PDA

View Full Version : Infected Desktop - Need Help


Nathan_V
2010-10-09, 00:11
Dear Forum Helpers,

Thank you very much for the great service being provided to infected PC owners.

After reading your "Before you post" mote, I followed those steps and now attaching my log from DDS. Please help me as my PC gets power off while working or does not get easily started up:

DS (Ver_10-10-05.01) - NTFS_AMD64
Run by sridhar at 4:52:51.47 on Sat 10/09/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.1621 [GMT 8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\nvraidservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\D-Link\D-Link D-ViewCam\Bin\WDSvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Dealio Toolbar\SearchSettings.exe
C:\Program Files (x86)\Wellnomics WorkPace\workpace.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Wellnomics WorkPace\wpmessenger.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\Windows\syswow64\MsiExec.exe
C:\Program Files (x86)\Registry Mechanic\RegMech.exe
C:\Program Files (x86)\CCleaner\CCleaner.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
C:\Windows\System32\wiaacmgr.exe
C:\Windows\System32\wiaacmgr.exe
C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\sridhar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z03UYTQT\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.vikatan.com/vc/2010/jan/vc.asp
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=0309&m=aspire_m5711
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=0309&m=aspire_m5711
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - C:\Program Files (x86)\Dealio Toolbar\SearchSettings.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - C:\Program Files (x86)\Dealio Toolbar\DealioToolbarIE.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5104.1546\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - C:\Program Files (x86)\Dealio Toolbar\SearchSettings.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - C:\Program Files (x86)\Dealio Toolbar\DealioToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
mRun: [Acer Product Registration] "C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe" /startup
mRun: [WatchingService] "c:\program files (x86)\d-link\d-link d-viewcam\bin\wdsvc.exe" sys_auto_run C:\Program Files (x86)\D-Link\D-Link D-ViewCam\Bin
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
mRun: [SearchSettings] C:\Program Files (x86)\Dealio Toolbar\SearchSettings.exe
mRun: [Wellnomics WorkPace 3.7.1] "C:\Program Files (x86)\Wellnomics WorkPace\workpace.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
mRunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} - hxxp://192.168.1.100/dcsclictrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {BF0D51A8-3A73-4CEC-8B1C-58CDAB8244D5} - hxxps://www.dbsvonline.com/English/ActivexChart.CAB
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
BHO-X64: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5104.1546\swg64.dll
TB-X64: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [NVRaidService] C:\Windows\system32\nvraidservice.exe
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
mRun-x64: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
mRun-x64: [eDataSecurity Loader] "C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe"
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

============= SERVICES / DRIVERS ===============

R0 nvamacpi;Nvidia Away Mode System;C:\Windows\System32\drivers\nvamacpi.sys [2009-1-16 28192]
R1 aswSP;avast! Self Protection;C:\Windows\System32\drivers\aswSP.sys [2009-7-21 89680]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2009-1-16 270422]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2009-7-21 22096]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-7-21 65616]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-7-21 138680]
R2 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-8 89920]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2009-1-16 24576]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-9-24 144632]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-8 583640]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-7-21 254040]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-7-21 352920]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\System32\drivers\RTL85n64.sys [2009-1-16 444960]
S2 gupdate1ca1e8934dd00b8;Google Update Service (gupdate1ca1e8934dd00b8);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-8-16 133104]
S3 IPUSBCam95;iP295x Plug;C:\Windows\System32\drivers\iP295x.SYS [2009-9-21 77184]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2008-11-12 11776]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-9-24 50424]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\Windows\System32\drivers\ZTEusbnet.sys [2009-6-27 167424]
S3 ZTEusbvoice;ZTE VoUSB Port;C:\Windows\System32\drivers\zteusbvoice.sys [2009-6-27 150656]

============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-10-08 20:33:47 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-10-08 20:33:32 -------- d-----w- C:\Users\sridhar\AppData\Roaming\Malwarebytes
2010-10-08 20:33:27 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-08 20:33:25 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-08 20:33:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-10-08 20:33:25 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-10-08 19:35:21 3436544 ----a-w- C:\Users\sridhar\s-1-5-21-3274665171-1576318150-1641213090-1000.rrr
2010-10-08 14:22:18 -------- d-----w- C:\Program Files (x86)\CCleaner
2010-10-08 14:20:50 -------- d-----w- C:\Users\sridhar\AppData\Roaming\Registry Mechanic
2010-10-08 14:13:58 40408 ----a-w- C:\Windows\System32\CleanMFT64.exe
2010-10-08 14:13:58 212992 ----a-w- C:\Windows\SysWow64\UniBoxVB12.ocx
2010-10-08 14:13:58 1101824 ----a-w- C:\Windows\SysWow64\UniBox210.ocx
2010-10-08 14:13:57 880640 ----a-w- C:\Windows\SysWow64\UniBox10.ocx
2010-10-08 14:13:57 506368 ----a-w- C:\Windows\SysWow64\msxml.dll
2010-10-08 14:13:51 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2010-10-03 07:40:27 -------- d-----w- C:\Users\sridhar\AppData\Local\Microsoft Help
2010-10-03 02:34:06 -------- d-----w- C:\PROGRA~3\SSScanAppDataDir
2010-10-01 15:02:29 -------- d-----w- C:\Users\sridhar\AppData\Roaming\Uniblue
2010-10-01 15:02:23 -------- d-----w- C:\Program Files (x86)\Uniblue
2010-10-01 14:25:02 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
2010-10-01 14:24:54 -------- d-----w- C:\Program Files\Microsoft Security Essentials
2010-10-01 14:09:13 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-01 14:09:13 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-26 01:07:04 -------- d-----w- C:\Windows\SysWow64\spool
2010-09-25 14:41:17 2048 ----a-w- C:\Windows\SysWow64\winrsmgr.dll
2010-09-25 14:41:17 2048 ----a-w- C:\Windows\System32\winrsmgr.dll
2010-09-25 14:41:15 13312 ----a-w- C:\Windows\System32\wsmplpxy.dll
2010-09-25 14:41:15 13312 ----a-w- C:\Windows\System32\winrssrv.dll
2010-09-25 14:41:06 10240 ----a-w- C:\Windows\SysWow64\wsmplpxy.dll
2010-09-25 14:41:06 10240 ----a-w- C:\Windows\SysWow64\winrssrv.dll
2010-09-25 14:39:38 201184 ----a-w- C:\Windows\SysWow64\winrm.vbs
2010-09-22 11:32:04 -------- d-----w- C:\Program Files\iPod
2010-09-22 11:32:03 -------- d-----w- C:\Program Files\iTunes
2010-09-22 11:32:03 -------- d-----w- C:\Program Files (x86)\iTunes
2010-09-15 10:19:41 317952 ----a-w- C:\Windows\SysWow64\MP4SDECD.DLL
2010-09-15 10:19:41 295424 ----a-w- C:\Windows\System32\MP4SDECD.DLL
2010-09-15 10:19:40 273920 ----a-w- C:\Windows\System32\spoolsv.exe
2010-09-15 10:19:39 975360 ----a-w- C:\Windows\System32\inetcomm.dll
2010-09-15 10:19:38 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2010-09-15 10:19:37 621568 ----a-w- C:\Windows\System32\usp10.dll
2010-09-15 10:19:37 502272 ----a-w- C:\Windows\SysWow64\usp10.dll

==================== Find3M ====================

2010-09-22 14:40:48 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-08 03:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 03:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

============= FINISH: 4:54:17.09 ===============
Blade81
2010-10-13, 18:01
Hi,


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
Blade81
2010-10-19, 15:57
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.