Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ohtgnoenriga.com google redirect, OTL Log posted

Started by ScubaSam , Aug 11 2010 08:38 AM

  • This topic is locked This topic is locked

#1
ScubaSam
Posted 11 August 2010 - 08:38 AM

ScubaSam

    New Member

  • Member
  • Pip
  • 4 posts
Hi, I've been having a problem with google redirects taking me either to an "untitled" blank page or to a www.ohtgnoenriga.com address after I click search links. I was also having problems with adyieldmanager.com popups, but after following the steps in the malware and spyware cleaning guide the popups seem to have stopped.

I've taken the following steps:
1) Initial full scan with my own antivirus - McAfee. This came out clean.
2) Followed steps in google redirect guide to start with - backed up registry then ran OTM. It cleaned out a bunch of temp files.
3) Ran GooredFix, the results screen mentioned a few of my firefox addons but nothing more. It didn't seem to turn out anything suspicious.
4) Ran TDSSKiller, the scan came up clean. At this point I used the computer normally for a while, but soon encountered another re-direct so carried on with the full malware guide.
5) Ran TFC cleaner
6) Ran MBAM, did the quick scan. It encountered 8 items and removed them. The log is posted below.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4419

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

11/08/2010 14:00:05
mbam-log-2010-08-11 (14-00-05).txt

Scan type: Quick scan
Objects scanned: 140249
Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\10DPP6O2VE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ze18mw23gy (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wgmihrbk (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Jfyzya.exe (Trojan.Agent.Gen) -> Delete on reboot.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

This seems to have stopped the popups for now, I havn't encountered any in almost an hour and a half.

7) I ran GMER rootkit scanner, but it stopped working part way through, while scanning "harddisk volume shadow copy 1" or something similar. An attempt to run GMER again after this resulted in a blue screen windows crash and subsequent reboot. The same pattern occured when I tried to run GMER after the reboot - stopped working, then crashed windows on the second attempt. I don't therefore have a log to post for that.

8) Downloaded and ran OTL, with the custom scan options given. The logs seem to be very long, but here they are:

OTL logfile created on: 11/08/2010 14:50:08 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Brendan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.04 Gb Total Space | 58.43 Gb Free Space | 40.56% Space Free | Partition Type: NTFS
Drive D: | 140.50 Gb Total Space | 8.13 Gb Free Space | 5.78% Space Free | Partition Type: NTFS
Drive E: | 590.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRENDANS-LAPTOP
Current User Name: Brendan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/11 14:49:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Brendan\Desktop\OTL(2).exe
PRC - [2010/08/11 14:01:53 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Brendan\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2010/07/28 14:38:28 | 000,407,336 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/05/07 10:36:49 | 001,238,352 | ---- | M] (Valve Corporation) -- D:\Games\Steam\Steam.exe
PRC - [2010/03/24 18:06:58 | 000,016,384 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2010/03/05 16:32:28 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/01 09:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/07/24 08:29:20 | 000,053,248 | ---- | M] (Alcor Micro, Corp.) -- C:\Windows\System32\DrvMon.exe
PRC - [2008/07/20 10:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/06/04 13:03:36 | 000,817,672 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008/06/02 09:25:40 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/05/30 20:24:30 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008/05/07 09:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/28 00:06:27 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdpcoms.exe
PRC - [2008/01/16 18:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe


========== Modules (SafeList) ==========

MOD - [2010/08/11 14:49:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Brendan\Desktop\OTL(2).exe
MOD - [2009/12/08 14:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 03:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/07/28 14:38:28 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/03/24 18:06:58 | 000,016,384 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/16 12:29:29 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/03/19 12:31:52 | 000,083,240 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Solidworks 2009 SP3\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2008/07/20 10:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/06/02 09:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/04/26 05:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Disabled | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/26 05:36:02 | 000,131,072 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/03/03 21:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/02/28 00:06:27 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdpcoms.exe -- (lxdp_device)
SRV - [2008/02/28 00:06:12 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe -- (lxdpCATSCustConnectService)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2005/09/23 08:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Brendan\AppData\Local\Temp\Fadpu16E.sys -- (Fadpu16E)
DRV - [2010/07/15 15:18:22 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/03/17 01:01:53 | 011,597,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/01/28 15:25:03 | 000,068,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/07/21 01:44:44 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/07/18 16:05:10 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/07/03 04:24:46 | 000,026,752 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerA310USB.sys -- (A310)
DRV - [2008/07/03 04:24:42 | 000,047,104 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerA310Cap.sys -- (BDASwCap)
DRV - [2008/06/02 09:20:12 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/05/26 11:54:28 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
DRV - [2008/05/19 17:23:00 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008/05/07 12:22:50 | 002,134,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/05 02:05:00 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/04/28 12:56:16 | 000,050,576 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2008/04/25 03:08:42 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/26 18:59:12 | 000,061,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/03/26 08:23:46 | 000,338,432 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28.sys -- (netr28)
DRV - [2008/03/25 23:39:20 | 000,207,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/01/30 10:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/30 10:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007/10/18 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/03/28 15:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2006/11/02 14:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/01/20 18:03:28 | 000,027,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006/01/20 18:03:24 | 000,069,376 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMOUKE.sys -- (LMouKE)
DRV - [2006/01/20 18:02:58 | 000,036,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidUsbK.sys -- (LHidUsbK)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=aspire_6930g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=aspire_6930g

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=aspire_6930g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com?o=14986&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-GB.start3....en-GB:official"
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.6.117
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..keyword.URL: "http://websearch.ask...4&apn_dtid=&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/02 14:06:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/28 14:39:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/28 14:39:30 | 000,000,000 | ---D | M]

[2009/09/05 14:39:59 | 000,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Mozilla\Extensions
[2010/08/11 13:58:56 | 000,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\qyp2x9ch.default\extensions
[2010/04/28 00:22:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\qyp2x9ch.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/14 17:52:26 | 000,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\qyp2x9ch.default\extensions\[email protected]
[2010/06/07 20:05:09 | 000,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\qyp2x9ch.default\extensions\[email protected]
[2010/08/10 19:16:01 | 000,002,558 | ---- | M] () -- C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\qyp2x9ch.default\searchplugins\askcom.xml
[2010/08/11 14:43:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/12 16:16:54 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
[2010/07/28 14:39:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/28 14:39:25 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/28 14:39:25 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/28 14:39:25 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/08/11 13:33:01 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DrvMon.exe] C:\Windows\System32\DrvMon.exe (Alcor Micro, Corp.)
O4 - HKCU..\Run: [Ebhbxkuu] C:\Windows\System32\KBDAZELZ.DLL ()
O4 - HKCU..\Run: [Steam] d:\games\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Brendan\Pictures\Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Brendan\Pictures\Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/12/13 15:13:30 | 000,905,216 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/11/09 23:14:34 | 000,002,238 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2005/09/06 12:44:22 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3bcb4559-2629-11df-a015-00238b2fe667}\Shell - "" = AutoRun
O33 - MountPoints2\{3bcb4559-2629-11df-a015-00238b2fe667}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{8a316d0c-a538-11de-af30-00238b2fe667}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{a1c4dc3f-b41a-11de-ac4b-00238b2fe667}\Shell - "" = AutoRun
O33 - MountPoints2\{a1c4dc3f-b41a-11de-ac4b-00238b2fe667}\Shell\AutoRun\command - "" = F:\loaderw.exe -- File not found
O33 - MountPoints2\{f4e9b9ec-99a1-11de-968b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f4e9b9ec-99a1-11de-968b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2005/12/13 15:13:30 | 000,905,216 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/11 14:48:58 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Brendan\Desktop\OTL(2).exe
[2010/08/11 14:29:03 | 000,000,000 | ---D | C] -- C:\Users\Brendan\Desktop\gmer
[2010/08/11 13:50:24 | 000,000,000 | ---D | C] -- C:\Users\Brendan\AppData\Roaming\Malwarebytes
[2010/08/11 13:50:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/11 13:50:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/11 13:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/11 13:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/11 13:49:37 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Brendan\Desktop\mbam-setup.exe
[2010/08/11 13:41:39 | 000,000,000 | ---D | C] -- C:\Users\Brendan\Desktop\tdsskiller
[2010/08/11 13:40:15 | 000,000,000 | ---D | C] -- C:\Users\Brendan\Desktop\GooredFix Backups
[2010/08/11 13:39:15 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Brendan\Desktop\GooredFix.exe
[2010/08/11 13:30:27 | 000,000,000 | ---D | C] -- C:\Users\Brendan\Documents\erunt
[2010/08/11 01:53:59 | 000,000,000 | ---D | C] -- C:\Users\Brendan\AppData\Local\2K Games
[2010/08/07 21:37:59 | 000,000,000 | ---D | C] -- C:\Users\Brendan\AppData\Roaming\uTorrent
[2010/08/07 21:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\PFPortChecker
[2010/08/07 19:43:21 | 000,000,000 | ---D | C] -- C:\Users\Brendan\AppData\Local\wnmavkpoa
[2010/08/07 00:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\Auran
[2010/07/13 00:42:34 | 000,000,000 | ---D | C] -- C:\Users\Brendan\AppData\Local\3DVIA
[2010/07/13 00:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\3DVIA
[2010/07/13 00:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Virtools
[2010/07/08 21:33:47 | 000,000,000 | ---D | C] -- C:\Users\Brendan\AppData\Roaming\NVIDIA
[2010/07/08 21:33:03 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\Windows\System32\drivers\AmdLLD.sys
[2010/07/08 21:33:03 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2010/07/08 21:33:01 | 000,000,000 | ---D | C] -- C:\Users\Brendan\AppData\Local\Downloaded Installations
[2010/06/28 14:59:04 | 000,000,000 | ---D | C] -- C:\Users\Brendan\Documents\F1 Challenge 99-02
[2010/06/27 18:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\EA SPORTS
[2010/06/24 16:33:48 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010/06/23 20:06:58 | 000,000,000 | ---D | C] -- C:\Users\Brendan\.assistant
[2010/06/23 20:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\X Plugin Manager
[2010/06/19 22:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\wgens170
[2010/06/19 22:55:55 | 000,000,000 | ---D | C] -- C:\sega genesis
[2010/06/19 22:36:58 | 000,000,000 | ---D | C] -- C:\Users\Brendan\Desktop\Solidworks
[2010/06/19 22:36:48 | 000,000,000 | ---D | C] -- C:\Users\Brendan\Desktop\X3
[2010/06/19 21:58:04 | 000,000,000 | ---D | C] -- C:\Users\Brendan\Documents\Egosoft
[2010/06/19 14:56:24 | 000,000,000 | ---D | C] -- C:\Users\Brendan\AppData\Local\Stardock
[2010/06/17 23:24:07 | 000,000,000 | ---D | C] -- C:\Users\Brendan\AppData\Local\DOSBox
[2010/06/17 23:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74
[2010/06/17 17:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Compatibility Toolkit
[2010/06/17 15:29:05 | 000,000,000 | ---D | C] -- C:\Users\Brendan\AppData\Roaming\DWGeditor
[2010/06/15 23:19:39 | 000,000,000 | ---D | C] -- C:\Users\Brendan\Documents\Games for Windows - LIVE Demos
[2010/06/11 22:48:35 | 000,000,000 | ---D | C] -- C:\Users\Brendan\AppData\Roaming\DivX
[2010/05/24 16:40:59 | 000,000,000 | ---D | C] -- C:\Users\Brendan\Documents\Rifle Club
[2010/05/16 14:39:02 | 000,057,344 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\nvapo32v.dll
[2010/05/16 14:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/05/16 14:21:15 | 000,056,424 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/05/16 14:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/05/16 14:16:02 | 000,000,000 | ---D | C] -- C:\Users\Brendan\AppData\Roaming\SystemRequirementsLab
[2009/09/23 16:45:47 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDPhcp.dll
[2009/09/23 16:45:47 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdpinpa.dll
[2009/09/23 16:45:47 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdpiesc.dll
[2009/09/23 16:45:46 | 001,101,824 | ---- | C] ( ) -- C:\Windows\System32\lxdpserv.dll
[2009/09/23 16:45:46 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdpusb1.dll
[2009/09/23 16:45:45 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdppmui.dll
[2009/09/23 16:45:45 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdplmpm.dll
[2009/09/23 16:45:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdpprox.dll
[2009/09/23 16:45:43 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdphbn3.dll
[2009/09/23 16:45:40 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdpcomc.dll
[2009/09/23 16:45:40 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdpcomm.dll
[2008/07/22 09:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/11 14:52:46 | 004,980,736 | -HS- | M] () -- C:\Users\Brendan\NTUSER.DAT
[2010/08/11 14:49:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Brendan\Desktop\OTL(2).exe
[2010/08/11 14:46:00 | 000,032,994 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/08/11 14:45:38 | 000,035,093 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/08/11 14:45:37 | 000,035,093 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/08/11 14:45:20 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/11 14:45:14 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/08/11 14:45:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/11 14:45:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/11 14:45:07 | 000,002,553 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2010/08/11 14:45:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/11 14:45:04 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2010/08/11 14:45:01 | 3215,843,328 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/11 14:44:15 | 000,524,288 | -HS- | M] () -- C:\Users\Brendan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/11 14:44:15 | 000,065,536 | -HS- | M] () -- C:\Users\Brendan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/11 14:41:21 | 341,838,701 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/11 14:40:07 | 000,000,000 | ---- | M] () -- C:\Users\Brendan\Desktop\OTL.exe
[2010/08/11 14:28:58 | 000,284,915 | ---- | M] () -- C:\Users\Brendan\Desktop\gmer.zip
[2010/08/11 13:56:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/11 13:50:19 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/11 13:49:43 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Brendan\Desktop\mbam-setup.exe
[2010/08/11 13:41:19 | 001,132,196 | ---- | M] () -- C:\Users\Brendan\Desktop\tdsskiller.zip
[2010/08/11 13:39:15 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Brendan\Desktop\GooredFix.exe
[2010/08/11 13:33:01 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/08/09 23:17:31 | 000,000,381 | ---- | M] () -- C:\Users\Public\Desktop\Worms World Party.lnk
[2010/08/08 15:23:45 | 000,000,882 | ---- | M] () -- C:\Users\Brendan\Desktop\Trainz - Shortcut.lnk
[2010/08/07 19:36:21 | 000,052,736 | RHS- | M] () -- C:\Windows\System32\KBDAZELZ.dll
[2010/07/25 20:03:29 | 000,009,216 | ---- | M] () -- C:\Users\Brendan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/15 15:18:22 | 000,130,424 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys
[2010/07/13 13:40:16 | 000,010,810 | ---- | M] () -- C:\Users\Brendan\Documents\Imperial Packing List.docx
[2010/07/05 15:15:32 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/01 10:13:30 | 000,716,862 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/01 10:13:30 | 000,617,964 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/01 10:13:30 | 000,112,698 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/27 18:42:14 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\F1 Challenge 99-02.lnk
[2010/06/27 18:36:58 | 000,000,543 | ---- | M] () -- C:\Windows\eReg.dat
[2010/06/19 22:56:46 | 000,000,132 | ---- | M] () -- C:\Users\Brendan\Desktop\Gens.lnk
[2010/06/19 21:46:42 | 000,052,635 | ---- | M] () -- C:\Windows\unins000.dat
[2010/06/19 21:35:21 | 000,686,426 | ---- | M] () -- C:\Windows\unins000.exe
[2010/06/17 23:16:12 | 000,001,707 | ---- | M] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2010/06/15 17:55:41 | 000,023,990 | ---- | M] () -- C:\Users\Brendan\Documents\Maximus_xp1.sav
[2010/06/15 01:57:31 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/06/11 22:47:14 | 000,000,690 | ---- | M] () -- C:\Users\Public\Desktop\Orbiter 2010.lnk
[2010/06/11 14:36:59 | 000,321,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/10 23:06:23 | 000,000,000 | -H-- | M] () -- C:\Users\Brendan\Documents\Default.rdp
[2010/06/10 16:44:50 | 000,011,328 | ---- | M] () -- C:\Users\Brendan\Documents\Stuff we do in the year.docx
[2010/06/08 23:52:48 | 000,000,000 | ---- | M] () -- C:\Users\Brendan\AppData\Local\Temptable.xml
[2010/06/08 16:57:54 | 000,013,433 | ---- | M] () -- C:\Users\Brendan\Documents\Stuff I brought Home.docx
[2010/05/28 13:22:42 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/05/16 14:35:15 | 000,001,356 | ---- | M] () -- C:\Users\Brendan\AppData\Local\d3d9caps.dat
[2010/05/16 13:53:17 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/14 15:23:35 | 000,042,063 | ---- | M] () -- C:\Users\Brendan\Documents\WingDrawing.docx
[2010/05/14 00:09:00 | 000,266,240 | ---- | M] () -- C:\Users\Brendan\Documents\ThinWingDrawing.SLDDRW
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/11 14:45:01 | 3215,843,328 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/11 14:40:07 | 000,000,000 | ---- | C] () -- C:\Users\Brendan\Desktop\OTL.exe
[2010/08/11 14:28:43 | 000,284,915 | ---- | C] () -- C:\Users\Brendan\Desktop\gmer.zip
[2010/08/11 13:50:19 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/11 13:41:07 | 001,132,196 | ---- | C] () -- C:\Users\Brendan\Desktop\tdsskiller.zip
[2010/08/09 23:17:31 | 000,000,381 | ---- | C] () -- C:\Users\Public\Desktop\Worms World Party.lnk
[2010/08/08 15:23:45 | 000,000,882 | ---- | C] () -- C:\Users\Brendan\Desktop\Trainz - Shortcut.lnk
[2010/08/07 19:36:21 | 000,052,736 | RHS- | C] () -- C:\Windows\System32\KBDAZELZ.dll
[2010/07/07 17:54:29 | 000,010,810 | ---- | C] () -- C:\Users\Brendan\Documents\Imperial Packing List.docx
[2010/07/05 15:15:32 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/06/27 18:42:14 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\F1 Challenge 99-02.lnk
[2010/06/27 18:36:58 | 000,000,543 | ---- | C] () -- C:\Windows\eReg.dat
[2010/06/19 22:56:46 | 000,000,132 | ---- | C] () -- C:\Users\Brendan\Desktop\Gens.lnk
[2010/06/19 21:37:03 | 000,686,426 | ---- | C] () -- C:\Windows\unins000.exe
[2010/06/19 21:37:03 | 000,052,635 | ---- | C] () -- C:\Windows\unins000.dat
[2010/06/17 23:16:12 | 000,001,707 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2010/06/15 17:58:08 | 000,023,990 | ---- | C] () -- C:\Users\Brendan\Documents\Maximus_xp1.sav
[2010/06/11 22:47:14 | 000,000,690 | ---- | C] () -- C:\Users\Public\Desktop\Orbiter 2010.lnk
[2010/06/10 23:06:23 | 000,000,000 | -H-- | C] () -- C:\Users\Brendan\Documents\Default.rdp
[2010/06/10 01:16:47 | 000,011,328 | ---- | C] () -- C:\Users\Brendan\Documents\Stuff we do in the year.docx
[2010/05/16 14:41:30 | 000,035,093 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/05/16 14:41:10 | 000,035,093 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/05/16 14:21:16 | 000,007,772 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010/05/16 13:53:17 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/14 15:23:34 | 000,042,063 | ---- | C] () -- C:\Users\Brendan\Documents\WingDrawing.docx
[2010/05/14 00:02:50 | 000,266,240 | ---- | C] () -- C:\Users\Brendan\Documents\ThinWingDrawing.SLDDRW
[2010/05/13 23:54:57 | 000,000,000 | ---- | C] () -- C:\Users\Brendan\AppData\Local\Temptable.xml
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/03/28 22:09:30 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/02/16 12:29:29 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/01/11 21:41:00 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/12/12 00:02:09 | 000,000,021 | ---- | C] () -- C:\Windows\entpack.ini
[2009/09/24 14:49:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/23 16:48:23 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdpcoin.dll
[2009/09/23 16:45:58 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdprwrd.ini
[2009/09/23 16:45:47 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDPinst.dll
[2009/09/23 16:45:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdpgrd.dll
[2009/09/08 00:47:01 | 000,000,296 | ---- | C] () -- C:\Windows\Sfc3ng.ini
[2009/09/07 20:22:38 | 000,002,553 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2009/09/07 20:18:05 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2009/09/06 20:59:39 | 000,000,487 | ---- | C] () -- C:\Windows\wininit.ini
[2009/09/05 20:16:31 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/11/02 06:21:11 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/11/02 06:21:11 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/11/02 06:02:04 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/11/02 05:57:39 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/11/02 05:53:52 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/11/02 05:44:03 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007/11/28 18:51:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdpvs.dll
[2007/08/21 20:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/27 00:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 07:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 00:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 06:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2009/11/25 17:56:46 | 000,000,000 | -HSD | M] -- C:\Users\Brendan\AppData\Roaming\.#
[2009/09/04 16:29:06 | 000,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Acer
[2008/11/02 06:17:37 | 000,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Acer GameZone Console
[2009/11/28 22:40:48 | 000,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Autograph
[2010/08/08 14:05:44 | 000,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\BitTorrent
[2010/02/16 12:33:41 | 000,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\DassaultSystemes
[2010/06/17 15:29:05 | 000,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\DWGeditor
[2009/09/04 17:53:37 | 000,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\eSobi
[2010/02/16 13:33:10 | 000,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\IM
[2009/09/19 17:28:53 | 000,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Leadertech
[2009/10/14 20:07:24 | 000,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\PeerNetworking
[2010/05/16 14:16:10 | 000,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\SystemRequirementsLab
[2009/09/13 02:18:59 | 000,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\The Creative Assembly
[2010/08/11 00:29:45 | 000,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\uTorrent
[2010/06/15 01:57:31 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009/11/01 02:00:08 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/08/11 14:00:38 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/01/29 13:54:16 | 000,440,342 | ---- | M] () -- C:\AnalysisLog.sr0
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/11/02 06:04:01 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/08/11 14:45:01 | 3215,843,328 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/28 11:39:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/09/04 16:12:12 | 000,000,020 | ---- | M] () -- C:\Medion.ini
[2009/10/28 11:39:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/11 14:45:00 | 3529,437,184 | -HS- | M] () -- C:\pagefile.sys
[2009/09/04 16:05:39 | 000,000,058 | ---- | M] () -- C:\Partition.txt
[2008/11/02 05:44:38 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2010/08/11 13:42:44 | 000,060,944 | ---- | M] () -- C:\TDSSKiller.2.4.1.1_11.08.2010_13.42.07_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/14 20:17:55 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2008/02/27 12:05:40 | 000,115,200 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\lxdpdrpp.dll
[2006/10/27 03:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%|bak;true;false;false /fp >

< %systemroot%\system32|bak;true;false;false /fp >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-06 12:12:19
< End of report >



and the Extras log, if required:

OTL Extras logfile created on: 11/08/2010 14:50:08 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Brendan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.04 Gb Total Space | 58.43 Gb Free Space | 40.56% Space Free | Partition Type: NTFS
Drive D: | 140.50 Gb Total Space | 8.13 Gb Free Space | 5.78% Space Free | Partition Type: NTFS
Drive E: | 590.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRENDANS-LAPTOP
Current User Name: Brendan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{44B3C68D-2842-4670-829F-68357EE9C5B1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BDA1C6A0-5915-48AB-97A6-4A5D04887F58}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0232BD49-0A44-4220-87BF-15BFA0BC433C}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{04247F80-8829-4814-9779-F9201CE1E2EC}" = protocol=17 | dir=in | app=d:\games\company of heroes\relicdownloader\relicdownloader.exe |
"{05EDD65F-4564-4EB2-A68D-F2561FF7AFBD}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{06A00521-7731-4B6D-B4C7-A360EE80D9C0}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\arma 2\arma2.exe |
"{08FD1D1B-DFE3-4482-A4ED-C90962405D3D}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\max payne 2 the fall of max payne\maxpayne2.exe |
"{09AC3B28-EF23-4308-B9F2-28C03F963541}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\empire total war\empire.exe |
"{0D62D2A6-3307-4D39-B4FF-78F3B85BC598}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\freedom force vs. the 3rd reich\ffvt3r.exe |
"{113E4960-051B-4036-85CA-915BED2138C6}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\max payne 2 the fall of max payne\maxpayne2.exe |
"{13A5054D-5541-4E5B-8D14-28E6E26B7CF7}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\empire total war\empire.exe |
"{156803AB-E8F8-471F-BF33-460421F27446}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{163310A4-85FC-4692-AAF8-5C0A72E31533}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{206411BA-6ABD-4780-83D4-4715F49E88C9}" = protocol=6 | dir=in | app=d:\games\hawx\hawx.exe |
"{233BFB3F-DEE9-4AD0-AC83-23FEBF4F8781}" = protocol=17 | dir=in | app=d:\games\swat 4\contentexpansion\system\swat4x.exe |
"{2986EDDB-91F1-44E4-B6E1-55358229C87B}" = protocol=6 | dir=in | app=d:\games\swat 4\contentexpansion\system\swat4xdedicatedserver.exe |
"{29FB41BD-5BC1-49A3-BAD6-3CEA568D43DE}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\scubasam\garrysmod\hl2.exe |
"{2BB5DD62-5239-4380-875C-1746C259B655}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{32A64F9B-248E-4A7A-9A2C-5133C8BD6E16}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\mafia ii - public demo\launcher.exe |
"{337FABAA-049A-49CF-B0B9-1757A57FEA40}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{377FDA38-B377-44AA-BD92-59CFD53713BC}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{39E8CB0B-B6F3-48C9-B2D0-F33C86808AB0}" = protocol=6 | dir=in | app=d:\games\far cry 2\bin\fc2editor.exe |
"{3A1E8CA5-733F-40A0-A87A-783709ADCCC6}" = protocol=17 | dir=in | app=d:\games\hawx\hawx.exe |
"{3A2083F5-47B4-435C-9072-9A39C14C699A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3B2A070B-A7BE-44FA-BDEB-7CAE92F5638C}" = protocol=6 | dir=in | app=d:\games\hawx\hawx_dx10.exe |
"{4041D7AC-6DAD-4C6F-83AB-FBB28CEC4A89}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{494BCD9F-42D8-4AEA-96C1-E48CA1C979ED}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\scubasam\garrysmod\hl2.exe |
"{4956AC83-D113-43F1-82B5-C329ADA16A7D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdpjswx.exe |
"{50E04F2E-4284-4C4F-A44D-636DDA02E203}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{53A505DB-FE7D-4C98-9441-9C7585942E37}" = protocol=6 | dir=in | app=d:\games\far cry 2\bin\farcry2.exe |
"{53AEEFB2-A2DA-4736-8AD3-54287BA52EDA}" = protocol=6 | dir=in | app=c:\program files\lexmark z2300 series\lxdpmon.exe |
"{55048597-9251-4DF2-AA58-609A95504C8D}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{5A7D052C-8123-4508-8F75-A5D8C1940301}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe |
"{5F7CC400-89EC-4DB6-9A0B-B0D4D6533833}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\arma 2\arma2.exe |
"{6194276A-810C-4457-9B7B-4309AB55C83D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{623717F7-5141-4768-944E-40D97A8B714E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{66850A7E-9B8C-4094-836E-BEFE2B82B468}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
"{670862B1-0FAD-4C5E-8A1D-2248B7C6F8F5}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\hitman blood money\configure.exe |
"{6FB0585F-C3CE-415D-AF10-7C89AF2CCA50}" = protocol=17 | dir=in | app=d:\games\hawx\hawx_dx10.exe |
"{730F616A-C27D-4691-914D-8DC19F670911}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{74F38450-7427-4EBF-8B2A-6C06D259197F}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{757A0E53-554B-4B7C-935F-B20B09B534E5}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\scubasam\counter-strike source\hl2.exe |
"{77A65BBD-4A64-45C1-8A48-03B6D6827794}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdptime.exe |
"{77FE966C-4448-49EE-AD06-4527A9EDF681}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe |
"{79535522-31CD-4AC7-B47D-E8668846DB01}" = protocol=17 | dir=in | app=d:\games\swat 4\contentexpansion\system\swat4xdedicatedserver.exe |
"{7AE5A1AE-314B-43D0-85FE-C5B6BC970DB8}" = protocol=6 | dir=in | app=c:\windows\system32\lxdpcoms.exe |
"{7CDC4716-EE7C-4D2B-A458-173492911ACD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7DAE6F24-76C1-4DA2-BEB9-A2147EFF72B7}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\max payne 2 the fall of max payne\maxpayne2.exe |
"{7E0C1EF9-D1D8-4724-B2B2-62CCD935345E}" = protocol=6 | dir=in | app=d:\games\company of heroes\relicdownloader\relicdownloader.exe |
"{80B5BF9A-F2A8-42E4-98A2-2A7044E53EA3}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdptime.exe |
"{80C745FA-6B94-419D-B146-E6A77644C594}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\medieval ii total war\launcher.exe |
"{816A86CC-61F6-489D-AE6F-698052CEA91F}" = protocol=6 | dir=in | app=d:\games\far cry 2\bin\fc2launcher.exe |
"{819B5C20-ED82-47C2-A31F-850DC145EA33}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\freedom force vs. the 3rd reich\ffvt3r.exe |
"{870E54A1-6849-462F-A89F-08A4EAD7D0FF}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\empire total war\empire.exe |
"{8830D729-B041-4FD7-8DC3-346E7EE1A348}" = protocol=6 | dir=in | app=d:\games\swat 4\contentexpansion\system\swat4x.exe |
"{88B18281-8B98-4595-AB1C-110FAE7C3939}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{8B65E0A2-F09D-403C-BBA8-80DAFF63263B}" = protocol=17 | dir=in | app=d:\games\company of heroes\reliccoh.exe |
"{8B8871F8-31F1-4958-A651-8844B6A5CCFC}" = protocol=17 | dir=in | app=c:\program files\lexmark z2300 series\lxdpmon.exe |
"{8E1FDB70-3923-459C-BB47-3EEF0346CDAC}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{90D4598C-6EC4-44B9-BC12-87DFC34380BD}" = protocol=17 | dir=in | app=d:\games\far cry 2\bin\fc2launcher.exe |
"{9629D2F3-BC6A-4535-918C-A3065AFD72CE}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe |
"{987A84A9-C4CE-4B05-B5EF-0EA7791F8FC5}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe |
"{9922955D-434B-437E-9474-4EA61662A57A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\medieval ii total war\launcher.exe |
"{9BB8E802-86EA-42B3-BEA9-FFAA9F79A2D8}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\eve online\eve.exe |
"{9D04F12E-C83A-4D58-A315-1A9355F0ABEC}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\scubasam\counter-strike source\hl2.exe |
"{9F600067-3E0E-46B5-A57A-D1E060DF173D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdpjswx.exe |
"{9F9003E5-D57F-4798-9568-DE304995DA30}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{A69AD7C2-89A7-40D4-B44A-10CDBD32F57E}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\eve online\eve.exe |
"{A83874B3-781B-4E84-8B85-04AA13BF24B2}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\max payne 2 the fall of max payne\maxpayne2.exe |
"{AD255DD3-44AF-40DD-8807-85E3D0B077D3}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{AE2D2E1B-CCD2-4405-A6DF-5F78F7E3EB5F}" = protocol=17 | dir=in | app=c:\windows\system32\lxdpcoms.exe |
"{B0368B16-6EEF-4580-B946-00AD175B30D3}" = protocol=6 | dir=in | app=d:\games\company of heroes\relicdownloader\relicdownloader.exe |
"{B1A63A4D-4297-42FF-BCF0-08131788AE41}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe |
"{B5DC9FA2-2A0F-4D9A-A17E-070FEC3C9DF0}" = protocol=17 | dir=in | app=d:\games\arma2 demo\arma2demo.exe |
"{B7F0A628-7B96-457E-8F68-1EF4B05C90F0}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\hitman blood money\configure.exe |
"{B8F78B9C-40E8-4232-9C02-F4277783A2C0}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{BB8CEFC2-47F7-44C2-8BA4-1656C32E715A}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{BBDA9CC2-5939-4ED6-A9F7-92D9C0F5CD05}" = protocol=17 | dir=in | app=d:\games\company of heroes\relicdownloader\relicdownloader.exe |
"{BBE098FE-14E4-480F-81FE-15B15F9CB887}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{BCE258E9-49D5-4E17-A8BE-DF8267428FAD}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\arma 2\arma2.exe |
"{BD2A4E68-A3A4-45E2-957D-C9723284D239}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BFC2D5F7-EE7C-4F3E-96D2-3226D2DFC98D}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\scubasam\garrysmod\hl2.exe |
"{C35022D8-3CB5-4A90-BDD8-6FC64C3C6EBE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CA22DF30-D4EF-4BD7-B038-939B81544907}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
"{CC1C873B-9A26-434D-A568-DF201873EFD3}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{D0F772F8-1145-47C3-AA59-4E6D7DF1E52D}" = protocol=17 | dir=in | app=d:\games\far cry 2\bin\farcry2.exe |
"{D3789134-0FC9-409F-94A5-4417DAC4229E}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{D6065606-F771-41CF-BB68-4AB01D4B335E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{D970B540-55B8-41F4-A8DB-9965AA566F89}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\scubasam\garrysmod\hl2.exe |
"{DA0637FF-2166-49D3-8CAF-DDC3C2B92162}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\mafia ii - public demo\launcher.exe |
"{DD05009A-0F48-4AD5-9D5E-623BC792D205}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\empire total war\empire.exe |
"{E3C983BC-595C-4099-9D52-3AF2C0FB101D}" = protocol=17 | dir=in | app=d:\games\far cry 2\bin\fc2editor.exe |
"{E990A25C-E7E7-4CD4-9059-360120DBAB4D}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{ED041B25-92E5-4DAF-871E-891405053238}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{EE432256-8AEA-48F9-81C2-371F23A36E1E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{EEE5136F-EA1F-4C78-8A35-7C561641C22D}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\arma 2\arma2.exe |
"{F25DBCBE-9EF7-42BF-8AA1-5E0D51647EA0}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe |
"{F6E642DC-DB8E-4E29-87C8-046E1812008A}" = protocol=6 | dir=in | app=d:\games\arma2 demo\arma2demo.exe |
"{FAA1C6B9-A2A2-4414-B54C-3A82EF8543ED}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{FAFD5181-AA28-4B12-BDAF-4E404467EF4D}" = protocol=6 | dir=in | app=d:\games\company of heroes\reliccoh.exe |
"{FEB81D18-8238-4715-B1AD-99C265471CEB}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}" = Microsoft Application Compatibility Toolkit 5.6
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{1745a178-4028-460a-902d-d37811a4fb1e}.sdb" = X-Com
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BA95C2-4693-49E5-B454-0C232FFFC452}" = Hearts of Iron 3 - Demo
"{1B140425-1EA0-4AB8-BB31-1830C4A0A1F2}" = DWGeditor
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{35727E31-5D78-478A-B418-7E9A82729DB2}" = SolidWorks 2009 SP03
"{36592557-65CE-4A4D-9970-764F17E0AFD3}" = MSI v2 to redistribute Rigs of Rods
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FB31CB9-A4A2-49FD-00AF-41785B21FDEE}" = F1 Challenge 99-02
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80BA07B3-537F-4189-92F7-26E2BA76095A}" = SolidWorks eDrawings 2009
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{83437081-8186-4F63-BD39-4BE8A691E055}" = Hidden & Dangerous 2
"{84F4E9BC-8B76-43DE-9EC7-F6F2D2E5447A}" = EZNifConvert
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90811323-6251-4222-BC83-C5C0F02EB956}" = Orbiter 2010
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = Installer
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9AFA9294-C7A4-4DD5-ADBE-3DFC98752417}_is1" = Theatre of War 2 Kursk 1943 Demo (Remove Only)
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BAA6A5C5-A8AA-47D3-9EBC-1D7638291C09}" = TRS2006 Demo
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{E2222809-FDED-4C7E-8F25-2337A8F39F03}" = Hidden & Dangerous 2 Sabre Squadron
"{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}" = Lock On: Modern Air Combat
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F33E8E65-2FCC-4F6B-9191-3B9F68392866}_is1" = GWX3 files for SH3 Commander 3.2
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"1602 A.D." = 1602 A.D.
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"BattlEye" = BattlEye Uninstall
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Combat Mission Shock Force_is1" = Combat Mission Shock Force
"Command & Conquer 95" = Command & Conquer Windows 95
"Company of Heroes" = Company of Heroes
"DivX Setup.divx.com" = DivX Setup
"ENERGY project_is1" = ENERGY project, release 4
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Galactic Civilizations II - Endless Universe" = Galactic Civilizations II - Endless Universe
"GENS" = GENS
"GridVista" = Acer GridVista
"Hitonic JAR-Starter_is1" = Hitonic JAR-Starter ver.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hon" = Heroes of Newerth
"IL-2 Sturmovik" = IL-2 Sturmovik
"Impulse" = Impulse
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{83437081-8186-4F63-BD39-4BE8A691E055}" = Hidden & Dangerous 2
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = SWAT 4 - The Stetchkov Syndicate
"InstallShield_{E2222809-FDED-4C7E-8F25-2337A8F39F03}" = Hidden & Dangerous 2 Sabre Squadron
"Lexmark Z2300 Series" = Lexmark Z2300 Series
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"MiniRA Plus 1.2 installer" = MiniRA Plus 1.2 installer
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSC" = McAfee SecurityCenter
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PFPortChecker" = PFPortChecker 1.0.36
"PunkBusterSvc" = PunkBuster Services
"Rigs of Rods" = Rigs of Rods 0.32
"SecuROM Diagnostic Tool" = SecuROM Diagnostic Tool
"SH3 Commander_is1" = SH3 Commander 3.2
"SolidWorks Installation Manager 20090-40300-1100-200" = SolidWorks 2009 SP03
"Star Trek Starfleet Command III" = Star Trek Starfleet Command III
"Steam App 10500" = Empire: Total War
"Steam App 12150" = Max Payne 2: The Fall of Max Payne
"Steam App 13140" = America's Army 3
"Steam App 1520" = DEFCON
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
"Steam App 30" = Day of Defeat
"Steam App 33910" = ARMA 2
"Steam App 39000" = Moonbase Alpha
"Steam App 4000" = Garry's Mod
"Steam App 4700" = Medieval II: Total War
"Steam App 4780" = Medieval II: Total War Kingdoms
"Steam App 50280" = Mafia II - Demo
"Steam App 6860" = Hitman: Blood Money
"Steam App 70" = Half-Life
"Steam App 8890" = Freedom Force vs. the 3rd Reich
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Vietcong" = Vietcong
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"X Plugin Manager" = X Plugin Manager 2.12
"X3 Bonus Package_is1" = X3 Bonus Package 3.1.05
"X3-MapViewer1.2.2.6_is1" = X3 Map Viewer v1.2.2.6
"X3-ModelViewer1.1.0.0_is1" = X3 Model Viewer v1.1.0.0
"X3-Reunion2.0.02UK_is1" = X3: Reunion v2.0.02

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Vietcong 2" = Vietcong 2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/08/2010 19:06:00 | Computer Name = Brendans-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 04/08/2010 15:15:29 | Computer Name = Brendans-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 05/08/2010 09:09:26 | Computer Name = Brendans-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 05/08/2010 11:35:01 | Computer Name = Brendans-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 05/08/2010 17:54:07 | Computer Name = Brendans-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 06/08/2010 08:07:53 | Computer Name = Brendans-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 06/08/2010 08:21:21 | Computer Name = Brendans-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 06/08/2010 11:18:15 | Computer Name = Brendans-Laptop | Source = Application Error | ID = 1000
Description = Faulting application Fallout3.exe, version 1.7.0.3, time stamp 0x4a40f18b,
faulting module Fallout3.exe, version 1.7.0.3, time stamp 0x4a40f18b, exception
code 0xc0000005, fault offset 0x001878f8, process id 0x434, application start time
0x01cb3579cdf92cec.

Error - 06/08/2010 12:24:26 | Computer Name = Brendans-Laptop | Source = Application Error | ID = 1000
Description = Faulting application Fallout3.exe, version 1.7.0.3, time stamp 0x4a40f18b,
faulting module Fallout3.exe, version 1.7.0.3, time stamp 0x4a40f18b, exception
code 0xc0000005, fault offset 0x001878f8, process id 0x1378, application start time
0x01cb357fd73aa7bc.

Error - 06/08/2010 19:06:02 | Computer Name = Brendans-Laptop | Source = VSS | ID = 8194
Description =

[ OSession Events ]
Error - 30/03/2010 13:24:16 | Computer Name = Brendans-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 14638
seconds with 3180 seconds of active time. This session ended with a crash.

Error - 21/04/2010 08:07:04 | Computer Name = Brendans-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 307
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/08/2010 09:43:15 | Computer Name = Brendans-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 11/08/2010 09:43:15 | Computer Name = Brendans-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 11/08/2010 09:43:15 | Computer Name = Brendans-Laptop | Source = Service Control Manager | ID = 7026
Description =

Error - 11/08/2010 09:43:15 | Computer Name = Brendans-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 11/08/2010 09:43:15 | Computer Name = Brendans-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 11/08/2010 09:43:15 | Computer Name = Brendans-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 11/08/2010 09:43:15 | Computer Name = Brendans-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 11/08/2010 09:43:57 | Computer Name = Brendans-Laptop | Source = DCOM | ID = 10005
Description =

Error - 11/08/2010 09:45:38 | Computer Name = Brendans-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 11/08/2010 09:45:38 | Computer Name = Brendans-Laptop | Source = Service Control Manager | ID = 7000
Description =


< End of report >


Thank you in advance! I've removed a few viruses and other nasties before but this thing seems to have me stumped. :)
  • 0

Advertisements

#2
SweetTech
Posted 11 August 2010 - 08:47 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message to me on here. :)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKCU..\Run: [Ebhbxkuu] C:\Windows\System32\KBDAZELZ.DLL ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe File not found
O33 - MountPoints2\{3bcb4559-2629-11df-a015-00238b2fe667}\Shell - "" = AutoRun
O33 - MountPoints2\{3bcb4559-2629-11df-a015-00238b2fe667}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{8a316d0c-a538-11de-af30-00238b2fe667}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{a1c4dc3f-b41a-11de-ac4b-00238b2fe667}\Shell - "" = AutoRun
O33 - MountPoints2\{a1c4dc3f-b41a-11de-ac4b-00238b2fe667}\Shell\AutoRun\command - "" = F:\loaderw.exe -- File not found
O33 - MountPoints2\{f4e9b9ec-99a1-11de-968b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f4e9b9ec-99a1-11de-968b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2005/12/13 15:13:30 | 000,905,216 | R--- | M] ()
[2010/08/07 19:43:21 | 000,000,000 | ---D | C] -- C:\Users\Brendan\AppData\Local\wnmavkpoa
[2010/08/07 19:36:21 | 000,052,736 | RHS- | M] () -- C:\Windows\System32\KBDAZELZ.dll

:Reg

:Files

:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Router Reset
  • Please read this: Malware Silently Alters Wireless Router Settings

  • Consult this link to find out what is the default username and password of your router and note down them: Route Passwords

  • Then rest your router to it's factory default settings:

    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"


  • This is the difficult part.
    First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

  • Please make sure of the following settings:
    • Go to start => Control panel => Double-click Network and Sharing Center.
    • In the left window select Manage network Connection.
    • In the right window right-click Local Area connection and select Properties .
    • Internet Protocol Version 6 (IP6v) should be checked. Double-click on it: Make sure of the following settings:
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
    • Click OK.
    • Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
  • Click OK twice.
  • If you should change any setting reboot the computer.


NEXT:



Please provide me with the requested log as well as an update on how things are running. Are you still experiencing issues with being redirected?
  • 0

#3
ScubaSam
Posted 11 August 2010 - 02:44 PM

ScubaSam

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Log is posted below:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ebhbxkuu deleted successfully.
C:\Windows\System32\KBDAZELZ.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bcb4559-2629-11df-a015-00238b2fe667}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bcb4559-2629-11df-a015-00238b2fe667}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bcb4559-2629-11df-a015-00238b2fe667}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bcb4559-2629-11df-a015-00238b2fe667}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a316d0c-a538-11de-af30-00238b2fe667}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a316d0c-a538-11de-af30-00238b2fe667}\ not found.
File G:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1c4dc3f-b41a-11de-ac4b-00238b2fe667}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1c4dc3f-b41a-11de-ac4b-00238b2fe667}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1c4dc3f-b41a-11de-ac4b-00238b2fe667}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1c4dc3f-b41a-11de-ac4b-00238b2fe667}\ not found.
File F:\loaderw.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4e9b9ec-99a1-11de-968b-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4e9b9ec-99a1-11de-968b-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4e9b9ec-99a1-11de-968b-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4e9b9ec-99a1-11de-968b-806e6f6e6963}\ not found.
File move failed. E:\autorun.exe scheduled to be moved on reboot.
C:\Users\Brendan\AppData\Local\wnmavkpoa folder moved successfully.
File C:\Windows\System32\KBDAZELZ.dll not found.
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: Administrator

User: All Users

User: Brendan
->Temp folder emptied: 1530020 bytes
->Temporary Internet Files folder emptied: 146654 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37417663 bytes
->Flash cache emptied: 628 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5120 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 37.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Brendan
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08112010_161154

Files\Folders moved on Reboot...
File move failed. E:\autorun.exe scheduled to be moved on reboot.
File\Folder C:\Windows\temp\mcafee_dDNQPguhgxxlxuV not found!
File\Folder C:\Windows\temp\mcmsc_BAfvYx6nV7fRAng not found!
File\Folder C:\Windows\temp\mcmsc_t2FNpsPXdvhmkR9 not found!
File\Folder C:\Windows\temp\mcmsc_yhDpTtjBx1cDxAi not found!

Registry entries deleted on Reboot...



And that seems to have done the trick! I decided to wait a few hours and browse normally in case the problem crept up again, but I'm pleased to say everything appears to be fine. The router appears to be fine as well - I already had a custom password on it and nothing appears to have changed since the last time I looked at its settings. IPv6 and IPv4 were setup fine as well.

Thank you very much for your help! =D
  • 0

#4
SweetTech
Posted 12 August 2010 - 08:57 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
I'm glad to hear that things are working better. I'd like to have you run a few additional scans to ensure we've gotten it all.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



Java Outdated
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note:
The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.


NEXT



Clean Java Cache & Temporary Files
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files
  • Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT:



Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.


NEXT:



Kaspersky Online Scanner
Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#5
ScubaSam
Posted 14 August 2010 - 08:12 AM

ScubaSam

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Sorry for delayed reply, the Kaspersky scan took nearly 5 hours to complete! MBAM log is posted below, everything came out clean:
---
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4425

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

13/08/2010 17:43:16
mbam-log-2010-08-13 (17-43-16).txt

Scan type: Quick scan
Objects scanned: 141378
Time elapsed: 6 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
---

I downloaded and installed the new java, couldn't find any old versions in the add/remove programs log. JavaRA gave a message about removing an older version, and told me it had created its log and would display it now, however nothing was displayed and no log file was created in the C: drive like it said. Not sure what happened there.

I was able to clean my java cache successfully.

Kaspersky scan took a very long time to complete, but it did work. Here is the report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, August 14, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, August 13, 2010 07:25:30
Records in database: 4132204
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 328685
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 04:51:37

No threats found. Scanned area is clean.

Selected area has been scanned.
---

Finally the security check report:

---
Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
McAfee SecurityCenter
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 21
Adobe Flash Player 10.1.53.64
Adobe Reader 9.3.3
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VIRUSS~1 mcshield.exe
McAfee VIRUSS~1 mcsysmon.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
---

And that's it :) Everything has been running smoothly these last few days, thank you very very much for your help :)
  • 0

#6
SweetTech
Posted 14 August 2010 - 01:21 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.



NEXT:



Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.



NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE
  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here
    • If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
      • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0

#7
ScubaSam
Posted 16 August 2010 - 05:52 AM

ScubaSam

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
System cleaned up, and thanks for all the security advice, I'd say I'll be looking into some of that in the near future.

Thanks for everything!
  • 0

#8
SweetTech
Posted 16 August 2010 - 08:54 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP