Inactive [A] Trojan Sirefef.Y

Status
Not open for further replies.
G

Greg Brown

Hello,
It seems I am one of the many having this problem. I have run FRST and pasted the log file and if somebody could assist it would be greatly appreciated.
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 18-06-2012 02
Ran by SYSTEM at 19-06-2012 10:49:37
Running from F:\
Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [292208 2010-06-03] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM\...\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [136216 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [171032 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [170520 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [5954296 2011-12-16] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [403104 2011-12-16] (Acronis)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Docking Otter\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-03-30] (Google Inc.)
HKU\Docking Otter\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [218032 2006-09-10] (Macrovision Corporation)
HKU\Docking Otter\...\Run: [Spotify Web Helper] "C:\Users\Docking Otter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-05] ()
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.2
Startup: C:\Users\Docking Otter\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
================================ Services (Whitelisted) ==================
2 AcrSch2Svc; "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" [812808 2011-12-16] (Acronis)
2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3450832 2012-01-13] (Acronis)
2 Atheros Bt&Wlan Coex Agent; C:\Program Files\Dell Wireless\Ath_CoexAgent.exe [151552 2010-05-24] (Atheros)
2 AtherosSvc; C:\Program Files\Dell Wireless\Bluetooth Suite\adminservice.exe [56480 2010-09-01] (Atheros Commnucations)
2 BBSvc; C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.exe [193816 2012-02-13] (Microsoft Corporation.)
3 BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe [240408 2012-02-13] (Microsoft Corporation.)
2 EFS; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556544 2010-11-20] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-13] (Microsoft Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 Fax; C:\Windows\System32\fxssvc.exe [523264 2010-11-20] (Microsoft Corporation)
2 HsfXAudioService; C:\Windows\system32\XAudio32.dll [417336 2010-05-10] (Conexant Systems, Inc.)
3 KeyIso; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2009-07-13] (Microsoft Corporation)
3 msiserver; C:\Windows\System32\msiexec.exe /V [73216 2010-11-20] (Microsoft Corporation)
3 Netlogon; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
3 ProtectedStorage; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
3 RoxMediaDB12OEM; "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-09-03] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-09-03] (Sonic Solutions)
3 RpcLocator; C:\Windows\System32\locator.exe [9216 2009-07-13] (Microsoft Corporation)
2 SamSs; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-05-02] (Skype Technologies)
3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2009-07-13] (Microsoft Corporation)
2 Spooler; C:\Windows\System32\spoolsv.exe [317440 2010-11-20] (Microsoft Corporation)
2 sppsvc; C:\Windows\System32\sppsvc.exe [3179520 2010-11-20] (Microsoft Corporation)
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation)
2 syncagentsrv; "C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe" [5881968 2011-12-16] (Acronis)
4 TlntSvr; C:\Windows\System32\tlntsvr.exe [71680 2009-07-13] (Microsoft Corporation)
3 UI0Detect; C:\Windows\System32\UI0Detect.exe [35840 2009-07-13] (Microsoft Corporation)
3 VaultSvc; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
3 vds; C:\Windows\System32\vds.exe [453632 2010-11-20] (Microsoft Corporation)
3 VSS; C:\Windows\System32\vssvc.exe [1025536 2010-11-20] (Microsoft Corporation)
3 wbengine; "C:\Windows\system32\wbengine.exe" [1203200 2010-11-20] (Microsoft Corporation)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]
========================== Drivers (Whitelisted) =============
3 afcdp; C:\Windows\System32\DRIVERS\afcdp.sys [234752 2012-01-13] (Acronis)
3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [37224 2010-07-07] (Atheros)
3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [257896 2010-07-07] (Atheros)
3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [26984 2010-07-07] (Atheros)
3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [178024 2010-07-07] (Atheros)
3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [47976 2010-09-01] (Atheros)
3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [143336 2010-07-07] (Atheros)
3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [237416 2010-08-30] (Atheros)
0 fltsrv; C:\Windows\System32\DRIVERS\fltsrv.sys [77696 2012-01-13] (Acronis)
3 HSF_DPV; C:\Windows\System32\DRIVERS\HSX_DPV.sys [988728 2010-05-09] (Conexant Systems, Inc.)
3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [41040 2009-07-13] (Intel Corp./ICP vortex GmbH)
2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [19384 2010-05-10] (Conexant)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
2 rimspci; C:\Windows\System32\DRIVERS\rimspe86.sys [47104 2009-07-01] (REDC)
2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [49152 2009-06-30] (REDC)
3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38400 2009-07-04] (REDC)
3 ROOTMODEM; C:\Windows\System32\Drivers\RootMdm.sys [8192 2009-07-13] (Microsoft Corporation)
0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [766496 2012-01-13] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [609760 2012-01-13] (Acronis)
0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [126144 2012-01-13] (Acronis)
0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [84544 2012-01-13] (Acronis)
2 XAudio; C:\Windows\System32\DRIVERS\XAudio32.sys [15416 2010-05-10] (Conexant Systems, Inc.)
3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-06-19 10:38 - 2012-06-19 10:49 - 00000000 ____D C:\FRST
2012-06-18 03:00 - 2012-06-18 03:00 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-18 02:55 - 2012-06-18 03:11 - 00000000 __SHD C:\Config.Msi
2012-06-18 02:39 - 2012-06-18 02:39 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-18 02:38 - 2012-06-18 02:38 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-17 09:21 - 2012-06-17 09:21 - 00000000 ____D C:\Users\All Users\F4D55F3B22BFB52F5A9914E5B4EB238B
2012-06-17 07:01 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-17 07:01 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-17 07:01 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-17 07:01 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-17 07:01 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-17 07:01 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-17 07:01 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-17 07:01 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-17 07:01 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-17 07:01 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-17 07:01 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-17 07:01 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-17 07:01 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-17 07:01 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-17 05:24 - 2012-05-14 17:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-17 05:24 - 2012-04-30 20:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-17 05:24 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-17 05:24 - 2012-04-25 20:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-17 05:24 - 2012-04-25 20:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-17 05:24 - 2012-04-25 20:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-17 05:24 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-17 05:24 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-17 05:24 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-17 05:24 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-11 05:17 - 2012-06-11 05:17 - 00284727 ____N C:\Users\Docking Otter\Desktop\reason for transfer return Nick Zoll.jpeg
2012-06-09 11:23 - 2012-06-09 11:23 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2012-06-09 11:23 - 2012-06-09 11:23 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2012-06-09 11:08 - 2012-06-09 13:41 - 00000000 ____D C:\Users\Docking Otter\Desktop\Mexico Esencia June 2012
2012-06-07 10:29 - 2012-06-07 10:29 - 00100352 ____N C:\Users\Docking Otter\Desktop\#28 - Des Soutar 2012.doc
2012-06-04 04:28 - 2012-06-04 04:28 - 00037461 ____A C:\Users\Docking Otter\Desktop\536048_10151890858273538_896670023_n.jpg
2012-06-01 09:06 - 2012-06-01 09:06 - 00000000 ____D C:\Users\Docking Otter\Desktop\AHAlife
2012-05-30 03:14 - 2012-05-30 03:14 - 00122396 ____A C:\Users\Docking Otter\Desktop\Invoice-168.pdf
2012-05-30 03:13 - 2012-05-30 03:14 - 00120329 ____A C:\Users\Docking Otter\Downloads\Invoice-168.pdf
2012-05-25 12:36 - 2012-05-25 12:44 - 00000000 ____D C:\Users\Docking Otter\Desktop\Steelhead Direct
============ 3 Months Modified Files and Folders ===============
2012-06-19 00:35 - 2011-03-07 06:24 - 00032156 ____A C:\Windows\setupact.log
2012-06-19 00:35 - 2011-01-26 20:30 - 2387890176 __ASH C:\hiberfil.sys
2012-06-19 00:35 - 2011-01-26 19:56 - 3183857664 __ASH C:\pagefile.sys
2012-06-19 00:35 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-19 00:33 - 2011-03-30 07:41 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-19 00:33 - 2011-02-15 05:40 - 00000000 ___RD C:\Users\Docking Otter\Dropbox
2012-06-19 00:33 - 2011-02-15 05:33 - 00000000 ____D C:\Users\Docking Otter\AppData\Roaming\Dropbox
2012-06-19 00:20 - 2011-03-15 06:00 - 02394432 ____A C:\Windows\ntbtlog.txt
2012-06-18 07:27 - 2012-01-10 15:31 - 00000000 __SHD C:\Users\Docking Otter\AppData\Local\{ae04cdd7-f7d8-50d2-cba8-af40938542a9}
2012-06-18 03:30 - 2011-02-02 02:58 - 00000422 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-06-18 03:11 - 2012-06-18 02:55 - 00000000 __SHD C:\Config.Msi
2012-06-18 03:08 - 2009-07-13 20:55 - 01215225 ____A C:\Windows\WindowsUpdate.log
2012-06-18 03:04 - 2011-03-07 04:37 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-18 03:00 - 2012-06-18 03:00 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-18 03:00 - 2011-01-26 18:45 - 00769174 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-18 03:00 - 2009-07-13 18:37 - 00000000 ___RD C:\Program Files
2012-06-18 02:56 - 2009-07-13 20:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-18 02:56 - 2009-07-13 20:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-18 02:51 - 2011-01-26 19:03 - 00000000 ____D C:\Users\All Users\Sonic
2012-06-18 02:48 - 2011-03-07 06:24 - 00009148 ____A C:\Windows\PFRO.log
2012-06-18 02:39 - 2012-06-18 02:39 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-18 02:39 - 2011-03-15 06:11 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-06-18 02:38 - 2012-06-18 02:38 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-18 01:34 - 2011-02-02 10:55 - 00000000 ____D C:\Users\Docking Otter\Documents\Outlook Files
2012-06-18 01:21 - 2011-03-30 07:41 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-17 09:35 - 2012-04-09 01:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-17 09:23 - 2012-04-09 01:13 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-17 09:23 - 2011-07-07 03:10 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-17 09:21 - 2012-06-17 09:21 - 00000000 ____D C:\Users\All Users\F4D55F3B22BFB52F5A9914E5B4EB238B
2012-06-17 09:21 - 2009-07-13 18:37 - 00000000 ___HD C:\ProgramData
2012-06-17 08:01 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2012-06-17 07:48 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2012-06-17 07:23 - 2009-07-13 20:33 - 00461336 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-17 07:07 - 2011-02-02 03:02 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-17 07:03 - 2011-02-08 01:12 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-11 05:17 - 2012-06-11 05:17 - 00284727 ____N C:\Users\Docking Otter\Desktop\reason for transfer return Nick Zoll.jpeg
2012-06-09 13:41 - 2012-06-09 11:08 - 00000000 ____D C:\Users\Docking Otter\Desktop\Mexico Esencia June 2012
2012-06-09 11:23 - 2012-06-09 11:23 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2012-06-09 11:23 - 2012-06-09 11:23 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2012-06-07 10:29 - 2012-06-07 10:29 - 00100352 ____N C:\Users\Docking Otter\Desktop\#28 - Des Soutar 2012.doc
2012-06-04 04:28 - 2012-06-04 04:28 - 00037461 ____A C:\Users\Docking Otter\Desktop\536048_10151890858273538_896670023_n.jpg
2012-06-04 00:10 - 2011-02-03 02:40 - 00000000 ____D C:\Users\Docking Otter\Desktop\Desktop stuff
2012-06-02 14:29 - 2011-02-09 08:46 - 00000000 ____D C:\Users\Docking Otter\AppData\Roaming\Skype
2012-06-01 09:06 - 2012-06-01 09:06 - 00000000 ____D C:\Users\Docking Otter\Desktop\AHAlife
2012-06-01 01:07 - 2012-02-29 05:17 - 00000000 ____D C:\Users\Docking Otter\Desktop\Hunting
2012-05-30 03:14 - 2012-05-30 03:14 - 00122396 ____A C:\Users\Docking Otter\Desktop\Invoice-168.pdf
2012-05-30 03:14 - 2012-05-30 03:13 - 00120329 ____A C:\Users\Docking Otter\Downloads\Invoice-168.pdf
2012-05-29 02:19 - 2012-02-20 09:26 - 00000000 ____D C:\Users\Docking Otter\Desktop\Alta Baby
2012-05-29 02:14 - 2011-02-02 11:32 - 00000000 ____D C:\Users\Docking Otter\AppData\Roaming\Spotify
2012-05-29 02:14 - 2011-02-02 11:32 - 00000000 ____D C:\Users\Docking Otter\AppData\Local\Spotify
2012-05-25 12:44 - 2012-05-25 12:36 - 00000000 ____D C:\Users\Docking Otter\Desktop\Steelhead Direct
2012-05-17 15:11 - 2012-06-17 07:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 14:48 - 2012-06-17 07:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 14:45 - 2012-06-17 07:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 14:36 - 2012-06-17 07:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 14:35 - 2012-06-17 07:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 14:35 - 2012-06-17 07:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 14:33 - 2012-06-17 07:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 14:31 - 2012-06-17 07:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 14:29 - 2012-06-17 07:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 14:29 - 2012-06-17 07:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 14:27 - 2012-06-17 07:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 14:25 - 2012-06-17 07:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 14:24 - 2012-06-17 07:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 14:20 - 2012-06-17 07:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-16 10:38 - 2011-02-02 10:12 - 00000000 ____D C:\Users\Docking Otter\AppData\Local\Windows Live
2012-05-16 10:37 - 2012-05-16 10:37 - 00000000 ____D C:\Users\Docking Otter\AppData\Local\{AC501644-4945-4F39-8E11-0F35143A6BF8}
2012-05-16 10:37 - 2012-05-16 10:37 - 00000000 ____D C:\Users\Docking Otter\AppData\Local\{5BEEACE8-D917-47CF-97BE-6CC6845797F1}
2012-05-15 09:05 - 2012-05-15 09:05 - 02070873 ____A C:\Users\Docking Otter\Downloads\Egg Box Study 2012.docx
2012-05-15 04:04 - 2012-05-15 04:04 - 00000000 ____D C:\Users\Docking Otter\AppData\Local\{66D2ABC3-E4E6-4CFF-9E9D-EA2786AF86ED}
2012-05-15 04:04 - 2012-05-15 04:04 - 00000000 ____D C:\Users\Docking Otter\AppData\Local\{1E3F12FD-786D-4225-84D8-08650D306B1F}
2012-05-15 03:54 - 2009-07-13 18:37 - 00000000 ____D C:\Windows
2012-05-15 03:52 - 2011-01-26 19:11 - 00000000 ____D C:\Program Files\Windows Live
2012-05-15 03:40 - 2012-05-15 03:40 - 00000000 ____D C:\Users\Docking Otter\AppData\Local\{B59BFB71-7F7C-41B1-93FB-249E607C3B3F}
2012-05-14 17:05 - 2012-06-17 05:24 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 12:50 - 2012-05-12 12:50 - 00000000 ____D C:\Users\Docking Otter\AppData\Local\{43973BED-81A6-4C35-9939-305D1E120CC1}
2012-05-12 00:49 - 2011-02-02 02:58 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-05-11 07:25 - 2011-01-26 19:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-11 07:24 - 2009-07-13 23:50 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-07 07:12 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2012-05-03 23:20 - 2009-07-13 20:53 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-30 20:44 - 2012-06-17 05:24 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:17 - 2012-06-17 05:24 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 10:34 - 2012-04-27 10:34 - 00000000 ____D C:\Program Files\Common Files\Skype
2012-04-27 10:34 - 2011-02-09 08:46 - 00000000 ___RD C:\Program Files\Skype
2012-04-27 10:34 - 2011-02-09 08:46 - 00000000 ____D C:\Users\All Users\Skype
2012-04-27 10:16 - 2011-03-30 07:41 - 00000000 ____D C:\Users\Docking Otter\AppData\Local\Google
2012-04-27 10:15 - 2011-03-30 07:41 - 00000000 ____D C:\Program Files\Google
2012-04-25 20:45 - 2012-06-17 05:24 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:45 - 2012-06-17 05:24 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:41 - 2012-06-17 05:24 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 20:36 - 2012-06-17 05:24 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 20:36 - 2012-06-17 05:24 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 20:36 - 2012-06-17 05:24 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-20 03:34 - 2012-04-20 03:34 - 00000000 ____D C:\Users\Docking Otter\AppData\Local\{68FE5A7F-749D-42D9-8835-58F548C2BCE3}
2012-04-20 03:32 - 2012-04-20 03:32 - 00000000 ____D C:\Users\Docking Otter\AppData\Local\{6AE3FFF7-93E1-491E-8AC6-B4E387F93823}
2012-04-20 03:32 - 2012-04-20 03:32 - 00000000 ____D C:\Users\Docking Otter\AppData\Local\{28769253-8247-4D85-8439-F2475D73645D}
2012-04-20 03:28 - 2012-04-20 03:27 - 00000000 ____D C:\Users\Docking Otter\AppData\Local\{1D78714C-CD98-4548-BF3D-EE91E150C4DE}
2012-04-12 02:18 - 2011-06-20 06:56 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-04-11 07:06 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini
2012-04-10 00:52 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\LiveKernelReports
2012-04-07 03:26 - 2012-06-17 05:24 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-04 06:56 - 2011-03-15 06:11 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-30 20:39 - 2012-05-10 20:06 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-10 20:06 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 02:23 - 2012-05-10 20:06 - 01291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 07:49 - 2012-03-28 07:49 - 00145920 ____A C:\Users\Docking Otter\Desktop\2013-calendar.doc
2012-03-23 10:16 - 2012-03-23 10:16 - 00000000 ____D C:\Users\Docking Otter\AppData\Roaming\Sonic Solutions
2012-03-22 06:17 - 2011-02-02 05:08 - 00000000 ____D C:\Users\Docking Otter\AppData\Roaming\TeamViewer

ZeroAccess:
C:\Windows\Installer\{ae04cdd7-f7d8-50d2-cba8-af40938542a9}
C:\Windows\Installer\{ae04cdd7-f7d8-50d2-cba8-af40938542a9}\@
C:\Windows\Installer\{ae04cdd7-f7d8-50d2-cba8-af40938542a9}\L
C:\Windows\Installer\{ae04cdd7-f7d8-50d2-cba8-af40938542a9}\U
ZeroAccess:
C:\Users\Docking Otter\AppData\Local\{ae04cdd7-f7d8-50d2-cba8-af40938542a9}
C:\Users\Docking Otter\AppData\Local\{ae04cdd7-f7d8-50d2-cba8-af40938542a9}\@
C:\Users\Docking Otter\AppData\Local\{ae04cdd7-f7d8-50d2-cba8-af40938542a9}\L
C:\Users\Docking Otter\AppData\Local\{ae04cdd7-f7d8-50d2-cba8-af40938542a9}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 15%
Total physical RAM: 3036.36 MB
Available physical RAM: 2579.46 MB
Total Pagefile: 3034.65 MB
Available Pagefile: 2592.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.61 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:451.1 GB) (Free:375.01 GB) NTFS
3 Drive f: (NEW VOLUME) (Removable) (Total:0.47 GB) (Free:0.46 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:14.66 GB) (Free:8.83 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 478 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 31 KB
Partition 2 Primary 451 GB 14 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 477 MB 16 KB
======================================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F NEW VOLUME FAT32 Removable 477 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-06-09 16:28
======================= End Of Log ==========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================================

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
Broni said:
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================================

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
Click to expand...

Here you go, Broni, and it's much appreciated.
Farbar Recovery Scan Tool Version: 18-06-2012 02
Ran by SYSTEM at 2012-06-20 09:43:02
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9
=== End Of Search ==
 
Please don't copy my replies as it creates unnecessary clutter.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

See if you can boot normally.

If so....

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    379 bytes · Views: 1
It seems to be running again, so thank you for your sterling efforts.
ComboFix 12-06-21.01 - Docking Otter 21/06/2012 9:59.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3036.2103 [GMT 1:00]
Running from: c:\users\Docking Otter\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 08:51 . 2012-06-21 08:51 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB759CD2-F141-4798-8F4B-31F566997D81}\MpKsl9a5a1414.sys
2012-06-21 08:45 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB759CD2-F141-4798-8F4B-31F566997D81}\mpengine.dll
2012-06-21 08:39 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 08:39 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 08:39 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 08:39 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 08:39 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 08:39 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 08:39 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 08:38 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 08:38 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 18:38 . 2012-06-19 18:50 -------- d-----w- C:\FRST
2012-06-18 11:06 . 2012-02-09 13:17 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B313CF5D-9CB8-4140-BD14-A6D94586DBC1}\gapaengine.dll
2012-06-18 11:06 . 2012-05-15 00:43 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-18 11:00 . 2012-06-18 11:00 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-18 10:38 . 2012-06-18 10:38 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-17 17:21 . 2012-06-17 17:21 -------- d-----w- c:\programdata\F4D55F3B22BFB52F5A9914E5B4EB238B
2012-06-17 13:24 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-17 13:24 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-17 13:24 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-17 13:24 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-17 13:24 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-17 13:24 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-17 13:24 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-17 13:24 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-17 13:24 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-17 13:24 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-09 19:23 . 2012-06-09 19:23 -------- d-----w- c:\users\Default\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 17:23 . 2012-04-09 09:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-17 17:23 . 2011-07-07 11:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 14:56 . 2011-03-15 14:11 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 04:39 . 2012-05-11 04:06 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 04:06 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-11 04:06 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Docking Otter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Docking Otter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Docking Otter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-30 39408]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Spotify Web Helper"="c:\users\Docking Otter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-05 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-12-16 5954296]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-12-16 403104]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\Docking Otter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Docking Otter\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-04-04 05:53 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray]
2010-09-02 00:27 298144 ----a-w- c:\program files\Dell Wireless\Bluetooth Suite\AthBtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtStack]
2010-09-02 00:28 474272 ----a-w- c:\program files\Dell Wireless\Bluetooth Suite\BtvStack.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2010-09-03 07:28 518640 ----a-w- c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2010-04-29 16:33 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-07-06 20:22 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-05-03 07:36 17355912 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 14:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 257224]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.362.0\SeaPort.exe [2012-02-13 240408]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-07-30 21744]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-04 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-01-13 77696]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-01-13 126144]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [2012-01-13 84544]
S1 MpKsl9a5a1414;MpKsl9a5a1414;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB759CD2-F141-4798-8F4B-31F566997D81}\MpKsl9a5a1414.sys [2012-06-21 29904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2012-01-13 3450832]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Dell Wireless\Ath_CoexAgent.exe [2010-05-24 151552]
S2 AtherosSvc;AtherosSvc;c:\program files\Dell Wireless\Bluetooth Suite\adminservice.exe [2010-09-02 56480]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.362.0\BBSvc.exe [2012-02-13 193816]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-06-30 49152]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-12-16 5881968]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-01-13 234752]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-07-08 37224]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-07-08 257896]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-07-08 26984]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-07-08 178024]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-09-02 47976]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-07-08 143336]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-08-30 237416]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 146528]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 17:23]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 15:41]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 15:41]
.
2012-05-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 07:47]
.
2012-06-18 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 07:47]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: nervouswaters.com\webmail
TCP: DhcpNameServer = 192.168.1.2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2792)
c:\users\Docking Otter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Acronis\TrueImageHome\tishell.dll
c:\program files\Acronis\TrueImageHome\timounter.dll
c:\program files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
c:\program files\Dell Wireless\Bluetooth Suite\AthCopyHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-06-21 10:14:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-21 09:14
.
Pre-Run: 403,930,492,928 bytes free
Post-Run: 404,603,928,576 bytes free
.
- - End Of File - - AE81ACB17EA2059B22CA0B144F3FF890
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 18-06-2012 02
Ran by SYSTEM at 2012-06-21 09:33:08 Run:1
Running from F:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
C:\Windows\Installer\{ae04cdd7-f7d8-50d2-cba8-af40938542a9} moved successfully.
C:\Users\Docking Otter\AppData\Local\{ae04cdd7-f7d8-50d2-cba8-af40938542a9} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====
 
Looks good :)

Any current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL Extras logfile created on: 6/22/2012 9:34:14 AM - Run 1
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Docking Otter\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 60.16% Memory free
5.93 Gb Paging File | 4.64 Gb Available in Paging File | 78.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 451.10 Gb Total Space | 340.85 Gb Free Space | 75.56% Space Free | Partition Type: NTFS
Drive G: | 931.50 Gb Total Space | 409.65 Gb Free Space | 43.98% Space Free | Partition Type: NTFS

Computer Name: DOCKINGOTTER-PC | User Name: Docking Otter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05E85226-2A0D-40E4-8BD6-800FDA6C8B06}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0B32D4C3-F37E-4E9D-8253-B1EF82C738D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0F268712-46AA-45A9-8856-40C409BB331B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{348859F6-70A2-440A-ACB8-AE3820FB739B}" = rport=137 | protocol=17 | dir=out | app=system |
"{3807884D-6BE6-4767-BA02-C296B4982257}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{464A4ADE-50E1-4236-86AB-F9389B29BCEA}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent broadcast |
"{4AFA4C23-1F0A-4662-99E4-1178C8D50EE5}" = rport=445 | protocol=6 | dir=out | app=system |
"{8707B964-ACC2-462D-A714-312AC6C0F500}" = rport=138 | protocol=17 | dir=out | app=system |
"{898EA5DD-14A4-4FA4-BCB9-2C5D1E100333}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{8B662BBD-10D1-4354-A714-1CDD366CB31D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8D93D2D4-B95B-4CA7-9E8B-9ADACE81F482}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{933C2DC4-97E0-44D4-86C8-5940521EFBC2}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{A0D6173A-8A61-4BFF-8825-9212E5C902D7}" = lport=139 | protocol=6 | dir=in | app=system |
"{A1EF0220-6FF5-4899-86E8-F9C6F5F6AD74}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent update |
"{A2F5BFC6-1B96-4B32-B0DB-2CACD615A326}" = lport=137 | protocol=17 | dir=in | app=system |
"{A3DE1562-5A2C-40E5-9ED7-AA423B6948B5}" = rport=139 | protocol=6 | dir=out | app=system |
"{C3832D0A-E46F-49DB-A9F4-4F7100765436}" = lport=445 | protocol=6 | dir=in | app=system |
"{CCC11B84-76D8-41DB-B367-395F46AF2F8B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DC5F7F3C-6E94-4E6B-9CA3-D419942AE9CA}" = lport=138 | protocol=17 | dir=in | app=system |
"{E0195015-BA0E-486A-BC4E-816C49DF3B74}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E1D61C0D-FF14-4D94-9CE8-B11DEBE9ABC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F097B2CD-BD30-4A03-80DA-5A00CCDC6640}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FA6C3CDF-4235-4E43-B9E1-62B3E24279C7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1232DEE8-A59F-4E57-B282-8D9E8CF9DF01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1713EEC9-5452-4431-88D6-D75A966FA829}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2C66F27F-00D2-477A-A6AB-01DD66BFA791}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{362FE41E-A238-476D-B5F1-B8809C4F490D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{3D8BB31C-3FE2-4F9D-B088-3916D85AB04B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4B1AC99B-F927-47B1-AEB0-26DB70C03045}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{504BBCC9-32DA-49B4-8844-BCEDA0771239}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{55247DA5-75A7-44BF-8389-8B5175D98DF3}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{61DBB382-4859-438B-9FAE-F2628A4B80A4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{79174702-05C6-41F9-AF06-F9E04C3AB993}" = protocol=6 | dir=in | app=c:\users\docking otter\appdata\roaming\dropbox\bin\dropbox.exe |
"{880B9E58-17D8-40B9-8F19-9E687D195053}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{8D1595FB-6422-48AB-8E22-6D034AC24459}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{94A827AA-C64A-4C78-9383-DE6FFF8B2654}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{98272822-0CAE-416D-B623-062858253EDD}" = protocol=17 | dir=in | app=c:\users\docking otter\appdata\roaming\dropbox\bin\dropbox.exe |
"{C3860008-4925-4338-A272-027AA1D3220E}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{C5E29A53-AC4B-41C3-A323-988A394CFF71}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{E5B32197-A3B3-482E-8290-21543C1056E0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F9332CC7-840A-4581-AA8F-5F947CAFCE37}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FDB17FF7-D792-489E-9D1A-97C29194F5DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{484EFB7A-8A8B-4CE8-B61A-8D760961EBC9}C:\users\docking otter\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\docking otter\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{8C1D875B-DEAC-4225-87E2-3B75AB7EC75F}C:\users\docking otter\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\docking otter\appdata\roaming\spotify\spotify.exe |
"TCP Query User{995AA53F-0DF5-4788-9893-448FEF4D7D0F}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{C886ABC3-EBA3-44F5-8359-4CC4B7044F3A}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{D750BEEF-1535-4F2D-8667-1537A4858BA2}C:\users\docking otter\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\docking otter\appdata\roaming\spotify\spotify.exe |
"UDP Query User{37A45C87-7293-4CA3-A233-9ED65B30576E}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{391593EA-D95E-4A56-97F2-2A5BEDEF0095}C:\users\docking otter\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\docking otter\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{6F3B4033-CF7F-4A47-A0A5-E476013C2680}C:\users\docking otter\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\docking otter\appdata\roaming\spotify\spotify.exe |
"UDP Query User{B2DF04E0-A63B-4F1C-9971-2ECD424CF24A}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{F3627B1D-A766-4CF0-91C5-7CB68CD1B365}C:\users\docking otter\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\docking otter\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell Bluetooth Installation
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73EB91A9-711F-44CD-9757-31178AB1B076}" = Acronis True Image Home 2012
"{73EB91A9-711F-44CD-9757-31178AB1B076}Visible" = Acronis True Image Home 2012
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Dell Support Center" = Dell Support Center
"Dell Webcam Central" = Dell Webcam Central
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Spotify" = Spotify
"VLC media player" = VLC media player 1.1.7
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3976477510-2902446173-2973907276-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/29/2011 6:00:04 AM | Computer Name = DockingOtter-PC | Source = PC-Doctor | ID = 1
Description = (3780) Asapi: (11:00:04:2430)(3780) libAsapi.DynamicLoadedPlugin -
Error -- 64 Unable to load library 'S3LogPusher.dll'

Error - 8/29/2011 6:00:04 AM | Computer Name = DockingOtter-PC | Source = PC-Doctor | ID = 1
Description = (3780) Asapi: (11:00:04:2590)(3780) Asapi.State - Error -- 123 Plugin
S3LogPusher.dll failed to load.

Error - 8/29/2011 7:31:13 PM | Computer Name = DockingOtter-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 8/30/2011 6:00:01 AM | Computer Name = DockingOtter-PC | Source = PC-Doctor | ID = 1
Description = (5016) Asapi: (11:00:01:2030)(5016) libAsapi.DynamicLoadedPlugin -
Error -- 64 Unable to load library 'S3LogPusher.dll'

Error - 8/30/2011 6:00:01 AM | Computer Name = DockingOtter-PC | Source = PC-Doctor | ID = 1
Description = (5016) Asapi: (11:00:01:2230)(5016) Asapi.State - Error -- 123 Plugin
S3LogPusher.dll failed to load.

Error - 8/30/2011 7:51:11 AM | Computer Name = DockingOtter-PC | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 14.0.4760.1000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 12f0 Start
Time: 01cc6704e5377cce Termination Time: 0 Application Path: C:\Program Files\Microsoft
Office\Office14\OUTLOOK.EXE Report Id: 217de1da-d2fe-11e0-aa0e-889ffa67419a

Error - 8/30/2011 7:52:29 AM | Computer Name = DockingOtter-PC | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 14.0.4760.1000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2b8 Start
Time: 01cc670b1cf4beed Termination Time: 31 Application Path: C:\Program Files\Microsoft
Office\Office14\OUTLOOK.EXE Report Id: 7aac7cf8-d2fe-11e0-aa0e-889ffa67419a

Error - 8/30/2011 7:31:18 PM | Computer Name = DockingOtter-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 8/31/2011 6:00:05 AM | Computer Name = DockingOtter-PC | Source = PC-Doctor | ID = 1
Description = (2856) Asapi: (11:00:05:4690)(2856) libAsapi.DynamicLoadedPlugin -
Error -- 64 Unable to load library 'S3LogPusher.dll'

Error - 8/31/2011 6:00:05 AM | Computer Name = DockingOtter-PC | Source = PC-Doctor | ID = 1
Description = (2856) Asapi: (11:00:05:5470)(2856) Asapi.State - Error -- 123 Plugin
S3LogPusher.dll failed to load.

[ System Events ]
Error - 8/20/2011 6:00:17 AM | Computer Name = DockingOtter-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/21/2011 6:00:13 AM | Computer Name = DockingOtter-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/21/2011 6:00:15 AM | Computer Name = DockingOtter-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/22/2011 6:00:20 AM | Computer Name = DockingOtter-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/22/2011 6:00:21 AM | Computer Name = DockingOtter-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/23/2011 6:00:21 AM | Computer Name = DockingOtter-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/23/2011 6:00:23 AM | Computer Name = DockingOtter-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/26/2011 6:00:27 AM | Computer Name = DockingOtter-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/26/2011 6:00:29 AM | Computer Name = DockingOtter-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/27/2011 6:00:17 AM | Computer Name = DockingOtter-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.


< End of report >
 
OTL logfile created on: 6/22/2012 9:34:14 AM - Run 1
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Docking Otter\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 60.16% Memory free
5.93 Gb Paging File | 4.64 Gb Available in Paging File | 78.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 451.10 Gb Total Space | 340.85 Gb Free Space | 75.56% Space Free | Partition Type: NTFS
Drive G: | 931.50 Gb Total Space | 409.65 Gb Free Space | 43.98% Space Free | Partition Type: NTFS

Computer Name: DOCKINGOTTER-PC | User Name: Docking Otter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/22 09:31:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Docking Otter\Desktop\OTL.exe
PRC - [2012/06/22 09:26:37 | 003,459,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Docking Otter\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/04/27 23:46:20 | 001,171,304 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2012/04/27 23:45:08 | 005,914,920 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012/04/27 23:44:20 | 000,821,008 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2012/04/27 23:44:10 | 000,403,112 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2012/04/27 23:43:28 | 005,955,280 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/30 17:13:15 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/02 01:27:48 | 000,056,480 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Dell Wireless\Bluetooth Suite\AdminService.exe
PRC - [2010/08/20 01:06:56 | 000,487,562 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/06/08 17:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/06/08 17:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/06/04 08:29:14 | 000,292,208 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/05/31 10:57:12 | 000,056,032 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2010/05/31 07:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/05/24 23:44:48 | 000,151,552 | ---- | M] (Atheros) -- C:\Program Files\Dell Wireless\Ath_CoexAgent.exe
PRC - [2010/02/17 07:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/22 08:54:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/06/22 08:54:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/22 08:53:51 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/22 08:53:23 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/06/22 08:53:17 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/06/22 08:53:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/06/22 08:53:11 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/22 08:52:50 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/04/27 23:43:10 | 012,985,744 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\Common\ti_managers.dll
MOD - [2012/04/27 19:09:24 | 000,018,784 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2012/06/22 09:26:37 | 003,459,024 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/04/27 23:45:08 | 005,914,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012/04/27 23:44:20 | 000,821,008 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/04 04:03:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/04 08:15:22 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/09/04 08:14:26 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/09/02 01:27:48 | 000,056,480 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/06/08 17:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/05/24 23:44:48 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2010/05/10 09:47:24 | 000,417,336 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\tdrpman1040.sys -- (tdrpman1040) Acronis Try&Decide and Restore Points filter (Build 1040)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\snapman668.sys -- (snapman668) Acronis Snapshots Manager (Build 668)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\fltsrv49.sys -- (fltsrv49) Acronis Storage Filter Management (Build 49)
DRV - [2012/06/22 09:26:40 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2012/06/22 09:26:32 | 000,775,232 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2012/06/22 09:26:29 | 000,614,592 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2012/06/22 09:26:27 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BCDFDCFA-FFF0-4742-B2F2-F7D4741973DF}\MpKslb5afebe7.sys -- (MpKslb5afebe7)
DRV - [2012/06/22 09:26:26 | 000,126,880 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
DRV - [2012/06/22 09:26:25 | 000,086,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt67.sys -- (vidsflt67) Acronis Disk Storage Filter (67)
DRV - [2012/06/22 09:26:22 | 000,177,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2012/06/22 09:26:20 | 000,080,416 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/01/13 14:09:36 | 000,084,544 | ---- | M] (Acronis) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\vsflt61.sys -- (vidsflt61) Acronis Disk Storage Filter (61)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/20 07:49:46 | 001,882,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/09/17 06:11:52 | 000,528,000 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/09/02 01:06:46 | 000,047,976 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2010/08/31 00:14:28 | 000,237,416 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2010/08/12 17:50:20 | 000,146,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2010/07/30 08:35:30 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2010/07/08 05:20:14 | 000,143,336 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2010/07/08 05:20:02 | 000,257,896 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2010/07/08 05:20:02 | 000,178,024 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2010/07/08 05:20:02 | 000,037,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2010/07/08 05:20:02 | 000,026,984 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2010/06/21 14:59:30 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/05/10 09:47:34 | 000,015,416 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2010/02/26 21:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/07/04 11:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/02 01:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/06/30 12:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/06/25 09:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 09:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 09:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/05/28 17:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{049560E5-9611-42EA-A9D4-17ADD20ED5B1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3976477510-2902446173-2973907276-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USSMB/2
IE - HKU\S-1-5-21-3976477510-2902446173-2973907276-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3976477510-2902446173-2973907276-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3976477510-2902446173-2973907276-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-3976477510-2902446173-2973907276-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension

[2011/05/10 11:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Docking Otter\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2011/07/27 21:27:40 | 000,000,866 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3976477510-2902446173-2973907276-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Docking Otter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Docking Otter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3976477510-2902446173-2973907276-1001\..Trusted Domains: nervouswaters.com ([webmail] http in Trusted sites)
O15 - HKU\S-1-5-21-3976477510-2902446173-2973907276-1001\..Trusted Domains: nervouswaters.com ([webmail] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{637D76BD-2AE4-484C-BF30-3B8FCCF7FF21}: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFFA7227-8D21-409B-9629-E136AFAECA7C}: DhcpNameServer = 192.168.1.2
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmpx - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/22 09:31:37 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Docking Otter\Desktop\OTL.exe
[2012/06/22 09:26:38 | 000,000,000 | ---D | C] -- C:\Users\Docking Otter\AppData\Roaming\08ED1F39-773E-49EC-8EF2-EA7CA58FFC77
[2012/06/22 00:45:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/21 20:12:31 | 000,000,000 | ---D | C] -- C:\Users\Docking Otter\Desktop\FULL BACKUP DELL 4.6.12

========== Files - Modified Within 30 Days ==========

[2012/06/22 09:31:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Docking Otter\Desktop\OTL.exe
[2012/06/22 09:26:14 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk
[2012/06/22 09:09:00 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/22 09:09:00 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/22 09:07:27 | 000,652,548 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/22 09:07:27 | 000,118,576 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/22 09:07:07 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/22 09:01:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/22 09:00:26 | 2387,890,176 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/22 08:55:51 | 000,001,068 | ---- | M] () -- C:\Users\Docking Otter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/22 08:54:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/22 08:52:11 | 000,461,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/22 00:42:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/21 20:55:20 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/06/21 20:03:13 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/06/21 20:03:13 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/03/06 15:28:24 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/09 17:53:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/23 23:58:23 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/12/23 23:58:20 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/12/23 23:58:20 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/12/23 23:58:20 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/12/23 23:58:20 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/12/23 23:58:19 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/12/23 23:58:18 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/06/29 09:22:28 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin

========== LOP Check ==========

[2012/06/22 09:26:38 | 000,000,000 | ---D | M] -- C:\Users\Docking Otter\AppData\Roaming\08ED1F39-773E-49EC-8EF2-EA7CA58FFC77
[2011/09/13 16:42:18 | 000,000,000 | ---D | M] -- C:\Users\Docking Otter\AppData\Roaming\Acronis
[2012/06/22 09:07:16 | 000,000,000 | ---D | M] -- C:\Users\Docking Otter\AppData\Roaming\Dropbox
[2011/03/07 14:28:04 | 000,000,000 | ---D | M] -- C:\Users\Docking Otter\AppData\Roaming\ESM-Tools
[2011/08/17 17:23:10 | 000,000,000 | ---D | M] -- C:\Users\Docking Otter\AppData\Roaming\Research In Motion
[2012/01/12 08:37:18 | 000,000,000 | ---D | M] -- C:\Users\Docking Otter\AppData\Roaming\Spotify
[2011/02/02 14:08:49 | 000,000,000 | ---D | M] -- C:\Users\Docking Otter\AppData\Roaming\TeamViewer
[2011/07/27 12:20:28 | 000,000,000 | ---D | M] -- C:\Users\Docking Otter\AppData\Roaming\Windows Live Writer
[2012/01/12 18:33:56 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/21 14:07:21 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/21 20:55:20 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/01/27 05:25:10 | 000,023,943 | RH-- | M] () -- C:\dell.sdr
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/06/22 09:00:26 | 2387,890,176 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/01/27 03:48:46 | 000,000,000 | ---- | M] () -- C:\mini-agent.log
[2011/01/27 03:48:46 | 000,000,029 | ---- | M] () -- C:\mini-agent.txt
[2012/06/22 09:00:30 | 3183,857,664 | -HS- | M] () -- C:\pagefile.sys
[2011/03/07 13:23:34 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2009/07/14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 22:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 02:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzppw71.dll
[2009/07/14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2010/11/20 13:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/22 12:04:29 | 000,000,221 | -HS- | M] () -- C:\Users\Docking Otter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/06/22 09:31:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Docking Otter\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/22 09:07:07 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/22 08:54:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/12 18:33:56 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/22 09:01:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011/12/21 14:07:21 | 000,032,620 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
[2012/06/21 20:55:20 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/03/06 15:51:34 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/03/06 15:51:33 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/03/06 15:51:33 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/03/06 15:51:33 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/03/06 15:51:33 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/03/06 15:51:34 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/06/22 08:53:12 | 000,000,402 | -HS- | M] () -- C:\Users\Docking Otter\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

< >
< End of report >
 
You didn't say:
Any current issues?
Click to expand...

p4494882.gif


=======================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\tdrpman1040.sys -- (tdrpman1040) Acronis Try&Decide and Restore Points filter (Build 1040)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\snapman668.sys -- (snapman668) Acronis Snapshots Manager (Build 668)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\fltsrv49.sys -- (fltsrv49) Acronis Storage Filter Management (Build 49)
O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O15 - HKU\S-1-5-21-3976477510-2902446173-2973907276-1001\..Trusted Domains: nervouswaters.com ([webmail] http in Trusted sites)
O15 - HKU\S-1-5-21-3976477510-2902446173-2973907276-1001\..Trusted Domains: nervouswaters.com ([webmail] https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

==============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Status
Not open for further replies.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back