I run an Acer Aspire E700 quad core w/ 4Gb ram, Vista Home Premium SP1, with Northon 360 v2 as my primary (only?) protector. I religiously kept up to date with all Windows and Norton updates
On/about May 25/09 I experienced an issue that, after some research, led me to do a System Restore to the previous checkpoint. For the life of me I can't recall that exact issue, but the Restore seemed to work, after which I immediately downloaded and installed all Windows and Norton updates and did a COMPLETE system scan.
System seemed to function fine for several days aftwerward, and being a very heavy user, I believed prob was solved as I was sure I would have encountered problems if not.
Then very late May/Early June a couple days after upgrading to IE8, I had shut down the machine overnight, with a planned reboot in the morning. Ordinarily I'd just put it in sleep mode, but I run a very memory intensive database application which seems to cause issues after a week or so of system uptime. When I rebooted the system and attempted to run IE8, IE8 crashed on startup.
After multiple reboots and re-attempts, I tried a System restore to the point just after all the aforementioned Windows and Norton Updates. System Restore failed with a reported "disk issue" and I immediately began to get suspicious. Upon reboot, I was offered the option to Undo that Restore, which I attempted, and the Undo failed for the same reason.
Tried an earlier Restore Point, same results.
I then elected to uninstall IE8 from the Installed Updates area. Upon reboot, expecting to have reverted to a functioning IE7, I discovered IE7 crashed on Startup in identical fashion. This was puzzling. All other internet connected apps email, poker, games MSN messenger etc still ran ok, as did Norton Live Update.
Decided to enlist some help, got a Firefox browser install file emailed to me. Ran it, Firefox appeared to install successfully, but crashed on first run like IE8.
At that point I had my brother, a network admin get involved (by phone). No amount of disabling/modifying/re-configuring startup files, services etc etc seemed to get us anywhere. Eventually he recommended trying MalwareBytes. He sent via email, application installed ok, crashed on 1st run. Uninstalled, tried in safe mode...no run. Retried in normal mode, could never successfuly get it to update or run.
During this time, began to notice Application Errors piling up in the Event logs, related to very oddly named DLL: "gxvxcgicjxepmahuswxoibwqpioriktsftlvb.dll, version 0.0.0.0" and got more suspicious. REALLY got suspicious when I could NOT find that dll anywhere on the system, nor referenced in the registry despite exhaustive searching.
Next angle....I got him to send me another browser - Opera. Imstalled ok, and actually ran when started, so great now I had net access again and could do some of my own research. 1st tried MS to see if there were known IE8 issues-attempted some of the reccomendations for uninstalling it which seemed to do nothing (as expected given prev uninstall).
Tried googling for the wierd dll - no results.
Reinstalled IE8 - still crashed on start. Followed all recommendations for resetting IE settings, running w/o addons etc, no luck.
Using Opera, went to Norton site to look for info. Discovered some possible issues of conflicts IE8/Norton360 v2, and possible upgrade path. Downloaded N360v3 setup file, but when executed, setup could not connect to complete the installation.
Began to notice that Scans of any type (full, quick, custom) with N360v2 would run for hours with ZERO progress (files scanned always remained at 0)
^%*&^%*&^%!!!
Got Norton tech support involved...they tried a million angles, passed me back and forth for hours. During their attempt to assist, even they failed to get their tools to connect to Symantec sites for updates. 1st tech uninstalled N360v2, could never get it installed again. Supervisor coould not assist, concluded viral cause, but could not pinpoint. then I had to set it aside for a while to feed kids. When I called back they directed me to a paid service, and self help options. Tried self help path to see where I could get to.
Discovered that one of their tools had seemingly had a small impact, as IE8 suddenly started working again. Started googling for online virus scans.
Trend Micro (Housecall??) failed. Couldnt update
Kaspersky failed
PcTools virus scanner installed, updated ok, didnt detect anything
Finally Panda active scan picked something up: w32.tdss.bf.worm in two locations:
globalroot\systemroot\system32\gxvxcgicjxepmahuswxoibwqpioriktsftlvb.dll and
globalroot\systemroot\system32\gxvxcrqietvcnithnyenfftqnantrgqvtsfxu.dll
which led me to this info:
http://www.pandasecu...?idvirus=210378
Googled for info on that, which eventually led me here. Also noticed that point that some webpage links from Google didn't seem to land me where I expected...was puzzled at first but when I looked a little deeper I could tell that they were being "redirected" for lack of better term. Using back button, I could often get to the correct/intended page.
Following info and posts here I began trying to follow the steps in Malware & Spyware Cleaning Guide.
Deleted all temporary files with TFC.
D/L SysRestorePoint.exe, but info on that page suggests tool was dysfuntional, so after reboot following TFC, I manually created a restore point with System Restore. Then I attempted to run SysRestorePoint.exe, which failed with some issue related to Microsoft .Net Framework, error code 0x800423F4. Chose to cancel rather than continue.
Backed up registry with ERUNT, then I exported the ENTIRE registry to another location on my D: drive for good measure {well I suppose that's debateable :-) }
Tried again to run MBAM, 3 or 4 times including the tricks recommended - no luck it still refuses. Here, http://www.bleepingc...opic213273.html there was a reference to unlocking MBAM: http://www.malwareby...showtopic=12709 but following that link gets me a page that IE tells me it can't open, and offers to diagnose connection problem. So I cant get MBAM running.
From info read at various sites (including here) I suspected the nature of the issue was such that a virus may prevent MBAM from running, decided to go to Step 2. Following reccommendations I downloaded and installed Avast. At first opportunity to restart, I elected boot time scan of entire system. Avast picked up 3 instances of BV:Autorun-T in the autorun.inf files on each of C:, D: and K: (my USB key). I had those put in the Chest at that time. Avast did NOT pick up anything else, somewhat disappointingly as I really expecetd to detect someting in System32 folder based on the Panda Scan.
When the Avast boot scan finally finished, WIndows started and after few config steps,the heuristic scanner detected the following:
http://www.pocketfiv...4349293/640x480
Note names similar but not identical to the aforemnentioned weird dll.
Attempts to remove or repair these were thwarted due to file being in use.
Decided to make this post before I reran boot scan with Avast.
Here are the resulting Rooter and OTL logs:
ROOTER:
Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1
C:\ [Fixed] - NTFS - (Total:233609 Mo/Free:3060 Mo)
D:\ [Fixed] - NTFS - (Total:233334 Mo/Free:2367 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)
K:\ [Removable] (Total:1927 Mo/Free:620 Mo)
Sun 06/07/2009| 5:05
----------------------\\ Processes..
--Locked-- [System Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\wininit.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\system32\winlogon.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\Ati2evxx.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\Ati2evxx.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\Explorer.EXE
---------- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
---------- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
---------- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
---------- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
---------- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
---------- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
---------- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
---------- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\SearchIndexer.exe
---------- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
---------- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
---------- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
---------- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
---------- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
---------- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
---------- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
---------- C:\Windows\system32\wbem\wmiprvse.exe
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
---------- C:\Program Files\Windows Media Player\wmpnscfg.exe
---------- C:\Program Files\Windows Media Player\wmpnetwk.exe
---------- C:\Windows\system32\wbem\unsecapp.exe
---------- C:\Windows\system32\wbem\wmiprvse.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\SearchProtocolHost.exe
---------- C:\Windows\system32\SearchFilterHost.exe
---------- C:\Windows\system32\SearchProtocolHost.exe
---------- C:\Windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe
--Locked-- LVPrcSrv.exe
----------------------\\ Search..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.108,85.255.112.211
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.108,85.255.112.211
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.108,85.255.112.211
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{1D0D20EF-F343-4599-90AE-C33E1ABA64E9}]
NameServer REG_SZ 85.255.112.108,192.168.1.211
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\..\{1D0D20EF-F343-4599-90AE-C33E1ABA64E9}]
NameServer REG_SZ 85.255.112.108,192.168.1.211
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{1D0D20EF-F343-4599-90AE-C33E1ABA64E9}]
NameServer REG_SZ 85.255.112.108,192.168.1.211
==> WAREOUT <==
----------------------\\ ROOTKIT !!
1 - "C:\Rooter$\Rooter_1.txt" - Sun 06/07/2009| 5:06
----------------------\\ Scan completed at 5:06
OTL:
OTL logfile created on: 6/7/2009 5:24:46 AM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Randy\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 74.99 Gb Free Space | 32.87% Space Free | Partition Type: NTFS
Drive D: | 227.87 Gb Total Space | 182.31 Gb Free Space | 80.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 1.88 Gb Total Space | 0.61 Gb Free Space | 32.18% Space Free | Partition Type: FAT
Computer Name: TAZMANIAC
Current User Name: Randy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\Windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Users\Randy\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (AcerMemUsageCheckService [Auto | Running]) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
SRV - (AlertService [Auto | Running]) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Ati External Event Utility [Auto | Running]) -- C:\Windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DQLWinService [Auto | Running]) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (eRecoveryService [Auto | Running]) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager [Disabled | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [Disabled | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IntelDHSvcConf [On_Demand | Stopped]) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe (Intel® Corporation)
SRV - (ISSM [On_Demand | Stopped]) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel® Corporation)
SRV - (LBTServ [On_Demand | Stopped]) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LVCOMSer [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (M1 Server [On_Demand | Stopped]) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (MCLServiceATL [On_Demand | Stopped]) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (pgsql-8.3 [Auto | Running]) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (Steam Client Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\Windows\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt [Auto | Running]) -- C:\Windows\system32\DRIVERS\aswMonFlt.sys (ALWIL Software)
DRV - (aswRdr [System | Running]) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (atikmdag [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (e1express [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\e1e6032.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HECI [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HECI.sys (Intel Corporation)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (int15 [Auto | Running]) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (IntelDH [On_Demand | Running]) -- C:\Windows\System32\Drivers\IntelDH.sys (Intel Corporation)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (L8042mou [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\L8042mou.Sys (Logitech Inc.)
DRV - (LHidFilt [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV - (LMouFilt [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV - (LMouKE [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\LMouKE.Sys (Logitech Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (lvpopflt [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVRS [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\lvrs.sys (Logitech Inc.)
DRV - (lvselsus [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\lvselsus.sys (Logitech Inc.)
DRV - (LVUSBSta [On_Demand | Running]) -- C:\Windows\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVUVC [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (nmsgopro [Auto | Running]) -- C:\Windows\system32\DRIVERS\nmsgopro.sys (Gteko Ltd.)
DRV - (nmsunidr [Auto | Running]) -- C:\Windows\system32\DRIVERS\nmsunidr.sys (Gteko Ltd.)
DRV - (NTIDrvr [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (pavboot [Boot | Running]) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (R300 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (RT73 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\Dr71WU.sys (Ralink Technology Inc.)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (SQTECH905C [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (sscdbus [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\sscdbus.sys (MCCI)
DRV - (sscdmdfl [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\sscdmdfl.sys (MCCI)
DRV - (sscdmdm [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\sscdmdm.sys (MCCI)
DRV - (sscdserd [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\sscdserd.sys (MCCI)
DRV - (StillCam [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (SymVerifyTrust [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\SymVerifyTrust.sys (Symantec Corporation)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (TSHWMDTCP [On_Demand | Stopped]) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\Windows\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (WmBEnum [On_Demand | Running]) -- C:\Windows\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter [On_Demand | Running]) -- C:\Windows\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmVirHid [On_Demand | Stopped]) -- C:\Windows\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore [On_Demand | Running]) -- C:\Windows\system32\drivers\WmXlCore.sys (Logitech Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/05/26 18:17:04 | 00,000,000 | ---D | M]
[2009/05/31 15:17:48 | 00,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\mozilla\Extensions
[2009/05/31 15:17:48 | 00,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/31 15:17:48 | 00,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\mozilla\Firefox\Profiles\qkdepqo8.default\extensions
O1 HOSTS File: (19 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (jZip Webmail plugin) - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll (Discordia Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! ¤u¨ă¦C) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKCU..\Run: [Acer Tour Reminder] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()
O9 - Extra 'Tools' menuitem : UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Poker Rewards Poker - {6DAF93EB-C7E3-41ab-83D9-CAE1785F41BC} - C:\Microgaming\Poker\pokerrewardsMPP\MPPoker.exe (Microgaming)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.0.cab (Reg Error: Key error.)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.7.109.cab (CDownloadCtrl Object)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valu...018/flashax.cab (FlashXControl Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15035/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.108,85.255.112.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{1D0D20EF-F343-4599-90AE-C33E1ABA64E9}\\NameServer = 85.255.112.108,192.168.1.211
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/07 05:04:06 | 00,000,000 | R--D | M]
========== Files/Folders - Created Within 30 Days ==========
[2009/06/07 05:05:33 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/07 05:03:27 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Users\Randy\Desktop\OTL.exe
[2009/06/07 05:02:48 | 00,267,612 | ---- | C] () -- C:\Users\Randy\Desktop\Rooter.exe
[2009/06/07 03:00:13 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/06/07 03:00:13 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/06/07 03:00:13 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/06/07 03:00:13 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/06/07 03:00:13 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/06/07 03:00:13 | 00,001,853 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/06/07 03:00:02 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/06/07 03:00:02 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009/06/07 03:00:02 | 00,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/06/07 03:00:01 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/06/07 02:50:02 | 00,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/07 02:50:00 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/06/07 02:49:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/06/07 02:49:58 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/06/07 02:49:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/07 02:24:30 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/06/07 02:22:34 | 00,000,737 | ---- | C] () -- C:\Users\Randy\Desktop\NTREGOPT.lnk
[2009/06/07 02:22:34 | 00,000,718 | ---- | C] () -- C:\Users\Randy\Desktop\ERUNT.lnk
[2009/06/07 02:22:34 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/06/07 01:58:57 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Randy\Desktop\erunt_setup.exe
[2009/06/07 01:58:06 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\Randy\Desktop\SysRestorePoint.exe
[2009/06/07 01:54:29 | 00,264,704 | ---- | C] (OldTimer Tools) -- C:\Users\Randy\Desktop\TFC.exe
[2009/06/06 23:19:05 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2009/06/06 23:19:04 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/06/06 23:13:18 | 00,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2009/06/06 23:12:58 | 00,000,000 | ---D | C] -- C:\Windows\Downloaded Program Files
[2009/06/06 22:08:08 | 44,571,776 | ---- | C] () -- C:\Users\Randy\Desktop\20090606-003-v5i32.exe
[2009/06/06 15:57:42 | 00,000,000 | ---D | C] -- C:\Users\Randy\Documents\Norton Premium Services
[2009/06/06 15:57:01 | 00,002,081 | ---- | C] () -- C:\Users\Public\Desktop\VRQTool.lnk
[2009/06/06 15:57:01 | 00,000,000 | ---D | C] -- C:\def
[2009/06/06 15:49:49 | 34,859,58144 | -HS- | C] () -- C:\hiberfil.sys
[2009/06/06 15:23:03 | 00,000,740 | ---- | C] () -- C:\Users\Randy\Desktop\Download Norton 360 Version 3.lnk
[2009/06/06 15:23:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Symantec Temporary Files
[2009/06/06 14:02:06 | 00,000,000 | ---D | C] -- C:\Users\Randy\Desktop\NortonSecurityScan
[2009/06/06 14:00:35 | 01,881,911 | ---- | C] () -- C:\Users\Randy\Desktop\NortonSecurityScan.exe
[2009/06/06 13:14:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2009/06/06 13:14:06 | 00,000,000 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/06/06 13:14:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/06/03 21:57:48 | 00,000,026 | ---- | C] () -- C:\Windows\Zone.Identifier
[2009/06/02 14:29:37 | 00,006,704 | ---- | C] () -- C:\Users\Randy\Documents\WSOP SEAT EBAY LISTING.html
[2009/06/02 14:29:02 | 00,024,970 | ---- | C] () -- C:\Users\Randy\Documents\WSOP SEAT.odt
[2009/06/01 07:19:05 | 00,003,706 | ---- | C] () -- C:\Users\Randy\Documents\test post.html
[2009/06/01 01:40:34 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/06/01 01:40:33 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/06/01 01:40:33 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/06/01 01:40:33 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/06/01 01:40:33 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/06/01 01:40:33 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/06/01 01:40:33 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/06/01 01:40:33 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/06/01 01:40:33 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/06/01 01:40:33 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/06/01 01:40:33 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/06/01 01:40:32 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/06/01 01:40:32 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/06/01 01:40:32 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/06/01 01:40:32 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/06/01 01:40:32 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/06/01 01:40:32 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/06/01 01:40:32 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/06/01 01:40:32 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/06/01 01:40:32 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/06/01 01:40:32 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/06/01 01:40:32 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/06/01 01:40:32 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/06/01 01:40:31 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/06/01 01:40:31 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/06/01 01:40:31 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/06/01 01:40:31 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/06/01 01:40:31 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/06/01 01:40:31 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/06/01 01:40:31 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/06/01 01:40:31 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/06/01 01:40:31 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/06/01 01:40:31 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/06/01 01:40:31 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/06/01 01:40:30 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/06/01 01:40:30 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/06/01 01:40:30 | 00,391,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/06/01 01:40:30 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/06/01 01:40:30 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/06/01 01:40:29 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/06/01 01:40:29 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/06/01 01:40:29 | 00,914,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/06/01 01:40:29 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/06/01 01:40:29 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/06/01 01:40:29 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/06/01 01:40:29 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/06/01 01:40:29 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/06/01 01:40:29 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/06/01 01:40:29 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/06/01 01:40:29 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/06/01 01:40:29 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/06/01 01:40:28 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/06/01 01:40:28 | 01,206,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/06/01 01:40:27 | 11,063,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/06/01 01:40:27 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/06/01 00:30:54 | 00,000,000 | ---D | C] -- C:\Users\Randy\AppData\Roaming\Opera
[2009/06/01 00:30:27 | 00,000,718 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2009/06/01 00:30:26 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2009/05/31 20:58:03 | 00,000,846 | ---- | C] () -- C:\Users\Randy\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/31 20:55:33 | 03,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Randy\Desktop\randombam.exe
[2009/05/31 19:38:01 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/05/31 15:17:49 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/05/31 15:17:47 | 00,000,000 | ---D | C] -- C:\Users\Randy\AppData\Roaming\Mozilla
[2009/05/31 11:05:13 | 00,000,007 | ---- | C] () -- C:\ISACER.id
[2009/05/31 06:24:57 | 00,049,541 | ---- | C] () -- C:\Users\Randy\Documents\WSOP ME Structure.pdf
[2009/05/30 22:49:59 | 00,000,000 | ---D | C] -- C:\RECYCLER
[2009/05/28 23:23:28 | 00,023,966 | ---- | C] () -- C:\Users\Randy\Documents\WSOP ME Structure.ods
[2009/05/27 08:05:43 | 00,280,622 | ---- | C] () -- C:\Users\Randy\Documents\KIDS MP3 Player Manual SYL_SMPK2072_ENFR.pdf
[2009/05/26 18:31:42 | 00,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/26 18:31:42 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2009/05/26 18:31:42 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/26 18:31:42 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2009/05/26 18:31:41 | 00,754,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2009/05/26 18:31:41 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2009/05/26 18:31:41 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2009/05/26 18:31:41 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2009/05/26 18:31:41 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2009/05/26 18:31:41 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009/05/26 18:31:41 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2009/05/26 18:31:41 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2009/05/26 18:31:41 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2009/05/26 18:31:41 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2009/05/26 18:31:40 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2009/05/26 18:31:40 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2009/05/26 18:31:40 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2009/05/26 18:31:40 | 01,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2009/05/26 18:31:40 | 01,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2009/05/26 18:31:40 | 00,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2009/05/26 18:31:40 | 00,439,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2009/05/26 18:31:40 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2009/05/26 18:31:40 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2009/05/26 18:31:40 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2009/05/26 18:31:40 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2009/05/26 18:31:40 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2009/05/26 18:31:40 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2009/05/26 18:31:40 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2009/05/26 18:31:40 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2009/05/26 18:31:40 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2009/05/26 18:31:40 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2009/05/26 18:14:13 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/05/26 18:14:13 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/05/26 18:14:13 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/05/26 18:14:12 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/05/26 18:14:12 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/05/26 18:14:12 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/05/26 18:14:11 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/05/26 18:14:10 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/05/26 18:09:18 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/05/26 18:09:15 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/05/26 18:09:14 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/05/26 18:08:54 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/05/26 18:08:49 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/05/26 18:06:37 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/05/26 18:06:33 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/05/26 18:06:33 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/05/26 18:06:33 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/05/26 18:05:59 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/05/26 18:05:58 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/05/26 18:05:58 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/05/26 18:05:57 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/05/26 18:05:57 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/05/26 18:05:57 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2009/05/26 18:05:51 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/05/26 18:05:49 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/05/26 18:05:49 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2009/05/22 00:42:53 | 00,373,981 | ---- | C] () -- C:\Users\Randy\Documents\travel insurance policy- WSOP.pdf
[2009/05/12 22:33:31 | 00,071,680 | ---- | C] () -- C:\Users\Randy\Documents\Day Camp Letter.doc
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/09/09 14:14:43 | 00,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2008/09/09 14:08:38 | 00,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/09/09 13:28:24 | 00,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLeNL.DLL
[2008/08/31 00:27:21 | 00,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/07/26 08:25:02 | 00,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008/06/03 01:08:58 | 00,023,553 | ---- | C] () -- C:\Windows\System32\ofbdin_.dll
[2008/06/02 23:35:17 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/04/30 01:50:31 | 00,045,056 | ---- | C] () -- C:\Windows\System32\pagesync.dll
[2007/11/19 23:00:50 | 00,000,392 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/11/16 21:39:23 | 00,000,063 | ---- | C] () -- C:\Windows\wininit.ini
[2007/10/19 20:24:10 | 00,000,467 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007/10/04 23:52:25 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2007/10/04 23:52:25 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2007/03/29 21:02:21 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/03/29 20:34:37 | 00,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/03/29 20:34:37 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2007/03/29 18:49:30 | 00,000,685 | ---- | C] () -- C:\Windows\generic.ini
[2007/03/29 18:49:30 | 00,000,107 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/03/29 18:49:28 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 06:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 04:30:49 | 00,024,578 | ---- | C] () -- C:\Windows\System32\wunkged.dll
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/06/23 12:09:34 | 00,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2001/12/26 18:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
========== Files - Modified Within 30 Days ==========
[2009/06/07 05:03:32 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\Randy\Desktop\OTL.exe
[2009/06/07 05:02:50 | 00,267,612 | ---- | M] () -- C:\Users\Randy\Desktop\Rooter.exe
[2009/06/07 04:14:15 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/06/07 04:14:15 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/06/07 04:13:56 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/06/07 04:13:44 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/07 03:01:18 | 00,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2009/06/07 03:01:12 | 34,859,58144 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/07 03:00:13 | 00,001,853 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/06/07 03:00:12 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/06/07 02:50:02 | 00,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/07 02:22:34 | 00,000,737 | ---- | M] () -- C:\Users\Randy\Desktop\NTREGOPT.lnk
[2009/06/07 02:22:34 | 00,000,718 | ---- | M] () -- C:\Users\Randy\Desktop\ERUNT.lnk
[2009/06/07 01:59:00 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Randy\Desktop\erunt_setup.exe
[2009/06/07 01:58:06 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\Randy\Desktop\SysRestorePoint.exe
[2009/06/07 01:54:31 | 00,264,704 | ---- | M] (OldTimer Tools) -- C:\Users\Randy\Desktop\TFC.exe
[2009/06/06 22:08:08 | 44,571,776 | ---- | M] () -- C:\Users\Randy\Desktop\20090606-003-v5i32.exe
[2009/06/06 21:46:39 | 00,000,740 | ---- | M] () -- C:\Users\Randy\Desktop\Download Norton 360 Version 3.lnk
[2009/06/06 15:58:21 | 00,000,019 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/06/06 15:57:42 | 00,002,081 | ---- | M] () -- C:\Users\Public\Desktop\VRQTool.lnk
[2009/06/06 14:00:35 | 01,881,911 | ---- | M] () -- C:\Users\Randy\Desktop\NortonSecurityScan.exe
[2009/06/06 13:14:06 | 00,000,000 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini
[2009/06/04 03:04:07 | 00,000,026 | ---- | M] () -- C:\Windows\Zone.Identifier
[2009/06/02 14:37:05 | 00,006,704 | ---- | M] () -- C:\Users\Randy\Documents\WSOP SEAT EBAY LISTING.html
[2009/06/02 14:29:02 | 00,024,970 | ---- | M] () -- C:\Users\Randy\Documents\WSOP SEAT.odt
[2009/06/01 07:44:12 | 00,003,706 | ---- | M] () -- C:\Users\Randy\Documents\test post.html
[2009/06/01 00:30:27 | 00,000,718 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2009/05/31 20:58:03 | 00,000,846 | ---- | M] () -- C:\Users\Randy\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/31 20:55:33 | 03,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Randy\Desktop\randombam.exe
[2009/05/31 15:17:49 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/05/31 11:05:13 | 00,000,007 | ---- | M] () -- C:\ISACER.id
[2009/05/31 06:35:14 | 00,049,541 | ---- | M] () -- C:\Users\Randy\Documents\WSOP ME Structure.pdf
[2009/05/31 06:33:46 | 00,023,966 | ---- | M] () -- C:\Users\Randy\Documents\WSOP ME Structure.ods
[2009/05/27 08:05:43 | 00,280,622 | ---- | M] () -- C:\Users\Randy\Documents\KIDS MP3 Player Manual SYL_SMPK2072_ENFR.pdf
[2009/05/27 05:30:44 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/27 05:30:44 | 00,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/27 05:30:44 | 00,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/22 00:43:09 | 00,373,981 | ---- | M] () -- C:\Users\Randy\Documents\travel insurance policy- WSOP.pdf
[2009/05/13 12:46:06 | 00,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/05/12 22:33:34 | 00,071,680 | ---- | M] () -- C:\Users\Randy\Documents\Day Camp Letter.doc
========== Alternate Data Streams ==========
@Alternate Data Stream - 318 bytes -> C:\ProgramData\TEMP:8CEFE51A
@Alternate Data Stream - 24 bytes -> C:\Windows:80196BD8DBB98E4B
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:B0A96209
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:089A7B08
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:1CFFB598
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C05A8628
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8E3D07DE
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:7E95B6FD
< End of report >
OTL EXTRAS:
OTL Extras logfile created on: 6/7/2009 5:24:46 AM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Randy\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 74.99 Gb Free Space | 32.87% Space Free | Partition Type: NTFS
Drive D: | 227.87 Gb Total Space | 182.31 Gb Free Space | 80.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 1.88 Gb Total Space | 0.61 Gb Free Space | 32.18% Space Free | Partition Type: FAT
Computer Name: TAZMANIAC
Current User Name: Randy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
Reg Error: Unknown registry data type File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"DisableNotifications" = 0
"EnableFirewall" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"DisableNotifications" = 0
"EnableFirewall" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu File not found
C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption File not found
C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
{10786088-0558-4576-B44F-6BF3AB451A1E} = LPORT=9442 | PROTOCOL=17 | DIR=IN | NAME=INTEL® VIIV MEDIA SERVER DISCOVERY |
{3698112C-362F-4AEE-BA59-E96E4BF12736} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=SVCHOST.EXE | SVC=SSDPSRV |
{8E7F2898-E0A5-4BDC-A4C6-F4AE1BF0B1F3} = LPORT=2869 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{A27A04BD-2071-4226-8531-0D2295C93119} = LPORT=1900 | PROTOCOL=17 | DIR=IN | NAME=INTEL® VIIV MEDIA SERVER UPNP DISCOVERY |
========== Vista Active Application Exception List ==========
{04FD94B2-B337-49FF-B025-40C22E3850B4} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\INTEL\INTELDH\INTEL MEDIA SERVER\MEDIA SERVER\BIN\MEDIASERVER.EXE |
{11499062-6BB3-4FA4-921A-F695AC201294} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\INTEL\INTELDH\INTEL MEDIA SERVER\MEDIA SERVER\BIN\MEDIASERVER.EXE |
{2AA03DFD-7528-4567-AD83-79EC8D352513} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\STEAM\STEAMAPPS\COMMON\PEGGLE DELUXE\PEGGLE.EXE |
{341655EE-C8E9-46A4-A79C-4669FBD662ED} = DIR=IN | APP=C:\PROGRAM FILES\ACER ZONE\ACER ZONE MAIN PAGE\MCE DELUXE SUITE.EXE |
{39BE3E02-BE53-42C5-B282-5C5D1CBA271D} = DIR=IN | APP=C:\PROGRAM FILES\ACER ZONE\ACER PLUG AND RECORD\COMPONENT\DVAX2PROCESS.EXE |
{3ADB8AB5-5E7A-4D5B-992E-4DA60454296B} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\INTEL\INTELDH\INTEL MEDIA SERVER\SHELLS\REMOTE UI SERVICE.EXE |
{3C85C8AD-A1B1-46D7-A26C-8F29282EEA4C} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\STEAM\STEAMAPPS\COMMON\PEGGLE NIGHTS\PEGGLENIGHTS.EXE |
{4E591012-80DC-4D96-AA6D-70BC9CAF0A45} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\INTEL\INTELDH\INTEL MEDIA SERVER\SHELLS\REMOTE UI SERVICE.EXE |
{4F15B457-622B-46CE-8BF8-BA8C7589A775} = DIR=IN | APP=C:\PROGRAM FILES\ACER ZONE\ACER PICTURE SLIDE DVD\COMPONENT\CLSLDVD.EXE |
{56029A8B-186F-4ADB-95DB-E7402DEE1F70} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\STEAM\STEAMAPPS\COMMON\PEGGLE DELUXE\PEGGLE.EXE |
{5E9A6AF0-930D-4B39-B828-C7F6FE629A7E} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\LOGITECHDESKTOPMESSENGER.EXE |
{613CC9A0-5D66-449B-B002-D1F2BBD86002} = DIR=IN | APP=C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE |
{77495009-D0E7-4C71-844C-35BAA92510CA} = DIR=IN | APP=C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\WLCSDK.EXE |
{786179FC-FC28-424E-B80C-DA61C97E6FA2} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\INTEL\INTELDH\INTEL MEDIA SERVER\MEDIA SERVER\BIN\TSHWMDTCP.EXE |
{7D3AD342-C782-416E-9ECA-2BD66F7D22CA} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\LOGITECHDESKTOPMESSENGER.EXE |
{922AC9B6-AF2A-4736-A76E-7C73E3BB4427} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE |
{93494BBF-268D-4B14-8985-D1DAE0AE2C44} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\LOGITECHDESKTOPMESSENGER.EXE |
{CEB38BD8-E0E8-4A89-BC32-952EB865B045} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\YAHOO!\MESSENGER\YSERVER.EXE |
{CFA47F35-9319-4B1D-993D-8FF736F69089} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE |
{D4C3EC93-8880-4581-86D7-2BBA66354979} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\STEAM\STEAMAPPS\COMMON\PEGGLE NIGHTS\PEGGLENIGHTS.EXE |
{D91E3A20-3C08-4D63-BFDE-BE763B8BD70A} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\LOGITECHDESKTOPMESSENGER.EXE |
{DF45376F-AE9E-41CF-9A52-C96460841211} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\YAHOO!\MESSENGER\YSERVER.EXE |
{E2493805-D524-444E-9086-8F42EE88402C} = DIR=IN | APP=C:\PROGRAM FILES\ACER ZONE\ACER PLUG AND RECORD\COMPONENT\ARAWP.EXE |
{E84884A8-6247-49B4-8DE2-6416180298F9} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\SMARTFTP CLIENT\SMARTFTP.EXE |
{F59C5990-1FB8-4967-86D3-332374A7195D} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\INTEL\INTELDH\INTEL MEDIA SERVER\MEDIA SERVER\BIN\TSHWMDTCP.EXE |
{FADFA5ED-F6FB-4CE0-BC02-D9550B537882} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\SMARTFTP CLIENT\SMARTFTP.EXE |
TCP Query User{427E537B-E42E-4BD3-9C7C-AC4B1B909E35}C:\program files\internet explorer\iexplore.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE |
TCP Query User{AA64F96C-AE81-4F26-B71D-49C2614E4E92}C:\sierra\half-life\hl.exe = PROTOCOL=6 | DIR=IN | APP=C:\SIERRA\HALF-LIFE\HL.EXE |
TCP Query User{E504B1E7-F12B-4882-91F9-B54A044D1FCF}C:\program files\common files\newtech infosystems\liveupdate\liveupdate.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\COMMON FILES\NEWTECH INFOSYSTEMS\LIVEUPDATE\LIVEUPDATE.EXE |
UDP Query User{359599AE-63C3-408B-A5CE-1D0A22851437}C:\program files\common files\newtech infosystems\liveupdate\liveupdate.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\COMMON FILES\NEWTECH INFOSYSTEMS\LIVEUPDATE\LIVEUPDATE.EXE |
UDP Query User{4FE92686-505F-4604-A18A-1EA0F6901072}C:\sierra\half-life\hl.exe = PROTOCOL=17 | DIR=IN | APP=C:\SIERRA\HALF-LIFE\HL.EXE |
UDP Query User{CF17F5E3-4AFE-402C-A61A-289A017B7A03}C:\program files\internet explorer\iexplore.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}" = QuickTax 2007
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 13
"{26C610BF-761B-4209-BD6A-A0F1B73D6DDE}" = Intel® Viiv Software
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer Picture Slide DVD
"{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software
"{5C9DDCE0-66CF-11D4-9100-0090274FBE9A}" = Intel® System Information Viewer
"{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}" = ArcSoft PhotoImpression 4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero Internet
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92BF5DF3-ED6A-4C16-AE2C-97FB0B02A4BB}" = Mini-golf
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A46AA50A-5A57-3A6B-B09E-628C09CB7679}" = ATI Catalyst Install Manager
"{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DC415D0C-CF77-436A-B27B-CE8A049C1F9D}" = VRQTool
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Zone Main Page
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer Plug and Record
"{F9745BC1-93BD-49B9-A6C8-C005E7E92F3C}" = NTI CD & DVD-Maker
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"City 14" = City 14
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Download Manager" = Download Manager 2.3.7
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"FloorPlan v5 LT" = FloorPlan v5 LT
"Google Desktop" = Google Desktop
"Green Eggs and Ham" = Green Eggs and Ham
"Half-Life 2 Awakening 1.1" = Half-Life 2 Awakening 1.1
"HECI" = Intel® Management Engine Interface
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"InstallShield_{F9745BC1-93BD-49B9-A6C8-C005E7E92F3C}" = NTI CD & DVD-Maker
"Intel® Configuration Center" = Intel® Viiv Software
"jZip" = jZip
"Ladbrokes Poker" = Ladbrokes Poker
"legacyqcam_11.10" = Logitech Legacy USB Camera Driver Package
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mansion Poker" = MansionPoker
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Million Dollar Poker Club" = Million Dollar Poker Club
"mIRC" = mIRC
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Pacific Poker" = Pacific Poker
"PartyPoker" = PartyPoker
"Password Agent 2" = Password Agent 2.5.1
"PayNoRake" = PayNoRake
"Poker Rewards" = Poker Rewards
"Poker Rewards Calculator_is1" = Poker Rewards Calculator 1.0
"PokerRoom.com" = PokerRoom.com (remove only)
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"Reiner Knizia's Samurai_is1" = Reiner Knizia's Samurai 1.5.1
"SereneScreen Marine Aquarium 2.6_is1" = SereneScreen Marine Aquarium 2.6
"SmartFTP Client 2.5 Setup Files" = SmartFTP Client 2.5 Setup Files (remove only)
"SQLite ODBC Driver" = SQLite ODBC Driver (remove only)
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 3480" = Peggle Deluxe
"Steam App 3540" = Peggle Nights
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"SymSetupTemp.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"TowerGaming" = Tower Gaming Poker Room (remove only)
"UltimateBet" = UltimateBet
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! ¤u¨ă¦C
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Smilebox" = Hallmark Smilebox
"Universal Replayer" = Universal Replayer
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 6/7/2009 4:27:29 AM | Computer Name = Tazmaniac | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000021.
Error - 6/7/2009 4:27:29 AM | Computer Name = Tazmaniac | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000021.
[ Application Events ]
Error - 6/7/2009 2:19:46 AM | Computer Name = Tazmaniac | Source = System Restore | ID = 8193
Description =
Error - 6/7/2009 2:39:09 AM | Computer Name = Tazmaniac | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.37.0.0, time stamp 0x4a1c3007,
faulting module mbam.exe, version 1.37.0.0, time stamp 0x4a1c3007, exception code
0x80000003, fault offset 0x00002dc0, process id 0x1070, application start time 0x01c9e73aa92d3d5d.
Error - 6/7/2009 2:43:06 AM | Computer Name = Tazmaniac | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.37.0.0, time stamp 0x4a1c3007,
faulting module mbam.exe, version 1.37.0.0, time stamp 0x4a1c3007, exception code
0x80000003, fault offset 0x00002dc0, process id 0xc4c, application start time 0x01c9e73b36f1a0ed.
Error - 6/7/2009 2:43:14 AM | Computer Name = Tazmaniac | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.37.0.0, time stamp 0x4a1c3007,
faulting module mbam.exe, version 1.37.0.0, time stamp 0x4a1c3007, exception code
0x80000003, fault offset 0x00002dc0, process id 0x1378, application start time 0x01c9e73b3bbb850d.
Error - 6/7/2009 2:44:31 AM | Computer Name = Tazmaniac | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 6/7/2009 2:50:03 AM | Computer Name = Tazmaniac | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.37.0.0, time stamp 0x4a1c3007,
faulting module mbam.exe, version 1.37.0.0, time stamp 0x4a1c3007, exception code
0x80000003, fault offset 0x00002dc0, process id 0x104, application start time 0x01c9e73c2f1231f5.
Error - 6/7/2009 2:50:49 AM | Computer Name = Tazmaniac | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.37.0.0, time stamp 0x4a1c3007,
faulting module mbam.exe, version 1.37.0.0, time stamp 0x4a1c3007, exception code
0x80000003, fault offset 0x00002dc0, process id 0x300, application start time 0x01c9e73c4adf8135.
Error - 6/7/2009 2:50:58 AM | Computer Name = Tazmaniac | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.37.0.0, time stamp 0x4a1c3007,
faulting module mbam.exe, version 1.37.0.0, time stamp 0x4a1c3007, exception code
0x80000003, fault offset 0x00002dc0, process id 0xc68, application start time 0x01c9e73c504e57e5.
Error - 6/7/2009 2:51:14 AM | Computer Name = Tazmaniac | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.37.0.0, time stamp 0x4a1c3007,
faulting module mbam.exe, version 1.37.0.0, time stamp 0x4a1c3007, exception code
0x80000003, fault offset 0x00002dc0, process id 0x9f0, application start time 0x01c9e73c59ab6085.
Error - 6/7/2009 4:14:41 AM | Computer Name = Tazmaniac | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ Media Center Events ]
Error - 1/20/2008 5:44:39 AM | Computer Name = Tazmaniac | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 4/16/2008 11:28:27 PM | Computer Name = Tazmaniac | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 10/28/2008 3:54:55 AM | Computer Name = Tazmaniac | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 6/7/2009 2:44:12 AM | Computer Name = Tazmaniac | Source = HTTP | ID = 15016
Description =
Error - 6/7/2009 2:44:31 AM | Computer Name = Tazmaniac | Source = Service Control Manager | ID = 7023
Description =
Error - 6/7/2009 2:44:31 AM | Computer Name = Tazmaniac | Source = Service Control Manager | ID = 7001
Description =
Error - 6/7/2009 2:44:31 AM | Computer Name = Tazmaniac | Source = Service Control Manager | ID = 7026
Description =
Error - 6/7/2009 3:00:13 AM | Computer Name = Tazmaniac | Source = Service Control Manager | ID = 7030
Description =
Error - 6/7/2009 3:00:13 AM | Computer Name = Tazmaniac | Source = Service Control Manager | ID = 7030
Description =
Error - 6/7/2009 3:00:13 AM | Computer Name = Tazmaniac | Source = Service Control Manager | ID = 7030
Description =
Error - 6/7/2009 3:00:13 AM | Computer Name = Tazmaniac | Source = Service Control Manager | ID = 7030
Description =
Error - 6/7/2009 4:13:56 AM | Computer Name = Tazmaniac | Source = HTTP | ID = 15016
Description =
Error - 6/7/2009 4:14:34 AM | Computer Name = Tazmaniac | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Ok thats all for now - hope there enough info to help. What's next experts?
Thx
WarGawd