Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

UACd and vsfoc viruses

Started by bomarcpres , Sep 06 2009 01:26 AM

  • Please log in to reply

#1
bomarcpres
Posted 06 September 2009 - 01:26 AM

bomarcpres

    New Member

  • Member
  • Pip
  • 2 posts
Okay, I've been fighting with this for hours and it's time to ask for help as I have no means to combat it alone apparently. It has reached the point where I cannot run in any mode on my laptop other than safe mode, and even in safe mode attempts to run antivirus software simply will not start and attempts to remove any infections thru the browser based softwares log my computer off and force a reboot before the removals can take place. Here's the rootrepeal log, I'll post the OTL log in just a sec.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/06 03:22
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8B54F000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8B544000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x94E72000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Hidden Services
-------------------
Service Name: UACd.sys
Image Path: C:\Windows\system32\drivers\UACopwivbcyjt.sys

Service Name: vsfoceipbxwxxp
Image Path: C:\Windows\system32\drivers\vsfoceucdlasmh.sys

==EOF==
  • 0

Advertisements

#2
bomarcpres
Posted 06 September 2009 - 01:32 AM

bomarcpres

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
okay here are the otl reports ( i can't get a mbam report as mbam will not even load up for me):

OTL logfile created on: 9/6/2009 3:28:34 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\bomarcpres\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 74.77% Memory free
3.73 Gb Paging File | 3.38 Gb Available in Paging File | 90.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51.01 Gb Total Space | 18.51 Gb Free Space | 36.29% Space Free | Partition Type: NTFS
Drive D: | 51.01 Gb Total Space | 13.27 Gb Free Space | 26.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOMARCPRES-PC
Current User Name: bomarcpres
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2007/07/18 18:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2008/10/29 02:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/01/09 17:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/08/04 01:33:14 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/11/01 20:12:38 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2009/09/05 23:26:18 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\bomarcpres\Desktop\OTL.exe
PRC - [2009/09/05 23:26:18 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\bomarcpres\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (0007851252208176mcinstcleanup [Auto | Stopped])
SRV - [2008/09/29 19:49:08 | 00,704,512 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Stopped])
SRV - [2009/03/26 10:07:06 | 02,390,464 | ---- | M] (Discordia Limited) -- C:\Program Files\Bandoo\Bandoo.exe -- (Bandoo Coordinator [Auto | Stopped])
SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/03 04:55:52 | 00,506,416 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service [Auto | Stopped])
SRV - [2008/01/20 22:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2007/10/01 19:42:36 | 00,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService [Auto | Stopped])
SRV - [2007/12/20 14:32:04 | 00,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service [Auto | Stopped])
SRV - [2007/09/10 18:28:18 | 00,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService [Auto | Stopped])
SRV - [2007/12/19 21:09:22 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService [Auto | Stopped])
SRV - [2008/01/20 22:23:49 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/06/19 21:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/05/18 23:20:21 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9d830c8f06f80 [Auto | Stopped])
SRV - [2009/04/30 20:39:52 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/06/10 19:26:28 | 00,222,456 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service [Auto | Stopped])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 21:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/11/02 05:46:05 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\irmon.dll -- (Irmon [Auto | Stopped])
SRV - [2007/01/17 14:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Stopped])
SRV - [2009/03/11 20:11:14 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Stopped])
SRV - [2008/01/09 17:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 02:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Stopped])
SRV - [2007/08/15 15:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Stopped])
SRV - File not found -- -- (McShield [Unknown | Stopped])
SRV - File not found -- -- (McSysmon [On_Demand | Stopped])
SRV - [2007/11/27 21:54:36 | 00,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService [Auto | Stopped])
SRV - [2007/07/18 18:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2007/11/26 11:46:14 | 00,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service [Auto | Stopped])
SRV - [2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Stopped])
SRV - [2007/08/29 15:14:12 | 00,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService [Auto | Stopped])
SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Stopped])
SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2008/01/20 22:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2007/09/20 16:57:28 | 00,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService [Auto | Stopped])
SRV - [2008/01/20 22:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/11/28 20:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://as-robb.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: - Reg Error: Key error. File not found
IE - URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://as-robb.net/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.00
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/16 23:07:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/30 01:40:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 20:36:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/09/05 08:33:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG8\Toolbar\Firefox\[email protected]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/28 19:41:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/03 12:16:41 | 00,000,000 | ---D | M]

[2009/03/09 06:16:05 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\mozilla\Extensions
[2009/03/09 06:16:05 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/06 01:19:48 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\mozilla\Firefox\Profiles\978xl4le.default\extensions
[2009/06/24 20:45:37 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\mozilla\Firefox\Profiles\978xl4le.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/09 16:21:28 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\mozilla\Firefox\Profiles\978xl4le.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/26 13:53:55 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\mozilla\Firefox\Profiles\978xl4le.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009/09/05 23:59:44 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\mozilla\Firefox\Profiles\978xl4le.default\extensions\[email protected]
[2009/03/16 17:52:49 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\mozilla\Firefox\Profiles\978xl4le.default\extensions\[email protected]
[2009/08/12 01:29:59 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\mozilla\Firefox\Profiles\978xl4le.default\extensions\[email protected]
[2008/08/16 23:29:57 | 00,001,010 | ---- | M] () -- C:\Users\bomarcpres\AppData\Roaming\Mozilla\FireFox\Profiles\978xl4le.default\searchplugins\aimsearch.gif
[2008/08/16 23:29:57 | 00,000,301 | ---- | M] () -- C:\Users\bomarcpres\AppData\Roaming\Mozilla\FireFox\Profiles\978xl4le.default\searchplugins\aimsearch.src
[2008/08/16 23:29:48 | 00,001,901 | ---- | M] () -- C:\Users\bomarcpres\AppData\Roaming\Mozilla\FireFox\Profiles\978xl4le.default\searchplugins\aimsearch.xml
[2009/09/04 02:26:09 | 00,000,961 | ---- | M] () -- C:\Users\bomarcpres\AppData\Roaming\Mozilla\FireFox\Profiles\978xl4le.default\searchplugins\icqplugin-1.xml
[2009/03/30 20:22:55 | 00,000,950 | ---- | M] () -- C:\Users\bomarcpres\AppData\Roaming\Mozilla\FireFox\Profiles\978xl4le.default\searchplugins\icqplugin-2.xml
[2009/07/04 17:07:53 | 00,000,950 | ---- | M] () -- C:\Users\bomarcpres\AppData\Roaming\Mozilla\FireFox\Profiles\978xl4le.default\searchplugins\icqplugin-3.xml
[2009/08/25 17:07:14 | 00,000,950 | ---- | M] () -- C:\Users\bomarcpres\AppData\Roaming\Mozilla\FireFox\Profiles\978xl4le.default\searchplugins\icqplugin-4.xml
[2009/03/07 07:27:37 | 00,000,950 | ---- | M] () -- C:\Users\bomarcpres\AppData\Roaming\Mozilla\FireFox\Profiles\978xl4le.default\searchplugins\icqplugin.xml
[2008/12/12 14:23:54 | 00,002,158 | ---- | M] () -- C:\Users\bomarcpres\AppData\Roaming\Mozilla\FireFox\Profiles\978xl4le.default\searchplugins\MySpace.xml
[2008/08/17 22:52:30 | 00,001,406 | ---- | M] () -- C:\Users\bomarcpres\AppData\Roaming\Mozilla\FireFox\Profiles\978xl4le.default\searchplugins\siteadvisor.gif
[2008/08/17 22:52:30 | 00,000,276 | ---- | M] () -- C:\Users\bomarcpres\AppData\Roaming\Mozilla\FireFox\Profiles\978xl4le.default\searchplugins\siteadvisor.src
[2008/08/17 22:52:23 | 00,002,386 | ---- | M] () -- C:\Users\bomarcpres\AppData\Roaming\Mozilla\FireFox\Profiles\978xl4le.default\searchplugins\siteadvisor.xml
[2009/09/06 01:19:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/28 19:41:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/10/05 22:15:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009/08/25 17:10:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/16 23:14:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/13 01:22:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/25 02:44:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/24 09:26:10 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/24 09:26:11 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 17:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 14:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 18:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/06/24 09:26:12 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/08/16 23:07:32 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/09/03 03:23:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/03 03:23:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/03 03:23:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/03 03:23:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/03 03:23:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/03 03:23:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/03 03:23:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/08/16 23:07:44 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/08/16 23:07:21 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/06/30 11:26:46 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2009/05/01 17:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/06/24 07:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 07:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/24 00:12:00 | 00,001,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/06/24 07:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 07:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 07:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 07:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (806 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 168.95.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - x-sdch - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{50f9c17a-25dc-11dd-bc74-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{50f9c17a-25dc-11dd-bc74-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Madden06.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/09/06 03:18:52 | 15,056,8147 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/09/06 00:25:15 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/09/06 00:24:57 | 02,664,072 | ---- | C] () -- C:\Users\bomarcpres\Desktop\esetsmartinstaller_enu.exe
[2009/09/06 00:06:23 | 00,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2009/09/05 23:56:14 | 33,961,728 | ---- | C] () -- C:\Users\bomarcpres\Desktop\avira_antivir_personal_en.exe
[2009/09/05 23:53:06 | 00,000,000 | ---- | C] () -- C:\Users\bomarcpres\Desktop\settings.dat
[2009/09/05 23:52:43 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/09/05 23:52:17 | 00,000,737 | ---- | C] () -- C:\Users\bomarcpres\Desktop\NTREGOPT.lnk
[2009/09/05 23:52:17 | 00,000,718 | ---- | C] () -- C:\Users\bomarcpres\Desktop\ERUNT.lnk
[2009/09/05 23:52:16 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/05 23:36:16 | 00,001,667 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2009/09/05 23:26:17 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\bomarcpres\Desktop\OTL.exe
[2009/09/05 23:25:54 | 00,472,064 | ---- | C] ( ) -- C:\Users\bomarcpres\Desktop\RootRepeal.exe
[2009/09/05 23:23:26 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\bomarcpres\Desktop\erunt_setup.exe
[2009/09/05 23:23:09 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\bomarcpres\Desktop\SysRestorePoint.exe
[2009/09/05 23:21:54 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Users\bomarcpres\Desktop\TFC.exe
[2009/09/05 22:53:34 | 04,094,713 | ---- | C] () -- C:\Users\bomarcpres\Desktop\unhackme500.zip
[2009/09/05 20:11:26 | 00,007,396 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2009/09/05 18:54:08 | 00,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2009/09/05 18:39:45 | 00,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/05 18:39:42 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/09/05 18:39:41 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/05 18:39:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/05 14:22:56 | 25,094,048 | ---- | C] (Doctor Web, Ltd. ) -- C:\Users\bomarcpres\Desktop\drweb-500-win.exe
[2009/09/05 14:17:20 | 17,148,920 | ---- | C] (Doctor Web, Ltd.) -- C:\Users\bomarcpres\Desktop\launch.exe
[2009/09/05 14:16:22 | 17,148,920 | ---- | C] (Doctor Web, Ltd.) -- C:\Users\bomarcpres\Desktop\drweb-cureit.exe
[2009/09/05 13:15:02 | 00,032,667 | ---- | C] () -- C:\Windows\System32\Config.MPF
[2009/09/05 08:57:35 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/09/05 08:53:20 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Users\bomarcpres\Desktop\avast_home_setup.exe
[2009/09/05 08:51:27 | 00,407,680 | ---- | C] (ALWIL Software) -- C:\Users\bomarcpres\Desktop\aswclnr.exe
[2009/09/05 07:38:08 | 00,000,000 | ---D | C] -- C:\Program Files\Protection System
[2009/09/04 16:53:54 | 00,202,156 | ---- | C] () -- C:\Users\bomarcpres\Desktop\crywolf10.jpg
[2009/09/04 16:52:34 | 02,688,425 | ---- | C] () -- C:\Users\bomarcpres\Desktop\lindy_booth_headshot.jpg
[2009/09/04 11:17:43 | 00,155,948 | ---- | C] () -- C:\Users\bomarcpres\Desktop\kh1.jpg
[2009/09/03 12:16:39 | 00,000,939 | ---- | C] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2009/09/03 12:16:25 | 00,000,975 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009/09/03 12:16:02 | 00,001,403 | ---- | C] () -- C:\Users\bomarcpres\Desktop\DivX Movies.lnk
[2009/09/02 13:13:18 | 00,000,168 | ---- | C] () -- C:\Windows\System32\lkgf
[2009/08/31 07:58:40 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/08/28 18:44:13 | 00,000,000 | ---D | C] -- C:\Users\bomarcpres\AppData\Local\AVG Security Toolbar
[2009/08/28 17:43:29 | 00,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2009/08/28 15:51:45 | 00,000,322 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2009/08/28 15:51:42 | 00,000,801 | ---- | C] () -- C:\Users\bomarcpres\Desktop\Glary Utilities.lnk
[2009/08/28 13:37:32 | 00,000,000 | ---D | C] -- C:\Users\bomarcpres\Documents\RegRun2
[2009/08/28 13:37:28 | 00,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2009/08/28 13:00:38 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/08/28 13:00:38 | 00,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2009/08/27 12:41:28 | 00,000,000 | ---D | C] -- C:\Users\bomarcpres\AppData\Roaming\Apple Computer
[2009/08/27 12:40:35 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/08/27 12:40:28 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/08/27 12:40:28 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/08/27 12:40:03 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/08/27 12:39:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/08/27 12:32:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer(205)
[2009/08/27 12:32:31 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime(167)
[2009/08/25 21:42:06 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$

========== Files - Modified Within 14 Days ==========

[2009/09/06 03:20:12 | 00,032,667 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/09/06 03:19:15 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/06 03:19:12 | 15,056,8147 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/09/06 00:25:09 | 02,664,072 | ---- | M] () -- C:\Users\bomarcpres\Desktop\esetsmartinstaller_enu.exe
[2009/09/05 23:57:51 | 33,961,728 | ---- | M] () -- C:\Users\bomarcpres\Desktop\avira_antivir_personal_en.exe
[2009/09/05 23:53:06 | 00,000,000 | ---- | M] () -- C:\Users\bomarcpres\Desktop\settings.dat
[2009/09/05 23:52:17 | 00,000,737 | ---- | M] () -- C:\Users\bomarcpres\Desktop\NTREGOPT.lnk
[2009/09/05 23:52:17 | 00,000,718 | ---- | M] () -- C:\Users\bomarcpres\Desktop\ERUNT.lnk
[2009/09/05 23:36:16 | 00,001,667 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2009/09/05 23:26:18 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\bomarcpres\Desktop\OTL.exe
[2009/09/05 23:25:55 | 00,472,064 | ---- | M] ( ) -- C:\Users\bomarcpres\Desktop\RootRepeal.exe
[2009/09/05 23:23:27 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\bomarcpres\Desktop\erunt_setup.exe
[2009/09/05 23:23:10 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\bomarcpres\Desktop\SysRestorePoint.exe
[2009/09/05 23:21:56 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Users\bomarcpres\Desktop\TFC.exe
[2009/09/05 23:15:11 | 00,000,680 | ---- | M] () -- C:\Users\bomarcpres\AppData\Local\d3d9caps.dat
[2009/09/05 22:53:38 | 04,094,713 | ---- | M] () -- C:\Users\bomarcpres\Desktop\unhackme500.zip
[2009/09/05 18:39:45 | 00,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/05 15:36:04 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/05 15:33:35 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/05 15:33:35 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/05 15:33:31 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/05 14:24:03 | 25,094,048 | ---- | M] (Doctor Web, Ltd. ) -- C:\Users\bomarcpres\Desktop\drweb-500-win.exe
[2009/09/05 14:21:33 | 00,000,806 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/09/05 14:18:05 | 17,148,920 | ---- | M] (Doctor Web, Ltd.) -- C:\Users\bomarcpres\Desktop\launch.exe
[2009/09/05 14:17:03 | 17,148,920 | ---- | M] (Doctor Web, Ltd.) -- C:\Users\bomarcpres\Desktop\drweb-cureit.exe
[2009/09/05 08:53:21 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Users\bomarcpres\Desktop\avast_home_setup.exe
[2009/09/05 08:51:28 | 00,407,680 | ---- | M] (ALWIL Software) -- C:\Users\bomarcpres\Desktop\aswclnr.exe
[2009/09/05 07:33:04 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/04 16:53:55 | 00,202,156 | ---- | M] () -- C:\Users\bomarcpres\Desktop\crywolf10.jpg
[2009/09/04 16:52:36 | 02,688,425 | ---- | M] () -- C:\Users\bomarcpres\Desktop\lindy_booth_headshot.jpg
[2009/09/04 11:17:44 | 00,155,948 | ---- | M] () -- C:\Users\bomarcpres\Desktop\kh1.jpg
[2009/09/03 21:40:09 | 00,613,030 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/03 21:40:08 | 00,715,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/03 21:40:08 | 00,107,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/03 12:16:39 | 00,000,939 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2009/09/03 12:16:25 | 00,000,975 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009/09/03 12:16:02 | 00,001,403 | ---- | M] () -- C:\Users\bomarcpres\Desktop\DivX Movies.lnk
[2009/09/03 12:13:25 | 00,142,848 | ---- | M] () -- C:\Users\bomarcpres\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/03 03:23:06 | 00,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/09/02 13:13:18 | 00,000,168 | ---- | M] () -- C:\Windows\System32\lkgf
[2009/09/01 00:59:59 | 00,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2009/08/28 16:08:26 | 00,325,948 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20090903-222148.backup
[2009/08/28 15:51:45 | 00,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2009/08/28 15:51:42 | 00,000,801 | ---- | M] () -- C:\Users\bomarcpres\Desktop\Glary Utilities.lnk

========== LOP Check ==========

[2009/09/05 23:32:51 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming
[2008/08/16 22:52:16 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\acccore
[2008/08/16 21:44:59 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\Acer
[2008/08/16 21:44:42 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\ATI
[2008/08/17 01:39:20 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\CyberLink
[2008/09/09 00:32:23 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\DNA
[2009/08/14 16:54:58 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\GlarySoft
[2009/08/01 13:23:59 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\gtk-2.0
[2008/10/06 08:53:37 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\ICQ
[2008/08/16 21:44:46 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\Leadertech
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\Media Center Programs
[2009/08/28 19:41:11 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\mIRC
[2009/02/04 22:31:56 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\QQ Games
[2009/06/24 20:24:07 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\QQ Games Plugin
[2009/08/14 16:02:21 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\SmartPCTools
[2009/08/05 23:02:28 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\Uniblue
[2009/08/06 07:00:21 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\uTorrent
[2009/06/20 05:50:17 | 00,000,000 | ---D | M] -- C:\Users\bomarcpres\AppData\Roaming\vghd
[2009/08/28 15:51:45 | 00,000,322 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2009/09/05 15:36:04 | 00,000,882 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/09/05 07:33:04 | 00,000,886 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009/07/15 00:59:59 | 00,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009/09/01 00:59:59 | 00,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/09/05 15:33:31 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/05 07:42:32 | 00,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >

< %systemroot%\system32\scecli.dll >
[2008/01/20 22:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >
[2006/11/02 05:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngaudit.dll

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4BF2F6B5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7E95B6FD
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >


OTL Extras logfile created on: 9/6/2009 3:28:34 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\bomarcpres\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 74.77% Memory free
3.73 Gb Paging File | 3.38 Gb Available in Paging File | 90.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51.01 Gb Total Space | 18.51 Gb Free Space | 36.29% Space Free | Partition Type: NTFS
Drive D: | 51.01 Gb Total Space | 13.27 Gb Free Space | 26.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOMARCPRES-PC
Current User Name: bomarcpres
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B0105F2-4892-4D3D-8422-972AEB520E4E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{729E7B89-A48E-4796-AA40-C101D1292F43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DAE4DA-DBD1-468D-8F05-8654C1FF09A4}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{06BB15A0-9900-4630-81EF-8B8922F7A601}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{0A1E9B03-5387-4AF1-B41E-8756CE15A957}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{114500CA-DE20-4C73-BF04-DCDF1842927D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{248213E1-1834-4E8B-9D55-0AB8B0C0ACA9}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{2D9B5E44-825C-435F-9B9D-2F99094F30C4}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{359BE009-DAC9-49E9-9F1F-36D70A831045}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{37AEF65E-1E73-4452-967F-7FA59DA864F2}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{412C589F-67D5-4B65-8A6B-49C23046B73A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{4721AAE2-8CB6-4719-935F-17A698A3E5F1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7C4E6956-535D-4D33-B5B8-5CD8ACFA88F5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{8C182C62-519A-46FD-95BB-7AF9A0416B78}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{934A017B-9139-4DC1-B925-9DFCC4F4D156}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9E640B58-7886-4AD1-B7A6-5305E599E8D1}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A400D486-2709-4D89-AB5D-139FC2AA6D11}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{D88189D9-6F03-4A17-872A-6A6B36B8E0A6}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E5E8D83E-EDEF-4CB4-9999-90C1F2E29461}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{EFE3B1F3-E4DD-4B43-8410-964CAE509846}" = dir=in | app=c:\program files\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05224574-45E6-529E-D28F-58517A0D014D}" = Catalyst Control Center Localization Thai
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{16F3EF00-887C-0DEC-2C94-A3469A48DE68}" = Catalyst Control Center Localization Danish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{28751D09-32C3-F547-7984-1B6631FE4A2B}" = Catalyst Control Center Localization Korean
"{2B85EE0A-C326-4E77-5086-C532D7C2AB87}" = Catalyst Control Center Core Implementation
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3594EE90-B157-4519-9E82-8B6F4711A0A1}" = Catalyst Control Center - Branding
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
"{42A30805-0210-8A51-2B37-8FB44F056190}" = Catalyst Control Center Localization Hungarian
"{46EE4F34-8C50-29A1-392F-86FCDA197789}" = Catalyst Control Center Localization Finnish
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{62E056C9-E8AC-6956-C6D9-98A82E3CE0CB}" = Catalyst Control Center Graphics Light
"{645DEF6F-B828-915C-F655-84D733124870}" = Catalyst Control Center Localization Japanese
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6BFAE410-1130-23D8-C42B-B46AF9B8559D}" = Catalyst Control Center Localization Italian
"{6DCBB845-0FA4-4723-A40A-1F320C221C30}" = Sprint Mobile Broadband (Sierra)
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7087B028-5164-4A68-9FD4-05E0E846A6B9}" = Acer Crystal Eye Webcam 2.0.6
"{71B2C49D-2ECC-8C4C-0DF8-76FBFD7804A1}" = Catalyst Control Center Localization German
"{73AB6BF4-C06D-8395-6F72-87F2481DE614}" = Catalyst Control Center Localization Swedish
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{767ECF6F-2344-4103-0091-44584B70D7CA}" = Madden NFL 06
"{781E64C7-FC5B-2F60-9882-1EF78D586819}" = Catalyst Control Center Localization Chinese Traditional
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{805F40F4-BF12-9054-4348-5ADA0CF77F3D}" = ccc-utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B510F99-7B01-CFAE-E38A-EE8EE39DB797}" = Catalyst Control Center Localization Greek
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{98786147-80E3-41A5-A80C-1F3C028558CF}" = Hearts of Iron 2
"{9EFAD767-D3F0-BB77-3E9B-A5B309413A57}" = Catalyst Control Center Localization Russian
"{A101FC46-E7C0-5C41-1410-5248E02CAAE9}" = Catalyst Control Center Localization Polish
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.6
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2A2514E-AC03-92AA-A1E1-F3A9F057AFB9}" = Catalyst Control Center Localization Dutch
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9308129-4971-BCF4-A826-987AD611A5ED}" = Catalyst Control Center Localization Turkish
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C7309F41-B01A-E8C9-6BBE-7AEC25D3FA13}" = Catalyst Control Center Localization Chinese Standard
"{CAA2EEB2-BE79-4FA6-3D77-7147E25A0DE9}" = ccc-core-static
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D03B4662-6EC5-98D3-CEE9-FC6D149F17EC}" = Catalyst Control Center Localization Spanish
"{D6521078-106E-5583-5BF3-031FD2CF4FC4}" = Catalyst Control Center Localization Norwegian
"{E148ABC2-5199-CB3D-04EF-533CFEFFD4B9}" = Catalyst Control Center Localization Czech
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC24097F-F9CF-A7A5-27F5-67DF0E9E27DF}" = Catalyst Control Center Localization Portuguese
"{FFE34BB9-02CD-0328-D578-200ABBFAF746}" = Catalyst Control Center Localization French
"7-Zip" = 7-Zip 4.65
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2006
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aim Plugin for QQ Games" = Aim Plugin for QQ Games
"AIM Toolbar" = AIM Toolbar 5.0
"AIM_6" = AIM 6
"AIMTunes" = AIMTunes
"AVG8Uninstall" = AVG Free 8.5
"Bandoo" = Bandoo
"Boilsoft Video Joiner_is1" = Boilsoft Video Joiner 5.32
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Glary Registry Repair_is1" = Glary Registry Repair 3.1.0.800
"Glary Utilities_is1" = Glary Utilities 2.15.0.738
"GMud32" = Uninstal GMud32
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"ICQToolbar" = ICQ Toolbar
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"JMC, the Java Mud Client V3.5.0.2" = Uninstal JMC, the Java Mud Client V3.5.0.2
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.5)" = Mozilla Firefox (3.5)
"MSC" = McAfee SecurityCenter
"MySpaceIM" = MySpaceIM
"Operation Optimization_is1" = Operation Optimization v1.1.1
"QQ Games" = QQ Games
"Realms of Kaos" = Realms of Kaos
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Test Of Time" = Civ II : Test Of Time
"VirtuaGirl 2" = VirtuaGirl 2
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/28/2009 3:44:04 PM | Computer Name = bomarcpres-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/28/2009 3:48:24 PM | Computer Name = bomarcpres-PC | Source = EventSystem | ID = 4609
Description =

Error - 8/28/2009 3:49:13 PM | Computer Name = bomarcpres-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/28/2009 4:51:56 PM | Computer Name = bomarcpres-PC | Source = EventSystem | ID = 4609
Description =

Error - 8/28/2009 4:52:49 PM | Computer Name = bomarcpres-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/28/2009 5:11:00 PM | Computer Name = bomarcpres-PC | Source = EventSystem | ID = 4609
Description =

Error - 8/28/2009 5:11:41 PM | Computer Name = bomarcpres-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/28/2009 5:27:50 PM | Computer Name = bomarcpres-PC | Source = EventSystem | ID = 4609
Description =

Error - 8/28/2009 5:28:40 PM | Computer Name = bomarcpres-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/28/2009 5:42:53 PM | Computer Name = bomarcpres-PC | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 6/10/2009 7:11:06 AM | Computer Name = bomarcpres-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/31/2009 9:28:09 PM | Computer Name = bomarcpres-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/16/2009 1:27:09 PM | Computer Name = bomarcpres-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/25/2009 7:31:51 PM | Computer Name = bomarcpres-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 3/11/2009 10:29:15 PM | Computer Name = bomarcpres-PC | Source = bowser | ID = 8003
Description =

Error - 3/11/2009 10:41:16 PM | Computer Name = bomarcpres-PC | Source = bowser | ID = 8003
Description =

Error - 3/11/2009 10:53:15 PM | Computer Name = bomarcpres-PC | Source = bowser | ID = 8003
Description =

Error - 3/11/2009 11:05:15 PM | Computer Name = bomarcpres-PC | Source = bowser | ID = 8003
Description =

Error - 3/12/2009 12:12:37 AM | Computer Name = bomarcpres-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.3.103 for the Network Card with network
address 001FE1184D68 has been denied by the DHCP server 192.168.4.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/12/2009 12:12:35 AM | Computer Name = bomarcpres-PC | Source = HTTP | ID = 15016
Description =

Error - 3/12/2009 12:13:06 AM | Computer Name = bomarcpres-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/12/2009 12:13:06 AM | Computer Name = bomarcpres-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/12/2009 12:14:35 AM | Computer Name = bomarcpres-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.4.77 for the Network Card with network
address 001FE1184D68 has been denied by the DHCP server 192.168.3.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/12/2009 4:06:33 AM | Computer Name = bomarcpres-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.3.103 for the Network Card with network
address 001FE1184D68 has been denied by the DHCP server 192.168.4.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP