Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Anti virus Failure, and Google Chrome!


  • This topic is locked This topic is locked

#31
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts

hing about zeroaccess


I'm sorry but I don't understand. Is there any warning about infection from Combofix?
  • 0

Advertisements


#32
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Thank you for explanation. Nice. Now let's try OTL scan. Delete your version of OTL and download new one. How is your system now?

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

  • 0

#33
Spacelord11011

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
OTL logfile created on: 07/08/2011 01:30:21 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 54.38% Memory free
6.21 Gb Paging File | 4.75 Gb Available in Paging File | 76.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.91 Gb Total Space | 26.24 Gb Free Space | 18.75% Space Free | Partition Type: NTFS
Drive D: | 140.18 Gb Total Space | 11.70 Gb Free Space | 8.34% Space Free | Partition Type: NTFS
Drive J: | 486.25 Mb Total Space | 337.63 Mb Free Space | 69.43% Space Free | Partition Type: FAT

Computer Name: SPENCE-PC | User Name: Spence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/07 01:29:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL(3).scr
PRC - [2011/03/29 10:51:10 | 001,838,904 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe
PRC - [2011/03/28 19:14:32 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe
PRC - [2011/01/20 10:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/12/23 11:05:09 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/04/18 13:04:02 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/02 02:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/07/15 09:18:48 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/05/27 13:20:30 | 002,303,216 | ---- | M] (Virgin Broadband) -- C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/19 11:26:00 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/07/30 01:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/06/02 17:26:38 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008/06/02 17:26:22 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
PRC - [2008/01/21 03:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007/08/07 01:05:46 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2007/08/04 06:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2006/08/07 10:06:38 | 000,700,416 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2005/05/07 01:47:08 | 002,224,128 | ---- | M] (www.BitLord.com) -- C:\Program Files\BitLord\BitLord.exe


========== Modules (SafeList) ==========

MOD - [2011/08/07 01:29:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL(3).scr
MOD - [2010/08/31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - File not found [Auto | Stopped] -- -- (nvsvc)
SRV - File not found [Auto | Stopped] -- -- (NTIBackupSvc)
SRV - File not found [Auto | Stopped] -- -- (NMSAccessU)
SRV - File not found [Auto | Stopped] -- -- (MSK80Service)
SRV - File not found [Auto | Stopped] -- -- (MpfService)
SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Auto | Stopped] -- -- (McProxy)
SRV - File not found [Auto | Stopped] -- -- (McNASvc)
SRV - File not found [Auto | Stopped] -- -- (mcmscsvc)
SRV - File not found [Auto | Stopped] -- -- (McAfee SiteAdvisor Service)
SRV - File not found [Auto | Stopped] -- -- (LightScribeService)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Auto | Stopped] -- -- (IJPLMSVC)
SRV - File not found [Auto | Stopped] -- -- (FsUsbExService)
SRV - File not found [Auto | Stopped] -- -- (eDataSecurity Service)
SRV - File not found [Auto | Stopped] -- -- (CTDevice_Srv)
SRV - File not found [Auto | Stopped] -- -- (Creative Service for CDROM Access)
SRV - File not found [Auto | Stopped] -- -- (BUNAgentSvc)
SRV - File not found [Auto | Stopped] -- -- (Acer HomeMedia Connect Service)
SRV - [2011/07/28 17:31:26 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/11/12 18:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2008/06/02 17:25:40 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/05/21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/07 09:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/05/03 15:11:03 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/10/02 12:15:52 | 009,556,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/15 09:08:24 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/07/07 20:19:36 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/18 11:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/06/02 17:20:12 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/02/26 00:29:24 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2008/02/26 00:29:24 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007/12/02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/11/22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/11/22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/11/22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/11/22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/11/17 12:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/11/12 10:03:08 | 000,468,480 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/08/07 01:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/07/13 17:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...search&AF=9568"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.mydtzone....m/home?AF=9568"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.4
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.5.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.84

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Broadband\advisor\nprpspa.dll (Radialpoint Inc.)
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Spence\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Spence\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Spence\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/08/04 10:43:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/02 14:05:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/05 20:29:07 | 000,000,000 | ---D | M]

[2009/06/14 23:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spence\AppData\Roaming\Mozilla\Extensions
[2011/08/06 21:26:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spence\AppData\Roaming\Mozilla\Firefox\Profiles\hqctc2k2.default\extensions
[2010/05/04 17:55:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Spence\AppData\Roaming\Mozilla\Firefox\Profiles\hqctc2k2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/03 15:06:30 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Spence\AppData\Roaming\Mozilla\Firefox\Profiles\hqctc2k2.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/05/24 13:40:42 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Spence\AppData\Roaming\Mozilla\Firefox\Profiles\hqctc2k2.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/05/24 13:40:16 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Spence\AppData\Roaming\Mozilla\Firefox\Profiles\hqctc2k2.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/08/06 20:08:00 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Spence\AppData\Roaming\Mozilla\Firefox\Profiles\hqctc2k2.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/05/24 13:40:13 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Spence\AppData\Roaming\Mozilla\Firefox\Profiles\hqctc2k2.default\extensions\[email protected]
[2011/05/24 13:40:06 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Spence\AppData\Roaming\Mozilla\Firefox\Profiles\hqctc2k2.default\extensions\[email protected]
[2011/05/24 13:40:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spence\AppData\Roaming\Mozilla\Firefox\Profiles\hqctc2k2.default\extensions\[email protected]
[2011/05/03 15:10:35 | 000,002,059 | ---- | M] () -- C:\Users\Spence\AppData\Roaming\Mozilla\Firefox\Profiles\hqctc2k2.default\searchplugins\daemon-search.xml
[2011/08/06 21:26:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/14 11:12:08 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
[2006/08/09 11:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npWebLaunch.dll
[2010/04/18 13:04:08 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/04/25 18:44:57 | 000,002,225 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/04/18 13:04:08 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/04/18 13:04:08 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/04/18 13:04:08 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/08/06 21:13:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Broadbandadvisor.exe] C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe (Virgin Broadband)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\Windows\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [BitComet] C:\Program Files\BitLord\BitLord.exe (www.BitLord.com)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Spence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Spence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/06 23:41:00 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2011/08/06 21:15:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/06 21:06:23 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/06 20:12:58 | 000,000,000 | ---D | C] -- C:\hotfix1
[2011/08/06 20:08:40 | 000,000,000 | ---D | C] -- C:\Users\Spence\AppData\Local\WinZip
[2011/08/06 20:07:46 | 000,000,000 | ---D | C] -- C:\Users\Spence\AppData\Local\OpenCandy
[2011/08/06 20:07:41 | 000,000,000 | ---D | C] -- C:\Users\Spence\AppData\Roaming\OpenCandy
[2011/08/06 20:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011/08/06 20:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011/08/06 20:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/08/05 20:16:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/05 20:16:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/05 20:16:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/05 20:16:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/04 23:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/08/04 23:14:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/04 12:14:12 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/08/04 12:12:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/04 12:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/04 12:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/08/04 11:53:22 | 000,000,000 | ---D | C] -- C:\Users\Spence\AppData\Roaming\SUPERAntiSpyware.com
[2011/08/04 11:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/08/04 11:48:24 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/08/04 11:48:24 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe
[2011/08/04 11:48:19 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/08/04 11:40:01 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/08/04 11:38:03 | 000,000,000 | ---D | C] -- C:\Users\Spence\AppData\Roaming\Malwarebytes
[2011/08/04 11:31:20 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/04 11:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/04 11:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/04 11:31:17 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/04 11:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/04 09:26:10 | 000,000,000 | ---D | C] -- C:\Users\Spence\AppData\Roaming\BoneTown
[2011/08/03 21:49:19 | 000,000,000 | ---D | C] -- C:\Users\Spence\Desktop\foney
[2011/08/03 16:22:55 | 000,000,000 | ---D | C] -- C:\Users\Spence\AppData\Local\Canon Easy-PhotoPrint EX
[2011/08/03 16:17:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX
[2011/08/03 14:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualFem
[2011/08/03 14:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\VirtuaGirl HD
[2011/08/03 14:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digamour
[2011/08/03 14:14:48 | 000,000,000 | ---D | C] -- C:\Program Files\Digamour
[2011/07/31 16:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/07/31 16:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/31 16:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/31 16:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/31 12:35:09 | 000,000,000 | ---D | C] -- C:\Users\Spence\Desktop\DCIM
[2011/07/31 12:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/25 10:47:35 | 000,000,000 | ---D | C] -- C:\Users\Spence\Documents\TechArts3D
[2011/07/22 12:09:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenu
[2011/07/22 12:09:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter
[2011/07/22 12:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2011/07/22 11:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP2700 series User Registration
[2011/07/22 11:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011/07/22 11:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP2700 series Manual
[2011/07/22 11:40:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2011/07/22 11:38:20 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2011/07/22 11:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP2700 series
[2011/07/22 11:36:27 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2011/07/22 11:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011/07/15 09:23:44 | 011,342,848 | ---- | C] (illusion) -- C:\AAEdit.exe
[2011/07/12 14:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\Illusion Registry Fixer
[2011/07/11 14:32:51 | 000,000,000 | ---D | C] -- C:\Users\Spence\.dvdcss
[2009/08/09 14:00:58 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Spence\AppData\Roaming\pcouffin.sys
[2008/08/17 10:03:54 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/08/07 01:33:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B76032BB-D0B0-421D-A822-E7A46C595341}.job
[2011/08/07 00:49:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3015068568-3040374585-1810929627-1000UA.job
[2011/08/07 00:41:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/07 00:16:57 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/07 00:16:57 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/06 23:41:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/06 21:13:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/06 20:54:43 | 000,000,512 | ---- | M] () -- C:\Users\Spence\Desktop\MBR.dat
[2011/08/06 20:17:46 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2011/08/06 20:16:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/06 20:09:06 | 000,011,644 | ---- | M] () -- C:\Users\Spence\Desktop\MBR1.zip
[2011/08/06 19:58:51 | 000,011,178 | ---- | M] () -- C:\Users\Spence\Desktop\MBR.rar
[2011/08/06 19:43:53 | 000,162,397 | ---- | M] () -- C:\Users\Spence\Desktop\mbr.jpg
[2011/08/06 19:20:36 | 000,080,384 | ---- | M] () -- C:\Users\Spence\Desktop\MBRCheck.exe
[2011/08/06 17:08:49 | 000,069,632 | ---- | M] () -- C:\Users\Spence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/06 03:49:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3015068568-3040374585-1810929627-1000Core.job
[2011/08/05 20:30:50 | 346,303,556 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/05 08:00:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/08/04 12:12:45 | 000,000,917 | ---- | M] () -- C:\Users\Spence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/04 12:12:19 | 000,000,737 | ---- | M] () -- C:\Users\Spence\Desktop\NTREGOPT.lnk
[2011/08/04 12:12:19 | 000,000,718 | ---- | M] () -- C:\Users\Spence\Desktop\ERUNT.lnk
[2011/08/04 11:48:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2011/08/04 11:37:56 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/04 10:42:36 | 000,061,337 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/08/04 10:38:48 | 000,334,350 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/08/04 10:38:48 | 000,334,350 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/08/03 22:50:32 | 000,002,090 | ---- | M] () -- C:\Users\Spence\Desktop\Google Chrome.lnk
[2011/08/03 22:50:32 | 000,002,052 | ---- | M] () -- C:\Users\Spence\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2011/07/31 16:49:40 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/26 22:14:45 | 000,295,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/22 11:43:38 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Canon iP2700 series User Registration.LNK
[2011/07/22 11:42:49 | 000,001,824 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2011/07/22 11:42:39 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2011/07/22 11:41:01 | 000,001,796 | ---- | M] () -- C:\Users\Public\Desktop\Canon My Printer.lnk
[2011/07/22 11:40:43 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\Canon iP2700 series On-screen Manual.lnk
[2011/07/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job

========== Files Created - No Company Name ==========

[2011/08/06 20:08:31 | 000,011,644 | ---- | C] () -- C:\Users\Spence\Desktop\MBR1.zip
[2011/08/06 19:58:41 | 000,011,178 | ---- | C] () -- C:\Users\Spence\Desktop\MBR.rar
[2011/08/06 19:43:53 | 000,162,397 | ---- | C] () -- C:\Users\Spence\Desktop\mbr.jpg
[2011/08/06 19:20:30 | 000,080,384 | ---- | C] () -- C:\Users\Spence\Desktop\MBRCheck.exe
[2011/08/06 09:04:04 | 000,000,512 | ---- | C] () -- C:\Users\Spence\Desktop\MBR.dat
[2011/08/05 20:16:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/05 20:16:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/05 20:16:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/05 20:16:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/05 20:16:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/04 12:12:45 | 000,000,917 | ---- | C] () -- C:\Users\Spence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/04 12:12:19 | 000,000,737 | ---- | C] () -- C:\Users\Spence\Desktop\NTREGOPT.lnk
[2011/08/04 12:12:19 | 000,000,718 | ---- | C] () -- C:\Users\Spence\Desktop\ERUNT.lnk
[2011/08/04 11:48:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2011/08/04 11:32:23 | 346,303,556 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/04 11:31:20 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/04 10:55:27 | 000,002,090 | ---- | C] () -- C:\Users\Spence\Desktop\Google Chrome.lnk
[2011/08/04 10:55:27 | 000,002,052 | ---- | C] () -- C:\Users\Spence\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/31 16:49:40 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/22 11:43:38 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Canon iP2700 series User Registration.LNK
[2011/07/22 11:42:49 | 000,001,824 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2011/07/22 11:42:39 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2011/07/22 11:41:01 | 000,001,796 | ---- | C] () -- C:\Users\Public\Desktop\Canon My Printer.lnk
[2011/07/22 11:40:43 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\Canon iP2700 series On-screen Manual.lnk
[2011/06/04 19:14:15 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011/06/04 19:14:15 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011/06/04 19:13:53 | 000,002,528 | ---- | C] () -- C:\Users\Spence\AppData\Roaming\$_hpcst$.hpc
[2011/05/03 22:54:36 | 000,000,222 | ---- | C] () -- C:\Windows\wininit.ini
[2011/04/27 11:47:07 | 000,000,094 | ---- | C] () -- C:\Users\Spence\AppData\Local\fusioncache.dat
[2011/04/14 14:51:18 | 000,000,004 | ---- | C] () -- C:\Windows\info147.sys
[2011/04/14 14:29:36 | 000,000,003 | ---- | C] () -- C:\Windows\treeskp.sys
[2011/04/14 14:29:36 | 000,000,003 | ---- | C] () -- C:\Windows\sbacknt.bin
[2011/03/07 12:27:21 | 000,000,243 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2011/02/12 17:05:01 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/12/08 12:55:04 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/11/19 11:45:32 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/09/20 16:04:37 | 000,027,503 | ---- | C] () -- C:\Users\Spence\AppData\Roaming\UserTile.png
[2010/08/08 21:34:12 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2010/06/29 18:02:59 | 000,000,000 | ---- | C] () -- C:\Users\Spence\AppData\Roaming\wklnhst.dat
[2010/05/27 17:42:36 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Avi Divx Xvid to DVD Burner.INI
[2010/04/10 07:18:24 | 000,334,350 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/03/19 19:06:39 | 000,001,100 | ---- | C] () -- C:\Users\Spence\AppData\Local\d3d8caps.dat
[2010/03/16 13:32:37 | 000,026,792 | ---- | C] () -- C:\Program Files\REFLEXIVE UNIVERSAL PATCHER v1.0.EXE
[2009/11/06 23:25:26 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/09 14:00:58 | 000,007,887 | ---- | C] () -- C:\Users\Spence\AppData\Roaming\pcouffin.cat
[2009/08/09 14:00:58 | 000,001,144 | ---- | C] () -- C:\Users\Spence\AppData\Roaming\pcouffin.inf
[2009/07/03 19:24:54 | 000,001,356 | ---- | C] () -- C:\Users\Spence\AppData\Local\d3d9caps.dat
[2009/06/17 19:14:17 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2009/06/14 23:10:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/06/14 22:14:07 | 000,069,632 | ---- | C] () -- C:\Users\Spence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/14 17:10:25 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/14 17:10:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/14 16:31:49 | 000,196,608 | ---- | C] () -- C:\Windows\System32\UpdateDriver.exe
[2009/06/14 16:31:49 | 000,000,525 | ---- | C] () -- C:\Windows\System32\ucuiinfo.ini
[2009/05/16 05:20:04 | 000,334,350 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/05/06 22:25:11 | 000,472,576 | ---- | C] () -- C:\Windows\Nvidia Omega Drivers v1.169.25 Uninstall.exe
[2008/08/17 09:53:40 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,295,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,606,666 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/11 06:29:28 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2006/10/11 06:29:28 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2006/10/11 06:25:48 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2006/10/11 06:25:48 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2006/10/11 06:17:51 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2006/10/11 06:14:43 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2005/10/14 10:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2005/10/14 10:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2005/10/14 10:56:50 | 000,778,240 | ---- | C] () -- C:\Windows\System32\DivXsm.exe
[2005/10/14 10:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2005/10/14 10:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2005/10/14 10:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2005/10/14 10:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2005/10/14 10:56:50 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2005/10/14 10:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2003/11/10 16:06:08 | 000,406,016 | ---- | C] () -- C:\Windows\System32\PSDrvCheck.exe
[2001/12/27 00:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 07:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 00:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 06:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/08/17 10:07:23 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\Acer GameZone Console
[2009/07/03 12:42:35 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\Any Video Converter
[2011/03/08 08:59:05 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\BitTorrent
[2011/08/04 09:32:10 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\BoneTown
[2011/05/03 15:12:28 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\DAEMON Tools Lite
[2009/12/09 16:51:27 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\DAEMON Tools Pro
[2009/11/30 13:14:09 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\DC++
[2010/12/19 18:28:11 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\GetRightToGo
[2009/07/03 16:49:57 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\GrabPro
[2011/05/03 22:58:13 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\Hide IP NG
[2011/08/06 20:07:41 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\OpenCandy
[2011/08/07 01:29:51 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\Orbit
[2011/06/06 11:17:44 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\PC Suite
[2010/09/20 16:04:37 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\PeerNetworking
[2010/12/31 11:40:07 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\PMS
[2011/04/14 11:12:47 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\ProgSense
[2009/06/17 19:52:02 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\Red Chair Software
[2011/06/04 19:13:49 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\Samsung
[2010/10/05 09:36:44 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\Sports Interactive
[2010/06/29 18:03:10 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\Template
[2010/12/08 08:57:37 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\thriXXX
[2011/05/21 14:32:38 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\Uniblue
[2009/11/12 15:22:41 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\Virgin Broadband
[2010/12/19 17:45:16 | 000,000,000 | ---D | M] -- C:\Users\Spence\AppData\Roaming\Vso
[2011/07/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/08/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011/08/06 20:15:19 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/06 20:17:46 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\SpeedUpMyPC.job
[2011/08/07 01:33:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B76032BB-D0B0-421D-A822-E7A46C595341}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/06/15 11:46:36 | 011,342,848 | ---- | M] (illusion) -- C:\AAEdit.exe


< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011/08/04 11:43:51 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\downloads\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2011/08/04 11:40:18 | 001,008,041 | ---- | M] () MD5=25B4AEBE25FE427F7FF7228786CF2526 -- C:\downloads\uSeRiNiT.exe

< MD5 for: WINLOGON.EXE >
[2011/08/04 11:40:11 | 001,008,041 | ---- | M] () MD5=25B4AEBE25FE427F7FF7228786CF2526 -- C:\downloads\WiNlOgOn.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/04/18 13:04:09 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/04/18 13:04:09 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/04/18 13:04:09 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/04/18 13:04:02 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/04/18 13:04:02 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/04/18 13:04:02 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Spence\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/09 05:51:19 | 001,012,792 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Spence\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/09 05:51:19 | 001,012,792 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Spence\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/09 05:51:19 | 001,012,792 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Spence\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/07/09 05:51:19 | 001,012,792 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.4478\InstallInfo\\ShowIconsCommand: "C:\Users\4478\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.4478\InstallInfo\\HideIconsCommand: "C:\Users\4478\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.4478\InstallInfo\\ReinstallCommand: "C:\Users\4478\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.4478\shell\open\command\\: "C:\Users\4478\AppData\Local\Google\Chrome\Application\chrome.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/04/18 13:04:09 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/04/18 13:04:09 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/04/18 13:04:09 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/04/18 13:04:02 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/04/18 13:04:02 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/04/18 13:04:02 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Spence\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/09 05:51:19 | 001,012,792 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Spence\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/09 05:51:19 | 001,012,792 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Spence\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/09 05:51:19 | 001,012,792 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Spence\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/07/09 05:51:19 | 001,012,792 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.4478\InstallInfo\\ShowIconsCommand: "C:\Users\4478\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.4478\InstallInfo\\HideIconsCommand: "C:\Users\4478\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.4478\InstallInfo\\ReinstallCommand: "C:\Users\4478\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.4478\shell\open\command\\: "C:\Users\4478\AppData\Local\Google\Chrome\Application\chrome.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4240575B

< End of report >
  • 0

#34
Spacelord11011

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
OTL Extras logfile created on: 07/08/2011 01:30:21 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 54.38% Memory free
6.21 Gb Paging File | 4.75 Gb Available in Paging File | 76.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.91 Gb Total Space | 26.24 Gb Free Space | 18.75% Space Free | Partition Type: NTFS
Drive D: | 140.18 Gb Total Space | 11.70 Gb Free Space | 8.34% Space Free | Partition Type: NTFS
Drive J: | 486.25 Mb Total Space | 337.63 Mb Free Space | 69.43% Space Free | Partition Type: FAT

Computer Name: SPENCE-PC | User Name: Spence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05AB0E2E-0E40-4159-ACE3-0005019EF955}" = lport=445 | protocol=6 | dir=in | app=system |
"{0CC0C232-8F27-41A4-B6C2-D90F54739AE0}" = lport=137 | protocol=17 | dir=in | app=system |
"{0F663DE2-B9E2-46E5-B246-98F212D41540}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{18D354A8-A864-4408-B729-70D5835BD1A4}" = lport=10244 | protocol=6 | dir=in | app=system |
"{190F6C5D-6D95-442A-B59D-D785EF6E78A5}" = rport=139 | protocol=6 | dir=out | app=system |
"{2E3F1BBF-FE0F-4674-86EA-C99E4AFE2DB0}" = rport=10244 | protocol=6 | dir=out | app=system |
"{454135AB-B5BD-45EA-89C8-F42F8103C9BE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{49EB15F1-9440-423A-9390-FDDD937BB96D}" = rport=138 | protocol=17 | dir=out | app=system |
"{4A5E6710-BD17-4459-8F3C-FB76C2CDA53F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{500459F6-77C9-439B-A960-AA7ED420C16A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{545C9859-154F-4D71-90E0-70BA8CAA1C5B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C10768A-6E9B-4474-857A-B005F96982F1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F1912B1-E3D9-4433-917D-ECBF5F022129}" = rport=10244 | protocol=6 | dir=out | app=system |
"{697E29E4-1468-41FC-BC7C-1B3864A06750}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6AF95949-107A-4324-B534-26E0FBC45D85}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{730D0268-BF9E-4760-BDCC-4851806DFAA1}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{74038D98-43DF-44E4-8D75-975F5EDEE537}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{76A09552-4544-4B5D-8C1B-AD8E6C88DA64}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8365E5D8-00AF-4A55-9DC7-D2AAF976F99A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{89213D64-9E87-4CA1-9B00-E09D3E775C40}" = lport=3390 | protocol=6 | dir=in | app=system |
"{894EDEEF-B634-42DF-8323-A0C0778712D3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F610F65-FF0D-4396-B676-FAA1AAD7DFC9}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{91CF4EE6-F2B2-4C25-8B8A-6A8F6B160147}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{930C9B1E-1E10-4C75-AA3F-B790E203086B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{97A5EE82-DC2A-45B4-9E07-B49208302CBF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A04F97C1-A2BE-4C99-8B32-6B4D12E6FB0D}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A240EE4C-0B12-4A47-80D6-A7EDF698B17D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A31CC62E-5D42-4A2E-B076-49A14239015A}" = rport=445 | protocol=6 | dir=out | app=system |
"{A900A02E-3B7B-41D8-848E-305664333583}" = lport=139 | protocol=6 | dir=in | app=system |
"{AA186FC2-DBD9-4BE6-BA63-DAA57E84D1D2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BA2C7345-4FFE-48EC-A3A4-3DCDEA7B9E93}" = lport=3390 | protocol=6 | dir=in | app=system |
"{BD445977-DA75-4B40-8C1B-F40414E958A5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C073F20E-6D37-4E67-97E4-F2516E63DA35}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C926DD89-D9A5-4A6B-BA5C-54C6B869B11D}" = lport=10244 | protocol=6 | dir=in | app=system |
"{CCA242D4-8446-4A23-B467-A7059D624695}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{CE090ACC-1636-4846-9600-3D1C2D7255FD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1991D15-1F0C-4453-8C08-D4F6DB696293}" = lport=138 | protocol=17 | dir=in | app=system |
"{E2C4CC9E-85EA-4F45-B836-2F324D87A992}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E772F351-1336-421F-B4EC-B7BCFA743028}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA84EEB9-23F2-4580-9629-EE2D7548C940}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F64A30E4-EBC9-4926-9CD5-611D9FC54F7B}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0175E2EB-3E11-41ED-9C88-4397DCE99DDA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{07819B53-79A1-48E2-B383-DD0E63D76CFD}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{08FC3FF0-AD1F-4CCF-818B-D623FBDFB563}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{0B0449D7-D383-4E31-83B8-BB231C205030}" = protocol=6 | dir=out | app=system |
"{13A73E79-67DA-492A-B8AE-6A908C632F81}" = protocol=58 | dir=in | [email protected],-28545 |
"{15BE8BF9-609E-4DEA-8996-C2F5E24295B9}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{1AED17B7-2F73-4986-838E-DBA7F370C317}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1CB94347-FCAE-4F66-AF8B-F9FA9C1597A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1F5328F0-B38B-46C9-96EF-A00B2511E4CA}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{210B88CA-09E5-47C5-9166-EAF7EC176E4A}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{2395BA06-C3B9-4C92-BBD3-206BE4314CCC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{2B9CE5F1-3BB0-4AFF-9007-0FF145A7DD7C}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{2FB72B3A-B5C9-40FA-A3ED-89EEA35D5E9A}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{348D6C03-20EE-422D-AC25-D24866A1D438}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{359D355A-CF5A-4DB3-8C09-886A00C7859E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2010\fm.exe |
"{3648DB37-9D68-4487-8EA4-6F59DC548735}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{3833AE5D-D130-4113-BEDF-68041A70C539}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{389C95E8-807D-4771-A332-9AF692F3DB45}" = protocol=1 | dir=out | [email protected],-28544 |
"{3C658A2C-EF1F-4731-ABEC-C4D3850630B2}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{3C8CB2D7-5FC6-4462-83BF-95A997C6698F}" = protocol=58 | dir=out | [email protected],-28546 |
"{3EFB575F-D3FE-4F08-A6C0-2D02F9903611}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40BBD973-DD62-4BC9-B725-C8D116B9F82B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{46D6B03C-A2E0-4C27-A086-A6BFE4F90803}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4C08F55F-66F3-4298-A146-EF86AB8F1A41}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{4CB1E44C-E064-4B4F-B06A-E670162EB546}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4DA8116F-AFA1-46C2-820B-EAAC6A4C7924}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{5108850B-518F-4F1E-B9BF-1FC6AAC10082}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{57C4E51B-D67A-4515-ACFF-15A2E578932A}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{58537539-4E33-4240-BA56-50879D023C88}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{5AFBB49E-F261-4BE5-A684-5131535D7EE7}" = protocol=6 | dir=in | app=c:\program files\flagship studios\hellgate london\launcher.exe |
"{5D036D56-59DB-418E-B126-DE3E8590ACF0}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{653CE6AF-2714-40DD-85FC-A7222534BE46}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{71BB10FC-945B-4927-B6D3-BA16D5E92087}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{75D0E682-E75C-4D01-BB12-90E46EB333CE}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7633266E-6B96-4739-BACE-14F2F98FAE47}" = protocol=1 | dir=in | [email protected],-28543 |
"{7686BA63-F84B-4CA4-B232-897118F81296}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{7758CE52-9401-4F6D-A8B4-8EFADA0257F8}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{77A294F2-1903-44E7-8100-890E906B1E4D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7B95918F-C516-48B5-85EB-343168C41E1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81FC9C94-ED7A-4241-953A-72C4B88DB0CF}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{843F2C89-C1FA-447F-BBC7-C4C219B88FAF}" = protocol=17 | dir=in | app=c:\program files\flagship studios\hellgate london\launcher.exe |
"{87A9A98D-AFFE-4E60-BBCF-B5DA98210B71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{889FA76C-6E53-45E2-99C7-56E4339D696E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8ADD6EBF-539C-457E-A5C6-549B88BACB61}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{97EA7440-C273-4543-9F9D-6A1642531318}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe |
"{A31CD6DF-8425-4272-B208-6E01663A420A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{A516C958-7DB6-40F0-81D2-84A29D98932D}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{A5662215-F4C9-4FEC-834D-FBB93FEBFF61}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe |
"{A6016609-9333-43A0-8BA9-881B35B93F83}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A8253C2D-14DB-4CCB-B56A-10AA9CDFC5FE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AFACCD4D-1D0A-4BDB-B675-132C97BD41FB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2010\fm.exe |
"{B203B038-900D-4F62-8046-8D399C0C9E42}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{B5F0F22C-02D1-4E3C-9C75-25D917822C8F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE9C810D-606C-44CE-9E78-DD5E4062F1AD}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{BFB9AC7F-60BF-4509-8CBC-BB01778C6681}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C48D74E6-93DB-4085-AAE6-35FA248DD272}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{C7DD2045-E4A7-469F-9C11-D5557951EBF8}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{CE2D9263-4027-4975-B934-C4489DFA5F51}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D4D269EB-1338-47A5-ACBA-DE3ECB184337}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{D4DDF455-25D7-4B86-BF8C-8EF986F55BD8}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{D6E082FA-09E9-4C3A-A814-E0E25FDA132C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D970754E-9963-4FEF-B206-0F5CC4CFBD05}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{DAC1039A-0995-471D-B0BF-17FF70EA4FBE}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{DDE743D4-0903-4770-8939-049EC1E337B6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe |
"{DE8EE076-BE93-44C2-A8B1-04755C9F351F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe |
"{E57B847E-43FB-41FC-9446-ABBF5B355D38}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F62E5FC5-510B-4219-BE63-702DCF89C618}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{F70905DB-535A-4181-83F1-9852DDD24D02}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F7F77C14-769C-4FCC-8D2C-19FB01610B59}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F9E4625A-1D09-437B-8672-7FA75F8BE5C1}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{009D3DE4-0EFE-459E-8AAF-171CF5C26A28}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"TCP Query User{06A72EC9-D5A6-4599-ADC0-87358A017123}C:\program files\virgin broadband\advisor\broadbandadvisor.exe" = protocol=6 | dir=in | app=c:\program files\virgin broadband\advisor\broadbandadvisor.exe |
"TCP Query User{0804030C-48F1-470E-835C-84C08E1BB91F}C:\windows\system32\werfault.exe" = protocol=6 | dir=in | app=c:\windows\system32\werfault.exe |
"TCP Query User{08BDFF3E-0EEF-41C1-9357-DF7572CF7660}C:\rohan_blood_feud\rohanclient.exe" = protocol=6 | dir=in | app=c:\rohan_blood_feud\rohanclient.exe |
"TCP Query User{17783E2C-6DAD-4914-8105-7880E314D0F3}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{1E78BF32-C70A-4119-A4AD-2DB7B12330D4}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{1F8338F2-6131-4B0B-ACDC-434586549F70}C:\program files\avast software\avast\avastui.exe" = protocol=6 | dir=in | app=c:\program files\avast software\avast\avastui.exe |
"TCP Query User{22EF6376-0636-4DC4-B953-CC6C7D2F918A}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"TCP Query User{23277707-AF0C-4A28-BA4F-9C4D0060A6F5}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{2A3CC908-738B-44D2-AC26-45EF7214E507}C:\combofix\combofix-download.cfxxe" = protocol=6 | dir=in | app=c:\combofix\combofix-download.cfxxe |
"TCP Query User{343D109C-43D9-4400-ADBD-C883EA26159B}C:\users\spence\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\spence\program files\dna\btdna.exe |
"TCP Query User{5B66830A-93B3-42F0-932D-1433D7BE6483}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{5E9AA25E-1BBF-445D-897B-7A42F92DEB7E}C:\users\spence\appdata\local\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\spence\appdata\local\google\update\googleupdate.exe |
"TCP Query User{6281B3E2-010C-4C32-A6F2-5439D5339CAE}C:\users\spence\appdata\local\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\spence\appdata\local\google\update\googleupdate.exe |
"TCP Query User{636A6612-E227-466E-9874-C9B4A9AB3091}C:\program files\java\jre6\bin\jucheck.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\jucheck.exe |
"TCP Query User{6F78BE6B-73CD-4BA2-842A-2A4C21BC4399}C:\windows\helppane.exe" = protocol=6 | dir=in | app=c:\windows\helppane.exe |
"TCP Query User{7061E388-CF7B-4BF8-96F0-390CFFE52185}C:\program files\cyanide\blood bowl\bb.exe" = protocol=6 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe |
"TCP Query User{768CAAB4-3040-483E-8D5D-94EE0169E5EA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{88FFED9A-45D5-4238-8AE1-9A72B1325D9D}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{981EB18E-B1F1-480A-937D-79FFDAC3E300}C:\downloads\routerclient.exe" = protocol=6 | dir=in | app=c:\downloads\routerclient.exe |
"TCP Query User{9F86C59E-4D25-48B0-8840-EA1D3D515048}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{AD60BBB6-025C-4469-8BAB-DDD5A0523569}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B19FFE7A-4B19-4635-BB1A-E83EA9022080}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{B7C22A68-56C5-4F11-806B-FC380C0C4815}C:\windows\system32\wermgr.exe" = protocol=6 | dir=in | app=c:\windows\system32\wermgr.exe |
"TCP Query User{B9A9ABDF-F30A-48DE-9862-2B3004BC4B1D}C:\program files\orbitdownloader\orbitdm.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitdm.exe |
"TCP Query User{D0353805-776D-4827-A6C7-F449EF88D487}C:\program files\common files\adobe\arm\1.0\adobearm.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\arm\1.0\adobearm.exe |
"TCP Query User{D97455D4-8CF9-4539-882B-262ECD1BBD5A}C:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" = protocol=6 | dir=in | app=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe |
"TCP Query User{DAEB4F6F-1805-46A6-BF48-50C865DB3BB1}D:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=d:\program files\turbine\ddo unlimited\dndclient.exe |
"TCP Query User{E331708E-1294-40D7-B440-0A72F9DD688C}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"TCP Query User{E5892C14-3464-4C0B-8DC2-628D5D9DF7EC}C:\program files\malwarebytes' anti-malware\mbam.exe" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"TCP Query User{EB29F6E0-14FD-4E9F-BF94-995C06E55545}C:\program files\windows defender\msascui.exe" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"TCP Query User{F1F34363-6B75-47C6-BB9F-C3537E75D518}C:\program files\avast software\avast\setup\sfx\avast.setup" = protocol=6 | dir=in | app=c:\program files\avast software\avast\setup\sfx\avast.setup |
"UDP Query User{01550DBD-56FD-4623-A93D-D8231484CAA2}C:\rohan_blood_feud\rohanclient.exe" = protocol=17 | dir=in | app=c:\rohan_blood_feud\rohanclient.exe |
"UDP Query User{08DB2BC0-964C-4C1E-9E3C-BF8874BB1B96}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{16CD2218-9D66-4D4D-A655-F7131D57A071}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{17B6C107-1923-4775-A338-40923FB79F5B}C:\program files\cyanide\blood bowl\bb.exe" = protocol=17 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe |
"UDP Query User{192A884A-CD5C-481A-97A8-566DB291BD7A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{1D42B68D-829A-42B5-8BD2-980BE0A38441}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{2977C216-305B-41AD-8A56-B49CCF62299B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{2A232A73-636B-4F76-985A-2604358E4040}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{3F64A464-EC13-4DE9-8436-AF66EBD3D749}C:\program files\java\jre6\bin\jucheck.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\jucheck.exe |
"UDP Query User{41865360-A868-4E40-AB32-DBAD57F43B69}C:\program files\common files\adobe\arm\1.0\adobearm.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\arm\1.0\adobearm.exe |
"UDP Query User{438352A6-D85A-4132-B9D9-841D06386F63}C:\program files\orbitdownloader\orbitdm.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitdm.exe |
"UDP Query User{50DE3C65-3210-439B-BB61-A7A7C3567465}C:\users\spence\appdata\local\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\spence\appdata\local\google\update\googleupdate.exe |
"UDP Query User{565A3194-15D4-40FD-8CE2-E0EA397E6564}C:\windows\system32\werfault.exe" = protocol=17 | dir=in | app=c:\windows\system32\werfault.exe |
"UDP Query User{5CFE436B-FC1F-4848-8A8B-2351F60B6869}C:\combofix\combofix-download.cfxxe" = protocol=17 | dir=in | app=c:\combofix\combofix-download.cfxxe |
"UDP Query User{62DC71E0-0269-45BD-A46A-0C30B5765B4D}C:\program files\virgin broadband\advisor\broadbandadvisor.exe" = protocol=17 | dir=in | app=c:\program files\virgin broadband\advisor\broadbandadvisor.exe |
"UDP Query User{71C777ED-625F-4237-9ADB-D96A96F5F419}C:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" = protocol=17 | dir=in | app=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe |
"UDP Query User{732838AD-3198-4D26-B92D-1398E7A35385}C:\program files\windows defender\msascui.exe" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"UDP Query User{770E98FA-E549-402F-8DF4-B7F52A3FED5B}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{871F2405-BBFD-4CD4-BB45-66496D4816DC}C:\program files\avast software\avast\setup\sfx\avast.setup" = protocol=17 | dir=in | app=c:\program files\avast software\avast\setup\sfx\avast.setup |
"UDP Query User{8A260CD9-D20C-4F34-B247-73BFC7F566AB}C:\program files\malwarebytes' anti-malware\mbam.exe" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"UDP Query User{A9995043-48FC-47BE-85AB-3663149BB831}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{AEA8EFF5-5C8A-4E4F-84D1-7565C62F00EF}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{BDB5EA16-012E-4F6C-B657-1E4EF8C62523}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"UDP Query User{BECAC12A-943C-466E-9EBE-CC6C6EC00D67}C:\windows\helppane.exe" = protocol=17 | dir=in | app=c:\windows\helppane.exe |
"UDP Query User{BFC47E2C-C7F6-44E5-A5ED-FE1FB291B6F8}C:\users\spence\appdata\local\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\spence\appdata\local\google\update\googleupdate.exe |
"UDP Query User{C887CFED-FC71-4A3A-9CDC-208F92E82583}C:\windows\system32\wermgr.exe" = protocol=17 | dir=in | app=c:\windows\system32\wermgr.exe |
"UDP Query User{D936910D-3EED-4F3B-9B31-3D21B7BB06B8}C:\users\spence\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\spence\program files\dna\btdna.exe |
"UDP Query User{DF307411-EE34-4D88-B781-07CFFFB61E39}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{DF517E63-661D-4CB3-A054-F3BB105A2AA8}D:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=d:\program files\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{E31C0B07-261B-492D-A705-25857EC31C92}C:\downloads\routerclient.exe" = protocol=17 | dir=in | app=c:\downloads\routerclient.exe |
"UDP Query User{F9F8C4D8-191A-4706-B868-BA7531595399}C:\program files\avast software\avast\avastui.exe" = protocol=17 | dir=in | app=c:\program files\avast software\avast\avastui.exe |
"UDP Query User{FE13D232-A4A1-4FD3-8BC2-C2C3288E1B94}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{4CA9839A-F660-4F7F-BD45-F466512ECE20}" = LegionArena
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.1.18.242
"{BC14F40D-7C13-4F3A-9F4A-3835D7642036}" = PE585QAEncoder-32
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{D944236D-7992-41D6-8257-930B5832F1CC}" = Creative Zen Micro
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 2.7.4
"AudibleManager" = AudibleManager
"AviSynth" = AviSynth 2.5
"BitLord" = BitLord 1.1
"BitTorrent" = BitTorrent
"Canon iP2700 series User Registration" = Canon iP2700 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Creative Centrale" = Creative Centrale
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"DAEMON Tools Lite" = DAEMON Tools Lite
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
"Easy Avi/Divx/Xvid to DVD Burner_is1" = Easy Avi/Divx/Xvid to DVD Burner 2.5.1
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 3097] [2009-10-08]
"Free DVD Video Burner_is1" = Free DVD Video Burner version 1.1
"Free Studio_is1" = Free Studio version 4.1
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iMesh" = iMesh
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Basic)
"Luxor 3_is1" = Luxor 3
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"Nvidia Omega Drivers for Windows Vistav1.169.25" = Nvidia Omega Drivers v1.169.25 Setup Files and Tools
"Orbit_is1" = Orbit Downloader
"Pangya" = Pangya (Ntreev SG Interactive)
"PowerISO" = PowerISO
"PS3 Media Server" = PS3 Media Server
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"RadialpointClientGateway_is1" = Virgin Broadband advisor 1.5.24
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Super DVD Creator_is1" = Super DVD Creator 9.8 Full Version
"SysInfo" = Creative System Information
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.9
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"WM Converter 2.0" = WM Converter 2.0
"ZENcast Organizer" = ZENcast Organizer
"ZENXFI2UG" = Creative ZEN X-Fi2 Documentation

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/08/2011 16:31:27 | Computer Name = Spence-PC | Source = WinMgmt | ID = 10
Description =

Error - 02/08/2011 16:41:42 | Computer Name = Spence-PC | Source = VSS | ID = 8193
Description =

Error - 03/08/2011 04:18:05 | Computer Name = Spence-PC | Source = WinMgmt | ID = 10
Description =

Error - 03/08/2011 04:20:07 | Computer Name = Spence-PC | Source = Application Error | ID = 1000
Description = Faulting application PCMMediaSharing.exe, version 0.0.0.0, time stamp
0x4663e046, faulting module ntdll.dll, version 6.0.6001.22777, time stamp 0x4cb72ffe,
exception code 0xc0000005, fault offset 0x00068386, process id 0xfcc, application
start time 0x01cc51b61f8f3fd3.

Error - 03/08/2011 08:14:58 | Computer Name = Spence-PC | Source = VSS | ID = 8193
Description =

Error - 03/08/2011 09:26:00 | Computer Name = Spence-PC | Source = MsiInstaller | ID = 1002
Description =

Error - 03/08/2011 09:26:30 | Computer Name = Spence-PC | Source = MsiInstaller | ID = 1002
Description =

Error - 03/08/2011 09:26:31 | Computer Name = Spence-PC | Source = VSS | ID = 8193
Description =

Error - 03/08/2011 09:28:36 | Computer Name = Spence-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ec4 Start Time: 01cc51b61adba2d3 Termination Time: 10739

Error - 03/08/2011 09:38:40 | Computer Name = Spence-PC | Source = VSS | ID = 8193
Description =

[ Media Center Events ]
Error - 08/07/2009 10:54:45 | Computer Name = Spence-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 06/11/2009 18:30:20 | Computer Name = Spence-PC | Source = McrMgr | ID = 107
Description =

Error - 06/11/2009 18:30:29 | Computer Name = Spence-PC | Source = McrMgr | ID = 109
Description =

Error - 06/11/2009 18:31:25 | Computer Name = Spence-PC | Source = McrMgr | ID = 107
Description =

Error - 06/11/2009 18:31:27 | Computer Name = Spence-PC | Source = McrMgr | ID = 109
Description =

Error - 06/11/2009 18:32:54 | Computer Name = Spence-PC | Source = McrMgr | ID = 107
Description =

Error - 06/11/2009 18:32:56 | Computer Name = Spence-PC | Source = McrMgr | ID = 109
Description =

Error - 10/02/2010 07:37:16 | Computer Name = Spence-PC | Source = McrMgr | ID = 109
Description =

Error - 10/02/2010 07:38:00 | Computer Name = Spence-PC | Source = McrMgr | ID = 107
Description =

Error - 17/09/2010 03:51:01 | Computer Name = Spence-PC | Source = McrMgr | ID = 107
Description =

[ System Events ]
Error - 06/08/2011 15:18:41 | Computer Name = Spence-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 06/08/2011 15:19:21 | Computer Name = Spence-PC | Source = DCOM | ID = 10005
Description =

Error - 06/08/2011 15:19:21 | Computer Name = Spence-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 06/08/2011 15:19:47 | Computer Name = Spence-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 06/08/2011 15:19:48 | Computer Name = Spence-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 06/08/2011 16:07:41 | Computer Name = Spence-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 06/08/2011 16:07:42 | Computer Name = Spence-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 06/08/2011 16:11:31 | Computer Name = Spence-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 06/08/2011 16:13:41 | Computer Name = Spence-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 06/08/2011 20:36:28 | Computer Name = Spence-PC | Source = bowser | ID = 8003
Description =


< End of report >
  • 0

#35
Spacelord11011

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
System seems ok, although running a little slow while using firefox, and periodicly crashing, but that coul just be firefox. Am I ok to re-install goole chrome yet?
  • 0

#36
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
That could be due to Firefox. We will try to speed it up after we clean your system. Let's do some more cleaning.

Step 1

Please uninstall SpyBot Search and Destroy from your system. It's known to interfere with tools we use here.

Step 2

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\cftizlhu.sys
c:\windows\system32\drivers\cmmjaehg.sys
c:\windows\system32\drivers\dsexgbsj.sys
c:\windows\system32\drivers\fsqpmebn.sys
c:\windows\system32\drivers\fuviiifb.sys
c:\windows\system32\drivers\gdexchwm.sys
c:\windows\system32\drivers\ggpgprkl.sys
c:\windows\system32\drivers\hyfvhuok.sys
c:\windows\system32\drivers\iotwuurk.sys
c:\windows\system32\drivers\jftgjils.sys
c:\windows\system32\drivers\jsxaljga.sys
c:\windows\system32\drivers\kgawzwbu.sys
c:\windows\system32\drivers\lceausqi.sys
c:\windows\system32\drivers\lnxlxgat.sys
c:\windows\system32\drivers\maxkikeu.sys
c:\windows\system32\drivers\nvikhtvq.sys
c:\windows\system32\drivers\nwuvskgn.sys
c:\windows\system32\drivers\ooghdnur.sys
c:\windows\system32\drivers\qdwsihqk.sys
c:\windows\system32\drivers\rojeiyqg.sys
c:\windows\system32\drivers\sutoagam.sys
c:\windows\system32\drivers\tebreigu.sys
c:\windows\system32\drivers\tixrgzfn.sys
c:\windows\system32\drivers\vdfdpxyl.sys
c:\windows\system32\drivers\wbpcqbxx.sys
c:\windows\system32\drivers\wgvmanym.sys
c:\windows\system32\drivers\wxdwxsfp.sys
c:\windows\system32\drivers\xzzpdirg.sys

Registry::
[-HKEY_USERS\S-1-5-21-3015068568-3040374585-1810929627-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-N‡eW[U^áÿ#WÎW‰ªn]

Driver::
cftizlhu
cmmjaehg
dsexgbsj
fsqpmebn
fuviiifb
gdexchwm
ggpgprkl
hyfvhuok
iotwuurk
jftgjils
jsxaljga
kgawzwbu
lceausqi
lnxlxgat
maxkikeu
nvikhtvq
nwuvskgn
ooghdnur
qdwsihqk
rojeiyqg
sutoagam
tebreigu
tixrgzfn
vdfdpxyl
wbpcqbxx
wgvmanym
wxdwxsfp
xzzpdirg


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 3

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 4

Please don't forget to include these items in your reply:

  • Combofix log
  • OTL fix log
It would be helpful if you could post each log in separate post
  • 0

#37
Spacelord11011

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
ComboFix 11-08-05.02 - Spence 08/08/2011 8:37.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3071.2026 [GMT 1:00]
Running from: c:\downloads\ComboFix.exe
Command switches used :: c:\downloads\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\cftizlhu.sys"
"c:\windows\system32\drivers\cmmjaehg.sys"
"c:\windows\system32\drivers\dsexgbsj.sys"
"c:\windows\system32\drivers\fsqpmebn.sys"
"c:\windows\system32\drivers\fuviiifb.sys"
"c:\windows\system32\drivers\gdexchwm.sys"
"c:\windows\system32\drivers\ggpgprkl.sys"
"c:\windows\system32\drivers\hyfvhuok.sys"
"c:\windows\system32\drivers\iotwuurk.sys"
"c:\windows\system32\drivers\jftgjils.sys"
"c:\windows\system32\drivers\jsxaljga.sys"
"c:\windows\system32\drivers\kgawzwbu.sys"
"c:\windows\system32\drivers\lceausqi.sys"
"c:\windows\system32\drivers\lnxlxgat.sys"
"c:\windows\system32\drivers\maxkikeu.sys"
"c:\windows\system32\drivers\nvikhtvq.sys"
"c:\windows\system32\drivers\nwuvskgn.sys"
"c:\windows\system32\drivers\ooghdnur.sys"
"c:\windows\system32\drivers\qdwsihqk.sys"
"c:\windows\system32\drivers\rojeiyqg.sys"
"c:\windows\system32\drivers\sutoagam.sys"
"c:\windows\system32\drivers\tebreigu.sys"
"c:\windows\system32\drivers\tixrgzfn.sys"
"c:\windows\system32\drivers\vdfdpxyl.sys"
"c:\windows\system32\drivers\wbpcqbxx.sys"
"c:\windows\system32\drivers\wgvmanym.sys"
"c:\windows\system32\drivers\wxdwxsfp.sys"
"c:\windows\system32\drivers\xzzpdirg.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_cftizlhu
-------\Service_cmmjaehg
-------\Service_dsexgbsj
-------\Service_fsqpmebn
-------\Service_fuviiifb
-------\Service_gdexchwm
-------\Service_ggpgprkl
-------\Service_hyfvhuok
-------\Service_iotwuurk
-------\Service_jftgjils
-------\Service_jsxaljga
-------\Service_kgawzwbu
-------\Service_lceausqi
-------\Service_lnxlxgat
-------\Service_maxkikeu
-------\Service_nvikhtvq
-------\Service_nwuvskgn
-------\Service_ooghdnur
-------\Service_qdwsihqk
-------\Service_rojeiyqg
-------\Service_sutoagam
-------\Service_tebreigu
-------\Service_tixrgzfn
-------\Service_vdfdpxyl
-------\Service_wbpcqbxx
-------\Service_wgvmanym
-------\Service_wxdwxsfp
-------\Service_xzzpdirg
.
.
((((((((((((((((((((((((( Files Created from 2011-07-08 to 2011-08-08 )))))))))))))))))))))))))))))))
.
.
2011-08-08 07:43 . 2011-08-08 07:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-06 19:12 . 2011-08-06 19:13 -------- d-----w- C:\hotfix1
2011-08-06 19:08 . 2011-08-06 19:08 -------- d-----w- c:\users\Spence\AppData\Local\WinZip
2011-08-06 19:07 . 2011-08-06 19:16 -------- d-----w- c:\users\Spence\AppData\Local\OpenCandy
2011-08-06 19:07 . 2011-08-06 19:07 -------- d-----w- c:\users\Spence\AppData\Roaming\OpenCandy
2011-08-06 19:06 . 2011-08-06 19:08 -------- d-----w- c:\programdata\WinZip
2011-08-05 06:03 . 2011-07-20 08:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A1F779B-21E2-468F-B3B4-9A774ED12388}\mpengine.dll
2011-08-04 22:14 . 2011-08-05 16:30 -------- d-----w- c:\programdata\AVAST Software
2011-08-04 22:14 . 2011-08-04 22:14 -------- d-----w- c:\program files\AVAST Software
2011-08-04 11:14 . 2011-08-04 11:14 -------- d-----w- C:\_OTM
2011-08-04 11:12 . 2011-08-04 11:12 -------- d-----w- c:\program files\ERUNT
2011-08-04 10:53 . 2011-08-04 10:53 -------- d-----w- c:\users\Spence\AppData\Roaming\SUPERAntiSpyware.com
2011-08-04 10:53 . 2011-08-04 10:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-04 10:48 . 2010-11-09 13:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-04 10:48 . 2010-11-09 13:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-08-04 10:48 . 2011-08-04 10:48 -------- d-----w- C:\VIPRERESCUE
2011-08-04 10:40 . 2011-08-04 10:40 -------- d--h--w- c:\windows\PIF
2011-08-04 10:38 . 2011-08-04 10:38 -------- d-----w- c:\users\Spence\AppData\Roaming\Malwarebytes
2011-08-04 10:31 . 2011-08-04 10:31 -------- d-----w- c:\programdata\Malwarebytes
2011-08-04 10:31 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-04 10:31 . 2011-08-04 10:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-04 10:31 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-04 08:26 . 2011-08-04 08:32 -------- d-----w- c:\users\Spence\AppData\Roaming\BoneTown
2011-08-03 15:22 . 2011-08-03 20:49 -------- d-----w- c:\users\Spence\AppData\Local\Canon Easy-PhotoPrint EX
2011-08-03 15:17 . 2011-08-03 15:17 -------- d--h--w- c:\programdata\CanonIJEPPEX
2011-08-03 13:34 . 2011-08-03 13:34 -------- d-----w- c:\program files\VirtualFem
2011-08-03 13:18 . 2011-08-03 13:35 -------- d-----w- c:\program files\VirtuaGirl HD
2011-08-03 13:14 . 2011-08-03 13:47 -------- d-----w- c:\program files\Digamour
2011-08-02 20:42 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5E6DB64-7C2F-49CF-8541-EE8F621FB698}\mpengine.dll
2011-07-31 15:48 . 2011-07-31 15:48 -------- d-----w- c:\program files\iPod
2011-07-31 15:48 . 2011-07-31 15:49 -------- d-----w- c:\program files\iTunes
2011-07-31 15:43 . 2011-07-31 15:43 -------- d-----w- c:\program files\Bonjour
2011-07-31 11:13 . 2011-07-31 11:13 -------- d-----w- c:\program files\Apple Software Update
2011-07-22 11:09 . 2011-07-22 11:09 -------- d--h--w- c:\programdata\CanonIJSolutionMenu
2011-07-22 11:09 . 2011-07-22 11:09 -------- d--h--w- c:\programdata\CanonIJMyPrinter
2011-07-22 11:09 . 2011-08-03 20:49 -------- d-----w- c:\programdata\CanonIJPLM
2011-07-22 10:40 . 2011-07-22 10:40 -------- d--h--w- c:\programdata\CanonBJ
2011-07-22 10:39 . 2009-10-22 04:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA4.DLL
2011-07-22 10:39 . 2009-10-22 04:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA4.DLL
2011-07-22 10:38 . 2011-07-22 10:38 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-07-22 10:37 . 2009-10-22 04:00 276992 ----a-w- c:\windows\system32\CNMLMA4.DLL
2011-07-22 10:36 . 2009-09-10 09:00 179200 ----a-w- c:\windows\system32\CNMIUA4.DLL
2011-07-22 10:35 . 2011-07-22 11:09 -------- d-----w- c:\program files\Canon
2011-07-15 08:23 . 2011-06-15 10:46 11342848 ----a-w- C:\AAEdit.exe
2011-07-13 16:34 . 2011-06-02 12:59 2042368 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 16:34 . 2011-04-20 14:47 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 16:34 . 2011-04-20 14:44 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-12 13:29 . 2011-07-12 13:29 -------- d-----w- c:\program files\Illusion Registry Fixer
2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 10:20 . 2011-07-12 10:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 10:20 . 2011-07-12 10:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-11 13:32 . 2011-07-12 15:19 -------- d-----w- c:\users\Spence\.dvdcss
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-20 08:44 . 2011-01-27 17:31 6881616 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-13 03:39 . 2010-12-07 23:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-28 06:08 . 2011-06-16 11:43 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04 . 2011-06-16 11:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04 . 2011-06-16 11:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04 . 2011-06-16 11:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04 . 2011-06-16 11:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10 . 2011-06-16 11:43 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33 . 2011-06-16 11:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31 . 2011-06-16 11:43 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2006-03-30 19:40 . 2010-03-16 12:32 26792 ----a-w- c:\program files\REFLEXIVE UNIVERSAL PATCHER v1.0.EXE
2010-06-28 06:54 . 2009-11-16 15:10 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 00:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-14 68856]
"BitComet"="c:\program files\BitLord\BitLord.exe" [2005-05-07 2224128]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-07-15 102400]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-06-02 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-06-02 319488]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-21 204908]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-19 6265376]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-28 30192]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-05-27 2303216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-12-23 148888]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\users\Spence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-5-3 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-6-29 1838904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl2e4b308b;MpKsl2e4b308b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83411E90-3336-4ED5-8E35-5B17F2E8E653}\MpKsl2e4b308b.sys [x]
R1 SASDIFSV;SASDIFSV;c:\users\Spence\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Spence\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [x]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-07-15 36608]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-28 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-11-12 468480]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-11-12 3403420]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-07 717296]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-11-09 98392]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 135168]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-03 218688]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:53]
.
2011-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:53]
.
2011-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3015068568-3040374585-1810929627-1000Core.job
- c:\users\Spence\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-17 19:24]
.
2011-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3015068568-3040374585-1810929627-1000UA.job
- c:\users\Spence\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-17 19:24]
.
2011-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-14 12:32]
.
2011-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-14 12:32]
.
2011-08-08 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-05-21 14:40]
.
2011-08-08 c:\windows\Tasks\User_Feed_Synchronization-{B76032BB-D0B0-421D-A822-E7A46C595341}.job
- c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Spence\AppData\Roaming\Mozilla\Firefox\Profiles\hqctc2k2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=9568
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mydtzone.com/startpage|http://search.babylon.com/home?AF=9568
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Babylon: [email protected] - %profile%\extensions\[email protected]
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-08 09:16
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3015068568-3040374585-1810929627-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Users\\Spence\\Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"="c:\\Users\\Spence\\Documents\\Sports Interactive\\Football Manager 2009\\shortlists"
"ScreenshotsDir"="c:\\Users\\Spence\\Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Users\\Spence\\Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\downloads\\FMGenie93\\FMGenie93\\History Points"
"LangDB"=""
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:0000003d
"GraphStep"=dword:00000000
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="55-8280-E46F"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
[HKEY_USERS\S-1-5-21-3015068568-3040374585-1810929627-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-N‡eW[U^áÿ#WÎW‰ªn]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3015068568-3040374585-1810929627-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-N‡eW[U^áÿ#WÎW‰ªn\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3015068568-3040374585-1810929627-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:86,c8,a2,1f,e9,45,48,50,15,f6,61,21,00,0e,29,2e,54,85,60,80,64,
14,f2,c4,c4,5d,c8,ae,b2,06,77,93,d0,75,62,55,db,0c,e8,6e,56,8b,78,34,53,78,\
"rkeysecu"=hex:9a,3d,11,0a,ae,4b,4b,73,70,49,bd,1a,cb,8e,32,29
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2212)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Completion time: 2011-08-08 09:18:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-08 08:18
ComboFix2.txt 2011-08-06 20:15
ComboFix3.txt 2011-08-05 19:38
.
Pre-Run: 28,154,675,200 bytes free
Post-Run: 27,745,882,112 bytes free
.
- - End Of File - - 619894350CBB075E8B271D0FBF8239A3
  • 0

#38
Spacelord11011

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\downloads\cmd.bat deleted successfully.
C:\downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Spence
->Temp folder emptied: 11390594 bytes
->Temporary Internet Files folder emptied: 17212958 bytes
->Java cache emptied: 8229 bytes
->FireFox cache emptied: 89123541 bytes
->Google Chrome cache emptied: 262842123 bytes
->Flash cache emptied: 176908756 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 532.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Spence
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08082011_101307

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#39
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Now let's try to speed things up.

Step 1

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

Run the tool and it will disable all unnecessary sturtup entries.
Click on Continue button to save changes.

Step 2

Download and run Puran Disc Defragmenter
Click on Boot Time Defrag button and choose Restart-Defrag-Restart

Posted Image
  • 0

#40
Spacelord11011

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
got this error msg

Attached Thumbnails

  • error2.jpg

  • 0

Advertisements


#41
Spacelord11011

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
got same error message for all 3 entries
  • 0

#42
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Don't worry about that. Close and remove Startuplite and do defragment now.
  • 0

#43
Spacelord11011

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Ok, defrag all Done.
  • 0

#44
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
If you don't have any problems I'll call this one solved :). Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#45
Spacelord11011

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Just going thru the recommendations now. Thanks so much for your help!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP