () -- C:\NOTHING_LIKE_THE_HOLIDAYS.ISO
[2010/05/25 23:55:08 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/25 02:04:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/25 02:04:35 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/25 01:50:28 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/25 01:50:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/25 01:50:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/25 01:50:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/25 01:50:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/23 21:25:28 | 000,004,658 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100523_212524.reg
[2010/05/20 22:24:25 | 000,293,376 | ---- | C] () -- C:\6vjgci8c.exe
[2010/05/20 20:53:09 | 3753,936,896 | ---- | C] () -- C:\THE_HANGOVER_EXTENDED_CUT.ISO
[2010/05/18 23:38:32 | 000,102,160 | ---- | C] () -- C:\RootkitRevealer.chm
[2010/05/12 00:39:54 | 000,025,374 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\cc_20100512_003943.reg
[2010/05/02 02:48:08 | 000,004,196 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\Document.rtf
[2010/05/01 22:59:34 | 000,355,430 | ---- | C] () -- C:\Documents and Settings\DigitalDave\My Documents\GLOCK_en.pdf
[2010/01/03 01:53:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/01 21:22:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/08/07 21:31:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/13 22:14:00 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/07/01 01:45:21 | 000,000,217 | ---- | C] () -- C:\WINDOWS\WIN2DO.INI
[2009/06/30 02:30:58 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/06/30 02:10:40 | 000,000,012 | ---- | C] () -- C:\WINDOWS\WinInit.INI
[2009/06/30 00:53:46 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/06/29 04:02:49 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/09/18 00:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2001/08/23 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
< End of report >
 

digitaldave55

Thread Starter
Joined
May 1, 2010
Messages
11
Tom,
In response to your question: How is it running?
It is much better, but can still have spurts of heavy HD activity without my input. I am beginning to believe the OS has a lot of garbage in it. I have used CC cleaner for several years and it does a good job of cleaning the registry, but there are some programs, like windows update that doesn't seem to quit...by that I mean it is always looking to update, and I do not patch everything they suggest. I know more memory would help, but for the type I need it would cost me about $80 - $100 to get to a gig.
I will wait for your response on the last set of logs.
Thank You.
 
Joined
Apr 25, 2010
Messages
77
it would cost me about $80 - $100 to get to a gig.
:eek:

What kind or RAM do you need?

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean





Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic




Please open OTL, set the extra registry tab to use safe list and hit the run scan button, post back with the 2 logfiles.
 

digitaldave55

Thread Starter
Joined
May 1, 2010
Messages
11
RIMM - would need 4 256's to make a gig. Machine has 4 slots....2 - 256's now. I tried e-bay for over a month & gave up....always started low & ended up around $80.
(supply & demand.....low supply & high demand for ram not being manufactured)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top