Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Firefox and Windows errors

Started by TerasMinus , Dec 10 2010 11:37 PM

  • This topic is locked This topic is locked

#1
TerasMinus
Posted 10 December 2010 - 11:37 PM

TerasMinus

    Member

  • Member
  • PipPip
  • 51 posts
Within the past month, this computer has had many viruses and malware on it, the most recent one I can actually name being Antivirus Action. After getting rid of that one, I started getting run dll issues, which I assume resulted from the removal of said malware. With the exception of the run dll error messages popping up every time Windows starts up (We use Vista, if that helps), it was working fine. After that, I started using a friend of mine's laptop, and my friend's brother and his friends began using this computer for a week. Recently, said friend of a friend took her laptop back, and I started using this computer again, and I noticed many error messages popping up, one really annoying one concerning "host process" keeps popping up, along with the run dll messages. The computer on occasion also gets BSODs at random times. To make matters worse, Firefox keeps opening new tabs at random, redirecting said tabs to random sites, and when using Google, it keeps redirecting those pages to other sites as well. I also was told last night, while my friend was filling out applications, that it will also redirect the current tab to random sites, completely negating anything that was done on the previous page. I can supply screen shots of the run dll and host process errors if need be. Obviously, the BSOD error is a bit more difficult for me to be exact about, and it hasn't happened in the past day. Nonetheless, I still feel as though its a hidden problem waiting to happen again.

OTL logfile created on: 12/11/2010 12:07:43 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\ronald\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.46 Gb Total Space | 41.98 Gb Free Space | 14.65% Space Free | Partition Type: NTFS
Drive D: | 11.63 Gb Total Space | 1.59 Gb Free Space | 13.64% Space Free | Partition Type: NTFS

Computer Name: MIKEY-PC | User Name: ronald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/11 00:06:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ronald\Desktop\OTL.exe
PRC - [2010/12/10 23:23:25 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/10 23:23:20 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/18 19:01:00 | 000,042,920 | ---- | M] () -- C:\Program Files\Raptr\raptr_im.exe
PRC - [2010/11/18 19:00:58 | 000,058,792 | ---- | M] () -- C:\Program Files\Raptr\raptr.exe
PRC - [2010/10/17 17:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/11/12 17:34:30 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/09/02 13:29:12 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/26 10:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 10:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/06/13 14:26:54 | 002,498,560 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/04/13 10:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/12/11 00:06:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ronald\Desktop\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2008/07/26 10:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\Temp\logishrd\LVPrcInj01.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/08 20:58:13 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/10/17 17:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/24 11:43:00 | 003,461,116 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/09/02 13:29:12 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/08/22 02:33:12 | 000,312,568 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/26 10:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 10:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/13 10:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2005/11/14 03:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva370.sys -- (XDva370)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva344.sys -- (XDva344)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva295.sys -- (XDva295)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ronald\AppData\Local\Temp\PCD65X2.sys -- (PCD65X2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010/10/17 17:42:34 | 000,124,648 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/04/24 17:32:57 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nocashio.sys -- (nocashio)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/08/15 01:31:51 | 000,120,320 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV65.sys -- (SSHDRV65)
DRV - [2009/08/04 00:30:56 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/07/03 09:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/22 09:58:24 | 000,022,016 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ndisrd.sys -- (NdisrdMP)
DRV - [2009/06/22 09:58:24 | 000,022,016 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ndisrd.sys -- (Ndisrd)
DRV - [2008/10/21 18:42:54 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/07/19 22:10:37] [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/09/27 01:51:00 | 007,478,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/24 12:31:06 | 002,171,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/09/10 07:48:20 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/09/10 07:47:18 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/09/10 07:46:22 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/09/09 19:58:08 | 000,020,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2008/09/04 06:34:34 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/08/01 07:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/26 10:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 10:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/07/26 10:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/21 11:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/07/21 11:12:22 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 04:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/28 13:58:30 | 000,289,280 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/04/23 09:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\URLSearchHook: {b7380195-94fe-44cd-91a5-06f6d56e202a} - C:\Program Files\iWinstore\tbiWin.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.vlcsearch.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.vlcsearch.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {b7380195-94fe-44cd-91a5-06f6d56e202a} - C:\Program Files\iWinstore\tbiWin.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...romesbox-en-us"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.6
FF - prefs.js..keyword.URL: "http://slirsredirect...b-en-us&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\ProgramData\iWin Games\firefox [2010/10/03 18:40:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 23:23:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 23:23:33 | 000,000,000 | ---D | M]

[2009/07/23 19:16:03 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\mozilla\Extensions
[2010/12/10 23:59:59 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\mozilla\Firefox\Profiles\z2z9jbjt.default\extensions
[2010/12/10 18:20:52 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\ronald\AppData\Roaming\mozilla\Firefox\Profiles\z2z9jbjt.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/12/09 20:52:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ronald\AppData\Roaming\mozilla\Firefox\Profiles\z2z9jbjt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/09 20:52:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\ronald\AppData\Roaming\mozilla\Firefox\Profiles\z2z9jbjt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/07 18:45:47 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\ronald\AppData\Roaming\mozilla\Firefox\Profiles\z2z9jbjt.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/09/14 13:40:22 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\mozilla\Firefox\Profiles\z2z9jbjt.default\extensions\dave2x@download
[2010/12/10 18:20:52 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\mozilla\Firefox\Profiles\z2z9jbjt.default\extensions\staged-xpis
[2010/05/07 17:55:17 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\mozilla\Firefox\Profiles\z2z9jbjt.default\extensions\[email protected]
[2010/11/26 21:01:25 | 000,004,554 | ---- | M] () -- C:\Users\ronald\AppData\Roaming\Mozilla\FireFox\Profiles\z2z9jbjt.default\searchplugins\aim-search.xml
[2009/07/10 16:26:08 | 000,002,257 | ---- | M] () -- C:\Users\ronald\AppData\Roaming\Mozilla\FireFox\Profiles\z2z9jbjt.default\searchplugins\askcom.xml
[2010/11/26 21:01:22 | 000,001,827 | ---- | M] () -- C:\Users\ronald\AppData\Roaming\Mozilla\FireFox\Profiles\z2z9jbjt.default\searchplugins\bing.xml
[2010/12/10 23:59:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/27 15:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll

O1 HOSTS File: ([2010/11/23 15:27:48 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (iWinstore Toolbar) - {b7380195-94fe-44cd-91a5-06f6d56e202a} - C:\Program Files\iWinstore\tbiWin.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (iWinstore Toolbar) - {b7380195-94fe-44cd-91a5-06f6d56e202a} - C:\Program Files\iWinstore\tbiWin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (iWinstore Toolbar) - {B7380195-94FE-44CD-91A5-06F6D56E202A} - C:\Program Files\iWinstore\tbiWin.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Easy Dock] C:\Users\ronald\Documents\RCA easyRip\EZDock.exe (Audiovox Electronics Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemonTool] C:\Windows\System32\PULOAD~1.DLL File not found
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [NvCplDaemonTool] C:\Users\ronald\PULOAD~1.DLL File not found
O4 - HKCU..\Run: [Raptr] C:\Program Files\Raptr\raptrstub.exe ()
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: Go PlaySushi! - {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - File not found
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\ronald\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\ronald\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b48c0445-e948-11df-adf5-002354774bf5}\Shell\AutoRun\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{b48c0445-e948-11df-adf5-002354774bf5}\Shell\install\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{b48c0445-e948-11df-adf5-002354774bf5}\Shell\usermanualEnglish\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{b48c0445-e948-11df-adf5-002354774bf5}\Shell\usermanualFrench\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{b48c0445-e948-11df-adf5-002354774bf5}\Shell\usermanualSpanish\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{d6ac5fa6-c523-11df-b199-002354774bf5}\Shell\AutoRun\command - "" = F:\podcastready.exe -- File not found
O33 - MountPoints2\{e5eb621b-180a-11df-9af7-002354774bf5}\Shell\AutoRun\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e5eb621b-180a-11df-9af7-002354774bf5}\Shell\install\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e5eb621b-180a-11df-9af7-002354774bf5}\Shell\usermanualEnglish\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e5eb621b-180a-11df-9af7-002354774bf5}\Shell\usermanualFrench\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e5eb621b-180a-11df-9af7-002354774bf5}\Shell\usermanualSpanish\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/11 00:06:54 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\ronald\Desktop\OTL.exe
[2010/12/10 17:46:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/09 16:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/12/08 13:52:40 | 000,000,000 | ---D | C] -- C:\Users\ronald\AppData\Roaming\vlc
[2010/12/08 13:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/12/06 13:55:25 | 000,000,000 | ---D | C] -- C:\Users\ronald\AppData\Roaming\Raptr
[2010/12/05 15:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\Raptr
[2010/11/29 20:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Outspark
[2010/11/29 13:02:34 | 000,000,000 | ---D | C] -- C:\Temp
[2010/11/26 21:37:41 | 000,000,000 | R--D | C] -- C:\Sandbox
[2010/11/26 21:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2010/11/26 21:36:22 | 001,812,200 | ---- | C] (SANDBOXIE L.T.D) -- C:\Users\ronald\Documents\SandboxieInstall350.exe
[2010/11/26 21:10:35 | 000,000,000 | ---D | C] -- C:\Users\ronald\AppData\Roaming\uTorrent
[2010/11/26 17:55:35 | 000,000,000 | ---D | C] -- C:\Users\ronald\AppData\Local\Unity
[2010/11/24 13:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/23 14:46:14 | 000,000,000 | ---D | C] -- C:\9636.tmp
[2010/11/23 14:46:12 | 000,000,000 | ---D | C] -- C:\8D12.tmp
[2010/11/23 14:46:07 | 000,000,000 | ---D | C] -- C:\7CEC.tmp
[2010/11/23 14:14:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/23 14:14:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/23 14:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/23 12:54:04 | 000,000,000 | ---D | C] -- C:\CF11.tmp
[2010/11/20 17:55:47 | 000,000,000 | ---D | C] -- C:\Users\ronald\AppData\Roaming\PeaceCraft2
[2010/11/20 17:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\My Kingdom for the Princess II
[2010/11/18 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2010/11/13 20:11:38 | 000,000,000 | ---D | C] -- C:\Users\ronald\Documents\Activision
[2010/11/06 19:43:15 | 007,820,144 | ---- | C] (Macrovision Corporation) -- C:\Program Files\IJJI_REACTOR_INST_EN.exe
[4 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/11 00:06:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ronald\Desktop\OTL.exe
[2010/12/10 23:28:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/10 23:28:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/10 23:27:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/10 23:27:50 | 3085,402,112 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/10 18:52:49 | 000,000,204 | ---- | M] () -- C:\Users\Public\Desktop\MapleStory.url
[2010/12/09 21:48:33 | 233,696,670 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/09 20:57:28 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/12/08 13:53:48 | 000,119,296 | ---- | M] () -- C:\Users\ronald\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/06 21:48:43 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/06 21:48:43 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/03 15:26:53 | 000,093,592 | ---- | M] () -- C:\Users\ronald\Desktop\1258009126147.jpg
[2010/12/01 18:37:38 | 000,001,530 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010/11/26 21:36:43 | 000,000,850 | ---- | M] () -- C:\Users\ronald\Desktop\Sandboxed Web Browser.lnk
[2010/11/26 21:36:43 | 000,000,850 | ---- | M] () -- C:\Users\ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2010/11/26 21:36:25 | 001,812,200 | ---- | M] (SANDBOXIE L.T.D) -- C:\Users\ronald\Documents\SandboxieInstall350.exe
[2010/11/24 13:44:10 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/23 17:26:47 | 000,000,042 | ---- | M] () -- C:\Windows\System32\AK083E209605E394C.lie
[2010/11/23 15:27:48 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/23 14:14:42 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/20 17:55:15 | 000,001,584 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/11/20 17:50:40 | 000,001,686 | ---- | M] () -- C:\Users\ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/11/20 17:50:40 | 000,001,662 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/11/17 19:00:00 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/11/13 12:52:06 | 000,000,278 | ---- | M] () -- C:\Windows\game.ini
[4 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/10 18:52:49 | 000,000,204 | ---- | C] () -- C:\Users\Public\Desktop\MapleStory.url
[2010/12/10 16:21:19 | 3085,402,112 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/29 21:07:55 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/11/29 21:07:54 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010/11/26 21:37:24 | 000,000,850 | ---- | C] () -- C:\Users\ronald\Desktop\Sandboxed Web Browser.lnk
[2010/11/26 21:37:24 | 000,000,850 | ---- | C] () -- C:\Users\ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2010/11/26 21:37:22 | 000,001,530 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/11/24 13:44:10 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/23 17:26:47 | 000,000,042 | ---- | C] () -- C:\Windows\System32\AK083E209605E394C.lie
[2010/11/23 14:14:42 | 000,000,736 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/20 17:55:15 | 000,001,584 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/11/20 17:50:40 | 000,001,686 | ---- | C] () -- C:\Users\ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/08/19 14:57:03 | 004,489,216 | ---- | C] () -- C:\ProgramData\EAW Deathstar.scr
[2010/05/07 17:48:20 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010/05/07 17:48:20 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010/05/07 17:48:20 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010/05/07 17:44:33 | 000,000,089 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2010/04/24 17:32:57 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\nocashio.sys
[2009/11/02 06:50:47 | 007,901,184 | ---- | C] () -- C:\Users\ronald\AppData\Roaming\places.sqlite
[2009/10/21 02:16:58 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2009/10/19 11:35:20 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2009/09/09 23:18:18 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/23 23:41:01 | 000,000,236 | ---- | C] () -- C:\Users\ronald\AppData\Roaming\wklnhst.dat
[2009/08/15 13:56:40 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/15 01:31:51 | 000,120,320 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV65.sys
[2009/08/14 23:05:22 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/08/14 20:04:39 | 000,119,296 | ---- | C] () -- C:\Users\ronald\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/04 00:57:38 | 000,000,278 | ---- | C] () -- C:\Windows\game.ini
[2009/08/04 00:30:56 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/27 02:10:51 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/07/21 22:46:24 | 000,001,356 | ---- | C] () -- C:\Users\ronald\AppData\Local\d3d9caps.dat
[2008/11/05 04:14:52 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/11/05 04:14:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/07/26 10:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/10/06 16:30:12 | 000,000,000 | -HSD | M] -- C:\Users\ronald\AppData\Roaming\.#
[2009/10/13 23:33:15 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\acccore
[2009/08/04 01:01:50 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Activision
[2009/11/05 02:27:02 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Auslogics
[2010/11/07 22:22:39 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\AVG10
[2010/11/05 00:29:09 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Big Fish Games
[2009/10/21 02:17:56 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\BITS
[2010/11/30 23:59:01 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\BitTorrent
[2009/08/04 00:39:04 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\DAEMON Tools Lite
[2010/12/11 00:09:47 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\DNA
[2009/10/21 02:16:49 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\FlashGet
[2009/10/21 02:16:29 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\FlashGetBHO
[2009/11/19 00:48:23 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\FloodLightGames
[2010/11/09 13:11:45 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Free PDF Tablet
[2009/12/18 23:14:05 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\funkitron
[2010/05/30 08:16:59 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Gamelab
[2010/11/06 20:36:43 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\ijjigame
[2010/11/09 14:39:44 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\IObit
[2009/11/30 20:01:29 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\iWin
[2009/07/27 02:11:16 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Leadertech
[2009/07/05 01:34:22 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Ludia
[2010/10/04 02:21:01 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Mysteryville2
[2009/10/04 22:02:26 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\NeopleLauncherDFO
[2010/11/20 18:21:57 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\PeaceCraft2
[2009/12/05 22:12:37 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\PlayFirst
[2010/12/10 23:30:17 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Raptr
[2010/03/17 12:40:57 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Shrek
[2010/01/08 01:19:54 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\SPORE
[2009/06/28 14:13:42 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\SPORE Creature Creator
[2009/10/23 17:57:41 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Stardock
[2009/08/02 08:16:28 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\SystemRequirementsLab
[2009/08/22 02:30:33 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\TeamViewer
[2009/08/23 23:41:04 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Template
[2010/11/29 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\uTorrent
[2010/02/12 14:17:55 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\WeatherBug
[2009/06/27 20:58:20 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\WildTangent
[2009/07/20 00:08:06 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\WinBatch
[2010/12/09 20:57:28 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/11/17 19:00:00 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2010/12/11 00:04:54 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:61B54B15
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:A7DA2BCD
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:BBB82A4E
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:1DA424AA
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:7EB6C1C8
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:38FF076E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:709CDE3B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:C5CE2DF6
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:0BB5539B

< End of report >




P.S. I was unaware if i should post the Extras.Txt file that came with the OTL.Txt file, so I haven't posted it.

P.S.S. I have been told as of last night, shortly after i posted this, that there is another problem, in which firefox keeps opening up tabs, except this time the page that pops up is an "error" page, saying that the website is dangerous.

Edited by TerasMinus, 11 December 2010 - 02:17 PM.

  • 0

Advertisements

#2
jwang01
Posted 14 December 2010 - 02:52 AM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello TerasMinus and Welcome to GeeksToGo! ;)

I am jwang01 and I will be assisting you with you issue.

  • Please don't attach your logs unless asked. They can make them difficult to read.
  • Also, Malware removal will take many steps to remove. Please stick with me until I give you the all clear.
  • If you have any questions before running any of the instructions I give, please don't Hesitate to ask.


Ok, let's get started. :D


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva370.sys -- (XDva370)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva344.sys -- (XDva344)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva295.sys -- (XDva295)
O4 - HKLM..\Run: [] File not found
[2010/11/23 14:46:14 | 000,000,000 | ---D | C] -- C:\9636.tmp
[2010/11/23 14:46:12 | 000,000,000 | ---D | C] -- C:\8D12.tmp
[2010/11/23 14:46:07 | 000,000,000 | ---D | C] -- C:\7CEC.tmp
[2010/11/23 12:54:04 | 000,000,000 | ---D | C] -- C:\CF11.tmp

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Next


Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.


Please post the logs from OTL and GMER. Please post the Extras.txt you have as well. Also, Please let me know how your computer is running after doing the above steps.
  • 0

#3
TerasMinus
Posted 14 December 2010 - 12:55 PM

TerasMinus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
First off, I would like to thank you for helping.
Now, I followed the steps for OTL, and will post the log for it in a second. I do not know if you wanted the Extras file from when I last scanned, and if so, that one was deleted, I assume by my friend's mom, as she likes to delete things she doesn't remember seeing. Also, I followed the steps for GMER, but when it started scanning, it crashed. I waited a little while and tried running it again, but when I ran it as administrator again, the whole computer crashed. So here is the OTL log.

OTL logfile created on: 12/14/2010 1:22:19 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\ronald\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.46 Gb Total Space | 43.57 Gb Free Space | 15.21% Space Free | Partition Type: NTFS
Drive D: | 11.63 Gb Total Space | 1.59 Gb Free Space | 13.64% Space Free | Partition Type: NTFS

Computer Name: MIKEY-PC | User Name: ronald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/11 00:06:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ronald\Desktop\OTL.exe
PRC - [2010/12/10 23:23:20 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/18 19:01:00 | 000,042,920 | ---- | M] () -- C:\Program Files\Raptr\raptr_im.exe
PRC - [2010/11/18 19:00:58 | 000,058,792 | ---- | M] () -- C:\Program Files\Raptr\raptr.exe
PRC - [2010/10/17 17:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/11/12 17:34:30 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/09/02 13:29:12 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/26 10:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 10:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/06/13 14:26:54 | 002,498,560 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/04/13 10:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/12/11 00:06:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ronald\Desktop\OTL.exe
MOD - [2010/11/18 19:00:34 | 000,589,824 | ---- | M] (LTC Technologies) -- C:\Program Files\Raptr\ltc_help.dll
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2008/07/26 10:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\Temp\logishrd\LVPrcInj01.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/08 20:58:13 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/10/17 17:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/24 11:43:00 | 003,461,116 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/09/02 13:29:12 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/08/22 02:33:12 | 000,312,568 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/26 10:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 10:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/13 10:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2005/11/14 03:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ronald\AppData\Local\Temp\PCD65X2.sys -- (PCD65X2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010/12/11 16:30:31 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2010/10/17 17:42:34 | 000,124,648 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/04/24 17:32:57 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nocashio.sys -- (nocashio)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/08/15 01:31:51 | 000,120,320 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV65.sys -- (SSHDRV65)
DRV - [2009/08/04 00:30:56 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/07/03 09:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/22 09:58:24 | 000,022,016 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ndisrd.sys -- (NdisrdMP)
DRV - [2009/06/22 09:58:24 | 000,022,016 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ndisrd.sys -- (Ndisrd)
DRV - [2008/10/21 18:42:54 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/07/19 22:10:37] [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/09/27 01:51:00 | 007,478,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/24 12:31:06 | 002,171,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/09/10 07:48:20 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/09/10 07:47:18 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/09/10 07:46:22 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/09/09 19:58:08 | 000,020,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2008/09/04 06:34:34 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/08/01 07:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/26 10:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 10:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/07/26 10:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/21 11:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/07/21 11:12:22 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 04:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/28 13:58:30 | 000,289,280 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/04/23 09:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\URLSearchHook: {b7380195-94fe-44cd-91a5-06f6d56e202a} - C:\Program Files\iWinstore\tbiWin.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.vlcsearch.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.vlcsearch.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {b7380195-94fe-44cd-91a5-06f6d56e202a} - C:\Program Files\iWinstore\tbiWin.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...romesbox-en-us"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.6
FF - prefs.js..keyword.URL: "http://slirsredirect...b-en-us&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\ProgramData\iWin Games\firefox [2010/10/03 18:40:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 23:23:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 23:23:33 | 000,000,000 | ---D | M]

[2009/07/23 19:16:03 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\mozilla\Extensions
[2010/12/13 22:38:40 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\mozilla\Firefox\Profiles\z2z9jbjt.default\extensions
[2010/12/10 18:20:52 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\ronald\AppData\Roaming\mozilla\Firefox\Profiles\z2z9jbjt.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/12/09 20:52:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ronald\AppData\Roaming\mozilla\Firefox\Profiles\z2z9jbjt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/09 20:52:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\ronald\AppData\Roaming\mozilla\Firefox\Profiles\z2z9jbjt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/07 18:45:47 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\ronald\AppData\Roaming\mozilla\Firefox\Profiles\z2z9jbjt.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/09/14 13:40:22 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\mozilla\Firefox\Profiles\z2z9jbjt.default\extensions\dave2x@download
[2010/12/10 18:20:52 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\mozilla\Firefox\Profiles\z2z9jbjt.default\extensions\staged-xpis
[2010/05/07 17:55:17 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\mozilla\Firefox\Profiles\z2z9jbjt.default\extensions\[email protected]
[2010/11/26 21:01:25 | 000,004,554 | ---- | M] () -- C:\Users\ronald\AppData\Roaming\Mozilla\FireFox\Profiles\z2z9jbjt.default\searchplugins\aim-search.xml
[2009/07/10 16:26:08 | 000,002,257 | ---- | M] () -- C:\Users\ronald\AppData\Roaming\Mozilla\FireFox\Profiles\z2z9jbjt.default\searchplugins\askcom.xml
[2010/11/26 21:01:22 | 000,001,827 | ---- | M] () -- C:\Users\ronald\AppData\Roaming\Mozilla\FireFox\Profiles\z2z9jbjt.default\searchplugins\bing.xml
[2010/12/13 22:38:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/27 15:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll

O1 HOSTS File: ([2010/12/11 19:50:52 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (iWinstore Toolbar) - {b7380195-94fe-44cd-91a5-06f6d56e202a} - C:\Program Files\iWinstore\tbiWin.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (iWinstore Toolbar) - {b7380195-94fe-44cd-91a5-06f6d56e202a} - C:\Program Files\iWinstore\tbiWin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (iWinstore Toolbar) - {B7380195-94FE-44CD-91A5-06F6D56E202A} - C:\Program Files\iWinstore\tbiWin.dll (Conduit Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Easy Dock] C:\Users\ronald\Documents\RCA easyRip\EZDock.exe (Audiovox Electronics Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemonTool] C:\Windows\System32\PULOAD~1.DLL File not found
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [NvCplDaemonTool] C:\Users\ronald\PULOAD~1.DLL File not found
O4 - HKCU..\Run: [Raptr] C:\Program Files\Raptr\raptrstub.exe ()
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: Go PlaySushi! - {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - File not found
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\ronald\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\ronald\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b48c0445-e948-11df-adf5-002354774bf5}\Shell\AutoRun\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{b48c0445-e948-11df-adf5-002354774bf5}\Shell\install\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{b48c0445-e948-11df-adf5-002354774bf5}\Shell\usermanualEnglish\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{b48c0445-e948-11df-adf5-002354774bf5}\Shell\usermanualFrench\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{b48c0445-e948-11df-adf5-002354774bf5}\Shell\usermanualSpanish\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{d6ac5fa6-c523-11df-b199-002354774bf5}\Shell\AutoRun\command - "" = F:\podcastready.exe -- File not found
O33 - MountPoints2\{e5eb621b-180a-11df-9af7-002354774bf5}\Shell\AutoRun\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e5eb621b-180a-11df-9af7-002354774bf5}\Shell\install\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e5eb621b-180a-11df-9af7-002354774bf5}\Shell\usermanualEnglish\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e5eb621b-180a-11df-9af7-002354774bf5}\Shell\usermanualFrench\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e5eb621b-180a-11df-9af7-002354774bf5}\Shell\usermanualSpanish\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/14 13:05:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/11 19:50:51 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/12/11 16:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/12/11 15:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/12/11 15:58:56 | 006,387,008 | ---- | C] (SurfRight B.V.) -- C:\Users\ronald\Desktop\HitmanPro35.exe
[2010/12/11 00:06:54 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\ronald\Desktop\OTL.exe
[2010/12/10 17:46:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/09 16:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/12/08 13:52:40 | 000,000,000 | ---D | C] -- C:\Users\ronald\AppData\Roaming\vlc
[2010/12/08 13:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/12/06 13:55:25 | 000,000,000 | ---D | C] -- C:\Users\ronald\AppData\Roaming\Raptr
[2010/12/05 15:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\Raptr
[2010/11/29 20:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Outspark
[2010/11/29 13:02:34 | 000,000,000 | ---D | C] -- C:\Temp
[2010/11/26 21:37:41 | 000,000,000 | R--D | C] -- C:\Sandbox
[2010/11/26 21:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2010/11/26 21:36:22 | 001,812,200 | ---- | C] (SANDBOXIE L.T.D) -- C:\Users\ronald\Documents\SandboxieInstall350.exe
[2010/11/26 21:10:35 | 000,000,000 | ---D | C] -- C:\Users\ronald\AppData\Roaming\uTorrent
[2010/11/26 17:55:35 | 000,000,000 | ---D | C] -- C:\Users\ronald\AppData\Local\Unity
[2010/11/24 13:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/23 14:14:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/23 14:14:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/23 14:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/20 17:55:47 | 000,000,000 | ---D | C] -- C:\Users\ronald\AppData\Roaming\PeaceCraft2
[2010/11/20 17:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\My Kingdom for the Princess II
[2010/11/18 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2010/11/06 19:43:15 | 007,820,144 | ---- | C] (Macrovision Corporation) -- C:\Program Files\IJJI_REACTOR_INST_EN.exe

========== Files - Modified Within 30 Days ==========

[2010/12/14 13:11:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/14 13:11:31 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/14 13:11:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/14 13:11:01 | 3085,373,440 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/13 23:14:41 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/13 23:14:41 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/13 20:57:23 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/12/13 19:51:26 | 000,001,356 | ---- | M] () -- C:\Users\ronald\AppData\Local\d3d9caps.dat
[2010/12/11 19:54:29 | 290,373,054 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/11 19:50:52 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/12/11 16:30:31 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/12/11 15:59:36 | 006,387,008 | ---- | M] (SurfRight B.V.) -- C:\Users\ronald\Desktop\HitmanPro35.exe
[2010/12/11 00:06:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ronald\Desktop\OTL.exe
[2010/12/10 18:52:49 | 000,000,204 | ---- | M] () -- C:\Users\Public\Desktop\MapleStory.url
[2010/12/08 13:53:48 | 000,119,296 | ---- | M] () -- C:\Users\ronald\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/03 15:26:53 | 000,093,592 | ---- | M] () -- C:\Users\ronald\Desktop\1258009126147.jpg
[2010/12/01 18:37:38 | 000,001,530 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010/11/26 21:36:43 | 000,000,850 | ---- | M] () -- C:\Users\ronald\Desktop\Sandboxed Web Browser.lnk
[2010/11/26 21:36:43 | 000,000,850 | ---- | M] () -- C:\Users\ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2010/11/26 21:36:25 | 001,812,200 | ---- | M] (SANDBOXIE L.T.D) -- C:\Users\ronald\Documents\SandboxieInstall350.exe
[2010/11/24 13:44:10 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/23 17:26:47 | 000,000,042 | ---- | M] () -- C:\Windows\System32\AK083E209605E394C.lie
[2010/11/23 14:14:42 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/20 17:55:15 | 000,001,584 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/11/20 17:50:40 | 000,001,686 | ---- | M] () -- C:\Users\ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/11/20 17:50:40 | 000,001,662 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/11/17 19:00:00 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job

========== Files Created - No Company Name ==========

[2010/12/11 16:36:58 | 3085,373,440 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/11 16:00:26 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/12/10 18:52:49 | 000,000,204 | ---- | C] () -- C:\Users\Public\Desktop\MapleStory.url
[2010/11/29 21:07:55 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/11/29 21:07:54 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010/11/26 21:37:24 | 000,000,850 | ---- | C] () -- C:\Users\ronald\Desktop\Sandboxed Web Browser.lnk
[2010/11/26 21:37:24 | 000,000,850 | ---- | C] () -- C:\Users\ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2010/11/26 21:37:22 | 000,001,530 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/11/24 13:44:10 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/23 17:26:47 | 000,000,042 | ---- | C] () -- C:\Windows\System32\AK083E209605E394C.lie
[2010/11/23 14:14:42 | 000,000,736 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/20 17:55:15 | 000,001,584 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/11/20 17:50:40 | 000,001,686 | ---- | C] () -- C:\Users\ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/08/19 14:57:03 | 004,489,216 | ---- | C] () -- C:\ProgramData\EAW Deathstar.scr
[2010/05/07 17:48:20 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010/05/07 17:48:20 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010/05/07 17:48:20 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010/05/07 17:44:33 | 000,000,089 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2010/04/24 17:32:57 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\nocashio.sys
[2009/11/02 06:50:47 | 007,901,184 | ---- | C] () -- C:\Users\ronald\AppData\Roaming\places.sqlite
[2009/10/21 02:16:58 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2009/10/19 11:35:20 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2009/09/09 23:18:18 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/23 23:41:01 | 000,000,236 | ---- | C] () -- C:\Users\ronald\AppData\Roaming\wklnhst.dat
[2009/08/15 13:56:40 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/15 01:31:51 | 000,120,320 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV65.sys
[2009/08/14 23:05:22 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/08/14 20:04:39 | 000,119,296 | ---- | C] () -- C:\Users\ronald\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/04 00:57:38 | 000,000,278 | ---- | C] () -- C:\Windows\game.ini
[2009/08/04 00:30:56 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/27 02:10:51 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/07/21 22:46:24 | 000,001,356 | ---- | C] () -- C:\Users\ronald\AppData\Local\d3d9caps.dat
[2008/11/05 04:14:52 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/11/05 04:14:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/07/26 10:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/10/06 16:30:12 | 000,000,000 | -HSD | M] -- C:\Users\ronald\AppData\Roaming\.#
[2009/10/13 23:33:15 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\acccore
[2009/08/04 01:01:50 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Activision
[2009/11/05 02:27:02 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Auslogics
[2010/11/07 22:22:39 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\AVG10
[2010/11/05 00:29:09 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Big Fish Games
[2009/10/21 02:17:56 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\BITS
[2010/11/30 23:59:01 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\BitTorrent
[2009/08/04 00:39:04 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\DAEMON Tools Lite
[2010/12/14 13:23:23 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\DNA
[2009/10/21 02:16:49 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\FlashGet
[2009/10/21 02:16:29 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\FlashGetBHO
[2009/11/19 00:48:23 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\FloodLightGames
[2010/11/09 13:11:45 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Free PDF Tablet
[2009/12/18 23:14:05 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\funkitron
[2010/05/30 08:16:59 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Gamelab
[2010/11/06 20:36:43 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\ijjigame
[2010/11/09 14:39:44 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\IObit
[2009/11/30 20:01:29 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\iWin
[2009/07/27 02:11:16 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Leadertech
[2009/07/05 01:34:22 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Ludia
[2010/10/04 02:21:01 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Mysteryville2
[2009/10/04 22:02:26 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\NeopleLauncherDFO
[2010/11/20 18:21:57 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\PeaceCraft2
[2009/12/05 22:12:37 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\PlayFirst
[2010/12/14 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Raptr
[2010/03/17 12:40:57 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Shrek
[2010/01/08 01:19:54 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\SPORE
[2009/06/28 14:13:42 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\SPORE Creature Creator
[2009/10/23 17:57:41 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Stardock
[2009/08/02 08:16:28 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\SystemRequirementsLab
[2009/08/22 02:30:33 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\TeamViewer
[2009/08/23 23:41:04 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\Template
[2010/11/29 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\uTorrent
[2010/02/12 14:17:55 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\WeatherBug
[2009/06/27 20:58:20 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\WildTangent
[2009/07/20 00:08:06 | 000,000,000 | ---D | M] -- C:\Users\ronald\AppData\Roaming\WinBatch
[2010/12/13 20:57:23 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/11/17 19:00:00 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2010/12/14 13:07:41 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:61B54B15
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:A7DA2BCD
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:BBB82A4E
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:1DA424AA
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:7EB6C1C8
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:38FF076E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:709CDE3B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:C5CE2DF6
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:0BB5539B

< End of report >
  • 0

#4
jwang01
Posted 14 December 2010 - 04:47 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Ok, go ahead try this scanner instead of running GMER.

Also, please give me an update on how your computer is running.

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Edited by jwang01, 14 December 2010 - 07:14 PM.
Fixed Link

  • 0

#5
TerasMinus
Posted 14 December 2010 - 06:22 PM

TerasMinus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
That link doesnt seem to work for me. It says that it is unable to connect.
  • 0

#6
jwang01
Posted 14 December 2010 - 07:13 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Sorry about that. I fixed the link in my previous post. It should work now. :D
  • 0

#7
TerasMinus
Posted 14 December 2010 - 08:12 PM

TerasMinus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
It works. Here's the report.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8EA02000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7479296 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.68 )
0x82250000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82250000 PnpManager 3903488 bytes
0x82250000 RAW 3903488 bytes
0x82250000 WMIxWDM 3903488 bytes
0x8F409000 C:\Windows\system32\drivers\RTKVHDA.sys 2166784 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x96C30000 Win32k 2109440 bytes
0x96C30000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8A604000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x8A201000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8E202000 C:\Windows\system32\DRIVERS\HSX_DP.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x89E01000 PCI_PNP8603 1052672 bytes
0x89E01000 C:\Windows\System32\Drivers\spca.sys 1052672 bytes
0x89E01000 sptd 1052672 bytes
0x8E809000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1048576 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x8A404000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x80668000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x9E00A000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8E304000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x904D9000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8F124000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x80748000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8A18E000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9CE04000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x90405000 C:\Windows\system32\DRIVERS\wg111v3.sys 327680 bytes (NETGEAR Inc. , NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter NDIS Driver)
0x9CF74000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x96E80000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8A5B0000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x8A006000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8F783000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x89F31000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80627000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8A0FC000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8A545000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x89FC4000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8A337000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9CEFB000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A713000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8E921000 C:\Windows\System32\Drivers\a6p255bx.SYS 229376 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8A39B000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8221D000 ACPI_HAL 208896 bytes
0x8221D000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8A13D000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8F751000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8F1D0000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8F61A000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x9E106000 C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl 180224 bytes (CyberLink Corp., -)
0x8A30C000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8A371000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x905B9000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9CF4C000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8A763000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x89F7F000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x89F0B000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8F647000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x90480000 C:\Windows\System32\Drivers\dump_nvstor32.sys 151552 bytes
0x8A0D7000 C:\Windows\system32\DRIVERS\nvstor32.sys 151552 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x8F66C000 C:\Windows\system32\DRIVERS\MpFilter.sys 143360 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x8E986000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8F68F000 C:\Windows\system32\drivers\SSHDRV65.sys 139264 bytes
0x8A090000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x90588000 C:\Program Files\Sandboxie\SbieDrv.sys 135168 bytes (SANDBOXIE L.T.D, Sandboxie Kernel Mode Driver)
0x8F6D4000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9CEBC000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x9CEDC000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8A0B9000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9CE71000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8A4ED000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x904BE000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8A075000 C:\Windows\system32\drivers\nvraid.sys 110592 bytes (NVIDIA Corporation, NVIDIA® nForce™ RAID Driver)
0x9CE8E000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8E909000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9CF34000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x807D1000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8E964000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x9E167000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8F7CB000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8F727000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9CEA7000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8E9CC000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x9E132000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8E9B8000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8F73D000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8A518000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x905ED000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8A3CF000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8E3C6000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x90455000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x9E147000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8A78A000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8E3EF000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8060E000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8A508000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x8A16F000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x905A9000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8A065000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8A592000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8E9EB000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8A17F000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x904AF000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A754000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x89FA6000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8E9A9000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8A583000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x89FB5000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8A5A2000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x96E70000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8F7EB000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8F710000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8A057000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x90469000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8E3B9000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8E3E2000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8F1C3000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x807C4000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x9E0F2000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8F6C8000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8A530000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8A7F4000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8F705000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8E97B000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8E959000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8A7E0000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x90476000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x904A5000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8E3D8000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8E9E1000 C:\Windows\system32\DRIVERS\ndisrd.sys 40960 bytes (NT Kernel Resources, NDISRD helper driver)
0x905E3000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8A3E2000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8F7E1000 C:\Windows\system32\DRIVERS\rtlprot.sys 40960 bytes (Windows ® Codename Longhorn DDK provider, Realtek Utility I/O Driver)
0x9E0E8000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8A53B000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8A79B000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8F6B1000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9E15E000 C:\Windows\system32\DRIVERS\MpNWMon.sys 36864 bytes (Microsoft Corporation, Network monitor driver)
0x9E1D7000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8F71E000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x96E50000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8A7EB000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x89F02000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8A0B1000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8061F000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x80606000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x89F77000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8F6F5000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8F6FD000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A74C000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x9E0FE000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8F6C1000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8F6BA000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8A050000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x9E159000 C:\Windows\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0x8A52B000 C:\Windows\system32\DRIVERS\PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS)
0x9CFDA000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8F1FE000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x90467000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8544C1F8 unknown_irp_handler 3592 bytes
0x8544A1F8 unknown_irp_handler 3592 bytes
0x8804B1F8 unknown_irp_handler 3592 bytes
0x8690C1F8 unknown_irp_handler 3592 bytes
0x86BFF1F8 unknown_irp_handler 3592 bytes
0x87D6D1F8 unknown_irp_handler 3592 bytes
0x87D631F8 unknown_irp_handler 3592 bytes
0x86C151F8 unknown_irp_handler 3592 bytes
0x854481F8 unknown_irp_handler 3592 bytes
0x8544B1F8 unknown_irp_handler 3592 bytes
0x86A7D1F8 unknown_irp_handler 3592 bytes
0x880471F8 unknown_irp_handler 3592 bytes
0x88A491F8 unknown_irp_handler 3592 bytes
0x86C16458 unknown_irp_handler 2984 bytes
==============================================
>Stealth
==============================================
0x009A0000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x88954848 ] PID: 3904, 110592 bytes
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
  • 0

#8
jwang01
Posted 14 December 2010 - 08:39 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,

How is your computer running? Any more errors or redirects?
  • 0

#9
TerasMinus
Posted 14 December 2010 - 09:04 PM

TerasMinus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Seems to be all good so far. Havent had any redirects or randomly opening tabs, which is good. The only real annoying problems that i have now are teh same 3 error messages that have been popping up since the time before last when i had to clean the computer.
  • 0

#10
jwang01
Posted 14 December 2010 - 09:13 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Can you tell me what the 3 errors say?
  • 0

Advertisements

#11
TerasMinus
Posted 14 December 2010 - 09:35 PM

TerasMinus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
1 says:
Error loading C:\Users\ronald\PULOAD~1.DLL

The specified module could not be found.
2nd one says similar, cept its: C:\Windows\system32\PULOAD~1.DLL
the 3rd is for something called EZDock that says:

Init easyUIStringConfig.xml failed

the first 2 are more recent, as i mentioned earlier they started appearing after the time before last when i was trying to get rid of a annyoing malware, i believe that one was Antivirus Action or something similar.
The 3rd one has been popping up for a loooooong time.
  • 0

#12
jwang01
Posted 15 December 2010 - 01:09 AM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,

Do you have a program named EZDock installed on your computer?

Let's run a couple more malware scans to make sure your clean and sweep for orphans. This may fix you .dll errors your getting. Let me know if your still getting them after running these steps. :D


Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Next



Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Please post the logs of MBAM and ESET in your next reply.
  • 0

#13
TerasMinus
Posted 16 December 2010 - 12:45 PM

TerasMinus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
I don't mean to be so slow replying right now. Having house problems. After running MBAM the 2 runDLL errors have disappeared, which is good, and I thank you again for it.
As for the EZDock thing, I don't recall any program installed on here named EZDock. However, the little icon for it(the one in the upper left corner or the error message that pops up) looks like the icon for something called RCA easy rip (don't remember the name of the program exactly. was a long time ago), and that program i had removed a long time ago, as I didn't install it and it wasn't used in the first place.
Im working on the online scan, but here's the MBAM log

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5321

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

12/15/2010 1:04:54 PM
mbam-log-2010-12-15 (13-04-54).txt

Scan type: Quick scan
Objects scanned: 152293
Time elapsed: 10 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Trojan.Agent) -> Value: NvCplDaemonTool -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Trojan.Agent) -> Value: NvCplDaemonTool -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#14
jwang01
Posted 16 December 2010 - 02:02 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,

Thanks for the update. Go ahead and post the results of the online scan when it gets done. :D
  • 0

#15
TerasMinus
Posted 16 December 2010 - 03:02 PM

TerasMinus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
And here is the online scan log.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=e8465e82d00ee04582d85b17531de5b6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-16 09:00:07
# local_time=2010-12-16 04:00:07 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 2421051 2421051 0 0
# compatibility_mode=2049 16777214 0 5 2419245 2419245 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=320965
# found=3
# cleaned=3
# scan_time=7859
C:\Program Files\PlaySushi\psuninst.exe a variant of Win32/Adware.Gamevance.AE application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090909-040739-468.dll Win32/Adware.Gamevance application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\ronald\Documents\Magic.ISO.Maker.5.5.Build.0276.Incl.Serial\Setup_MagicISO.exe Win32/PSW.VB.NDI trojan (deleted - quarantined) 00000000000000000000000000000000 C
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP