Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Really bad case of Win32:Alureon-EC [RTK] please help [Solved]

Started by matrixdude171 , Nov 12 2009 05:10 PM

  • This topic is locked This topic is locked

#1
matrixdude171
Posted 12 November 2009 - 05:10 PM

matrixdude171

    Member

  • Member
  • PipPip
  • 17 posts
Hello, I've had this problem for awhile and I did a system restore and thought it was gone, but its back! I've followed all the instructions for malware and spyware cleaning guide to the dot. I really need help removing this, I've run everything I know and found to get rid of it but it comes back. Not even Norton or MSE could fix it. I don't know if this will help or not, but avast! is telling me the file name is C:\Windows\System32\tdlwsp.dll

Here are my logs:

Malwarebytes' Anti-Malware 1.41
Database version: 3156
Windows 6.0.6002 Service Pack 2

11/12/2009 2:31:13 PM
mbam-log-2009-11-12 (14-31-13).txt

Scan type: Quick Scan
Objects scanned: 91831
Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------------------------------------

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/12 15:06
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x90DAC000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x90DA1000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA2C5F000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spqu.sys
Image Path: C:\Windows\System32\Drivers\spqu.sys
Address: 0x80606000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

SSDT
-------------------
#: 012 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x91030f32

#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x91032182

#: 022 Function Name: NtAlpcCreatePort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x91031118

#: 054 Function Name: NtConnectPort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x91030292

#: 060 Function Name: NtCreateFile
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x91030ad6

#: 071 Function Name: NtCreatePort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x91030174

#: 075 Function Name: NtCreateSection
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x9103092c

#: 077 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x91031e3c

#: 078 Function Name: NtCreateThread
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x9102fd3a

#: 129 Function Name: NtDuplicateObject
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x9102fa9c

#: 165 Function Name: NtLoadDriver
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x91031abe

#: 174 Function Name: NtMakeTemporaryObject
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x91030516

#: 186 Function Name: NtOpenFile
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x91030d1a

#: 194 Function Name: NtOpenProcess
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x9102f7cc

#: 197 Function Name: NtOpenSection
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x910307a6

#: 201 Function Name: NtOpenThread
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x9102f944

#: 276 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x910315d8

#: 286 Function Name: NtSecureConnectPort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x9103185a

#: 317 Function Name: NtSetSystemInformation
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x91031c6c

#: 326 Function Name: NtShutdownSystem
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x910304b0

#: 332 Function Name: NtSystemDebugControl
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x9103069a

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0x90cd20b0

#: 335 Function Name: NtTerminateThread
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x9102ff0c

#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x91031224

==EOF==

-----------------------
OTL Log

OTL logfile created on: 11/12/2009 2:41:53 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Zero\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 85.05% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.69 Gb Total Space | 15.40 Gb Free Space | 10.87% Space Free | Partition Type: NTFS
Drive D: | 141.74 Gb Total Space | 12.38 Gb Free Space | 8.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 978.73 Mb Total Space | 510.72 Mb Free Space | 52.18% Space Free | Partition Type: FAT

Computer Name: ZERO
Current User Name: Zero
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/12 14:40:49 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Zero\Downloads\OTL.exe
PRC - [2009/11/12 08:13:38 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/11/11 19:47:40 | 02,001,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/10/29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/09 13:11:12 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 00,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/09/15 03:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/15 03:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/09/15 03:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/09/15 03:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/09/15 03:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/09/04 12:16:54 | 00,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/08/03 20:05:02 | 00,238,888 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
PRC - [2009/07/14 18:14:52 | 00,352,256 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/14 18:14:24 | 00,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/14 09:45:07 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2009/07/08 17:24:11 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/07/01 08:37:06 | 00,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/06/29 02:36:18 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/22 16:38:50 | 00,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/04/22 16:37:16 | 00,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009/04/10 22:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 22:27:20 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/03/25 21:21:30 | 05,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/25 17:57:22 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008/02/25 17:53:16 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/02/25 01:02:54 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/01/27 00:27:18 | 00,509,488 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/01/27 00:27:12 | 00,523,312 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/01/20 18:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/20 18:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2007/02/01 16:37:40 | 00,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2007/01/17 10:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe


========== Modules (SafeList) ==========

MOD - [2009/11/12 14:40:49 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Zero\Downloads\OTL.exe
MOD - [2009/11/12 08:13:40 | 00,179,792 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
MOD - [2009/04/10 22:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (CLTNetCnService)
SRV - [2009/11/12 08:13:38 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/11/06 16:11:06 | 00,320,760 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/10/29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/09/24 17:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/15 03:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/09/15 03:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/09/15 03:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/09/15 03:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/09/04 12:17:00 | 00,447,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 12:16:54 | 05,893,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/07/14 18:14:24 | 00,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/08 17:24:06 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/05/05 04:45:50 | 00,124,256 | ---- | M] () -- C:\Program Files\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2009/04/10 22:28:25 | 00,375,808 | ---- | M] (Microsoft Corporation) -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/03/29 20:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/18 10:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/02/18 10:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/02/18 10:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/02/25 17:57:22 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/02/25 17:53:16 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/02/25 01:02:54 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/01/27 00:27:18 | 00,509,488 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/20 18:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/20 18:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2008/01/20 18:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/17 10:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/02 04:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 04:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: "http://slirsredirect...ir=2706&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 02:01:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/08 07:21:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/11 22:20:47 | 00,000,000 | ---D | M]

[2009/03/10 13:50:50 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Extensions
[2008/08/26 22:24:23 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/10 13:50:50 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/11/11 19:37:23 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions
[2009/10/21 19:35:46 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/07/02 01:52:43 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/07 16:19:58 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/18 15:18:09 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\{3eaacb33-878f-44fa-b4cd-6e67cbaf828b}
[2009/11/03 18:04:07 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/08/13 10:24:55 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/24 10:36:44 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]
[2009/07/05 08:04:27 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]
[2009/11/11 19:37:20 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]
[2009/07/05 08:04:27 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]
[2009/06/20 00:48:07 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]
[2009/04/17 22:22:28 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]
[2009/11/03 18:04:04 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]
[2009/07/24 10:36:47 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]\chrome\win\browser\extensions
[2009/07/24 10:36:47 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]\chrome\win\mozapps\extensions
[2009/11/12 14:39:47 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/08 07:21:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/03 20:21:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/08/26 23:14:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/05 07:49:45 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/24 13:53:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/07/05 16:19:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/04 13:04:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/10 08:46:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/11/03 23:41:39 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/11/08 07:21:49 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/08 07:21:49 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/02/06 11:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/11/08 07:21:50 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/06/29 02:36:34 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/06/29 02:36:46 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2009/06/29 02:36:24 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/08/02 15:45:40 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2009/07/10 23:41:03 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/07/10 23:41:03 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/28 19:40:11 | 00,002,273 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/07/10 23:41:03 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/07/10 23:41:03 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/07/10 23:41:03 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/07/10 23:41:03 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/07/10 23:41:03 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - Reg Error: Value error. File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7f77b0af-7314-11de-a24f-001c258cff23}\Shell - "" = AutoRun
O33 - MountPoints2\{7f77b0af-7314-11de-a24f-001c258cff23}\Shell\AutoRun\command - "" = J:\BSAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (MACHINE) - File not found
O34 - HKLM BootExecute: (BootExecut) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: BtwSrv - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 18:34:27 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/12 14:24:48 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/12 13:10:54 | 00,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2009/11/12 11:09:18 | 00,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2009/11/12 08:13:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2009/11/12 08:13:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2009/11/12 08:13:47 | 00,179,792 | ---- | C] (COMODO) -- C:\Windows\System32\guard32.dll
[2009/11/12 08:13:47 | 00,128,888 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2009/11/12 08:13:47 | 00,074,328 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2009/11/12 08:13:47 | 00,029,520 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2009/11/12 08:13:41 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/11/11 19:49:58 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/11/11 19:49:57 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/11/11 19:49:55 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/11/11 19:49:54 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/11/11 19:49:54 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/11/11 19:49:29 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/11/11 19:49:29 | 00,053,328 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/11/11 19:49:27 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/11/11 19:15:49 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/11/11 19:01:06 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/11/11 19:01:06 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/11/11 19:01:06 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/11/11 19:01:02 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/11 19:00:44 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/04 16:23:02 | 00,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2009/11/04 16:22:23 | 00,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2009/11/03 21:31:23 | 00,000,000 | ---D | C] -- C:\Users\Zero\AppData\Roaming\GameRanger
[2009/11/03 20:24:50 | 00,000,000 | ---D | C] -- C:\Users\Zero\AppData\Roaming\skypePM
[2009/11/03 20:23:56 | 00,000,000 | ---D | C] -- C:\Users\Zero\AppData\Roaming\Skype
[2009/11/03 20:19:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/11/03 20:19:49 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/11/03 20:19:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/11/03 20:19:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/11/03 17:18:19 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/10/30 13:13:20 | 00,000,000 | ---D | C] -- C:\Users\Zero\AppData\Local\LogMeIn Hamachi

========== Files - Modified Within 14 Days ==========

[2009/11/12 14:42:08 | 03,670,016 | -HS- | M] () -- C:\Users\Zero\ntuser.dat
[2009/11/12 14:35:00 | 00,806,912 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2009/11/12 14:34:32 | 00,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat
[2009/11/12 14:24:51 | 00,000,697 | ---- | M] () -- C:\Users\Zero\Desktop\NTREGOPT.lnk
[2009/11/12 14:24:51 | 00,000,678 | ---- | M] () -- C:\Users\Zero\Desktop\ERUNT.lnk
[2009/11/12 14:21:01 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/12 14:21:01 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/12 14:21:01 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/12 14:20:48 | 00,022,016 | ---- | M] () -- C:\Windows\System32\tdlwsp.dll
[2009/11/12 14:15:42 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/12 14:15:41 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/12 14:15:41 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/12 14:15:14 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/12 14:15:05 | 29,519,29856 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/12 14:13:47 | 00,524,288 | -HS- | M] () -- C:\Users\Zero\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/11/12 14:13:47 | 00,065,536 | -HS- | M] () -- C:\Users\Zero\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/12 13:58:19 | 00,000,350 | ---- | M] () -- C:\Windows\System32\Partizan.RRI
[2009/11/12 13:27:15 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2009/11/12 13:24:31 | 01,947,511 | -H-- | M] () -- C:\Users\Zero\AppData\Local\IconCache.db
[2009/11/12 13:11:39 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/11/12 13:11:39 | 00,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2009/11/12 13:11:39 | 00,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2009/11/12 08:13:40 | 00,179,792 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
[2009/11/12 08:13:40 | 00,128,888 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2009/11/12 08:13:40 | 00,074,328 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2009/11/12 08:13:40 | 00,029,520 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2009/11/11 19:49:58 | 00,001,813 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/11/11 19:09:44 | 00,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/11 18:53:20 | 03,563,264 | R--- | M] () -- C:\Users\Zero\Desktop\ComboFix.exe
[2009/11/10 19:16:08 | 00,180,736 | ---- | M] () -- C:\Users\Zero\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/10 18:22:11 | 00,298,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/08 17:45:56 | 00,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/11/07 22:49:30 | 00,001,404 | ---- | M] () -- C:\Users\Zero\Desktop\BEACHINGGIRL-PC - Shortcut.lnk
[2009/11/06 10:53:52 | 00,267,264 | ---- | M] () -- C:\Windows\PEV.exe
[2009/11/04 18:40:42 | 00,071,312 | ---- | M] () -- C:\Users\Zero\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/03 21:31:50 | 00,000,979 | ---- | M] () -- C:\Users\Zero\Desktop\GameRanger.lnk
[2009/11/03 20:19:50 | 00,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/11/03 17:17:51 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/03 17:13:50 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

========== Files Created - No Company Name ==========

[2009/11/12 14:34:32 | 00,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2009/11/12 14:24:51 | 00,000,697 | ---- | C] () -- C:\Users\Zero\Desktop\NTREGOPT.lnk
[2009/11/12 14:24:51 | 00,000,678 | ---- | C] () -- C:\Users\Zero\Desktop\ERUNT.lnk
[2009/11/12 14:20:20 | 00,022,016 | ---- | C] () -- C:\Windows\System32\tdlwsp.dll
[2009/11/12 13:39:45 | 00,000,350 | ---- | C] () -- C:\Windows\System32\Partizan.RRI
[2009/11/12 13:12:12 | 01,947,511 | -H-- | C] () -- C:\Users\Zero\AppData\Local\IconCache.db
[2009/11/12 13:07:03 | 29,519,29856 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/12 08:18:14 | 00,806,912 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2009/11/11 19:49:58 | 00,001,813 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/11/11 19:49:29 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009/11/11 19:09:44 | 00,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/11 19:01:07 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/11/11 19:01:06 | 00,267,264 | ---- | C] () -- C:\Windows\PEV.exe
[2009/11/11 19:01:06 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/11/11 19:01:06 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/11/11 19:01:06 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/11/11 19:01:06 | 00,031,232 | ---- | C] () -- C:\Windows\NIRCMD.exe
[2009/11/11 18:59:50 | 03,563,264 | R--- | C] () -- C:\Users\Zero\Desktop\ComboFix.exe
[2009/11/08 17:45:56 | 00,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/11/07 22:49:30 | 00,001,404 | ---- | C] () -- C:\Users\Zero\Desktop\BEACHINGGIRL-PC - Shortcut.lnk
[2009/11/03 21:31:50 | 00,000,979 | ---- | C] () -- C:\Users\Zero\Desktop\GameRanger.lnk
[2009/11/03 20:19:50 | 00,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/11/03 17:17:51 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/03 17:13:50 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/15 21:05:27 | 00,012,800 | ---- | C] () -- C:\Windows\System32\DeskHack.dll
[2009/08/07 18:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/31 15:51:04 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/30 21:15:01 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/05/30 21:15:00 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/05/30 21:14:59 | 02,402,304 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2009/05/30 21:14:59 | 00,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/30 21:14:59 | 00,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/30 21:14:58 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/05/30 21:14:56 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/05/30 21:14:56 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/02/06 22:59:45 | 00,000,000 | ---- | C] () -- C:\Windows\WB.ini
[2009/02/06 22:52:40 | 00,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2008/12/13 18:22:41 | 00,000,000 | ---- | C] () -- C:\Users\Zero\AppData\Roaming\wklnhst.dat
[2008/11/06 16:30:41 | 00,002,032 | ---- | C] () -- C:\Users\Zero\AppData\Local\d3d9caps.dat
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/10/01 14:01:13 | 00,072,072 | ---- | C] () -- C:\Users\Zero\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2008/09/02 06:31:22 | 00,001,087 | ---- | C] () -- C:\Windows\wininit.ini
[2008/08/26 23:27:59 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/08/26 22:45:04 | 00,180,736 | ---- | C] () -- C:\Users\Zero\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/26 22:19:12 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/26 21:36:50 | 00,071,312 | ---- | C] () -- C:\Users\Zero\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/08/26 20:17:50 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/08/26 20:17:50 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/03/15 15:06:25 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/03/15 15:06:25 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/03/15 14:36:54 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/03/15 14:33:51 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2006/11/02 04:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 04:37:35 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 04:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 04:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 04:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 04:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 02:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\SYSTEM.INI
[2006/11/01 23:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/26 15:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/08/26 22:59:42 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\acccore
[2008/08/26 21:37:04 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Acer
[2008/03/15 14:47:09 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Acer GameZone Console
[2009/09/01 15:58:12 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\ATI
[2009/11/09 17:10:46 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Azureus
[2009/09/12 15:19:12 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Bioshock
[2009/09/01 14:50:00 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Blitware
[2009/07/17 13:01:42 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\DAEMON Tools Lite
[2008/12/03 15:51:53 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\eSobi
[2009/11/03 21:31:49 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\GameRanger
[2008/08/26 21:37:00 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Leadertech
[2009/10/22 20:26:29 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\LimeWire
[2008/09/02 14:00:31 | 00,000,000 | RH-D | M] -- C:\Users\Zero\AppData\Roaming\SecuROM
[2009/10/14 21:23:07 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Stardock
[2009/09/01 14:05:54 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\SystemRequirementsLab
[2008/12/13 18:22:42 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Template
[2008/11/28 14:55:10 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Ubisoft
[2009/09/01 15:10:29 | 00,000,454 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2009/11/12 14:15:41 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/12 14:13:59 | 00,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/08/27 11:08:38 | 00,171,091 | ---- | M] () -- C:\WUSB54Gv4_v3.0.1.0.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2008/01/20 18:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2008/01/20 18:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2008/01/20 18:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 18:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 18:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5 -- C:\Windows\System32\drivers\atapi.sys
[2008/02/21 21:03:50 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_3d9c5057\atapi.sys
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2006/11/02 01:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/20 18:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 18:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008/02/21 21:03:50 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18023_none_dd25892021975283\atapi.sys
[2008/02/21 20:59:12 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=76D70915EB81608DC6ACA87887FAB38F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22120_none_ddac250d3ab7a648\atapi.sys
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2006/11/02 01:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 288 bytes -> C:\Windows\System32\drivers\mphpryld.sys:changelist
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

------------------------------
Extras.txt report

OTL Extras logfile created on: 11/12/2009 2:41:53 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Zero\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 85.05% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.69 Gb Total Space | 15.40 Gb Free Space | 10.87% Space Free | Partition Type: NTFS
Drive D: | 141.74 Gb Total Space | 12.38 Gb Free Space | 8.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 978.73 Mb Total Space | 510.72 Mb Free Space | 52.18% Space Free | Partition Type: FAT

Computer Name: ZERO
Current User Name: Zero
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0219D388-45FD-49E0-8510-2D60340F1B8A}" = rport=445 | protocol=6 | dir=out | app=system |
"{0F073BCB-5B71-4C10-9E8E-5A586E26D484}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3FDC9D61-6C2B-458B-BF27-15F7F616614C}" = lport=445 | protocol=6 | dir=in | app=system |
"{8520CDD8-56F6-45A4-BA1E-73727CF8774D}" = lport=138 | protocol=17 | dir=in | app=system |
"{9BAAB205-2FA7-4BFE-ABE1-B3B81B64818F}" = lport=139 | protocol=6 | dir=in | app=system |
"{9E814B65-3990-4C57-88C7-BC71DC25B1CE}" = lport=137 | protocol=17 | dir=in | app=system |
"{A424DF44-43E8-43E8-9EC8-2CA1DCA6C104}" = rport=139 | protocol=6 | dir=out | app=system |
"{A7CB9F35-9191-44E4-8514-AFA2FE93F511}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{BD68C940-41F8-490B-8D1C-EF9B043A57BC}" = rport=138 | protocol=17 | dir=out | app=system |
"{E1547641-1779-435B-A8AD-0C7B33D5C516}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D901E4-E079-434C-8DFB-A946CA0E2210}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx10.exe |
"{06DC4712-E6B7-44F7-9FDB-5099E9E4CD65}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{080F2AA8-9B50-4452-A67B-F52763412052}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{084E9DF8-2CB0-4CB7-917D-1345EF54E079}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1FA11C7E-E577-4A35-A634-DC16BB312646}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{33BB530C-ED44-4CCB-AF22-13A44F555939}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{36324B2B-B07C-44E1-A01D-EEE4955127F5}" = protocol=17 | dir=in | app=c:\program files\ea games\mirror's edge\binaries\mirrorsedge.exe |
"{40846E5E-4C76-41D4-8A27-043F6BED9BE5}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{4336F64C-7DF9-45DA-92AD-93E7EEBD54BA}" = protocol=1 | dir=in | [email protected],-28543 |
"{49B617A2-F62B-46A4-A328-5E45ADB0CF6D}" = protocol=6 | dir=in | app=c:\program files\microsoft games\gears of war\binaries\wargame-g4wlive.exe |
"{50B4A9DA-9253-4EEB-804F-AE47CA3CF8D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51D1954D-58F7-435A-BFCE-CEA02BA2646F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe |
"{54164910-DB90-4E63-9F14-446A487E89D6}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{54568689-6AB5-4216-B16A-02D94BDA1F6D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{5745DEC6-896D-4DAE-974A-0AFFFC7F0DF7}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{59DF39A0-77AE-480E-9B09-B603C88AE9CB}" = protocol=58 | dir=out | [email protected],-28546 |
"{60C1E846-83C2-4CAF-BB69-1E7ED0ED5F9B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx10.exe |
"{6F263E73-E724-4A2D-BB03-7AA014237262}" = protocol=6 | dir=in | app=c:\program files\ea games\mirror's edge\binaries\mirrorsedge.exe |
"{852889CF-06F3-485C-8796-C47A53351577}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe |
"{86DA50DE-688E-4A20-A648-778EDB9B82B8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx10.exe |
"{88CF5958-F782-401B-B406-C539A706DEAF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe |
"{8C91AE2C-C11F-4B11-95CA-FC90CF19C8FC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{98557782-B03D-4476-BEF5-F2A76BB26AC2}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{9955AAE1-C581-438D-9165-9EF653D25924}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe |
"{9DA143D8-2CE1-49AB-87AC-BD36D1C35066}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A3CED4E4-B22F-41DE-8F86-05ACF2F4848C}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{AAADF56D-E90A-4BED-A66D-57AB97EFF2F7}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{AADAD321-2921-4C23-B530-F92F91543074}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{AD6DF307-E484-4EF4-BF9D-76B537A766D4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{AE25F898-9B59-4D80-A624-170C1C921267}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{B48D0153-67E4-49FE-92A7-50387CC0CFA3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx10.exe |
"{C1851236-382D-430D-9923-E8467CD231FB}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{D35B3C21-3A5D-435B-8E3D-97F0A45CBE02}" = protocol=17 | dir=in | app=c:\program files\microsoft games\gears of war\binaries\wargame-g4wlive.exe |
"{D60C65F9-B1FC-4A5F-93C7-3D650A77480D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{D9F1102F-107E-4242-A34A-62F45B62AE10}" = protocol=58 | dir=in | [email protected],-28545 |
"{DCE5BB6B-210E-4C26-8171-0E16DB113DE4}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{DE28B2C3-6708-4319-869A-FB30A7FC5E9F}" = protocol=1 | dir=out | [email protected],-28544 |
"{E240B5E8-EC97-4926-9834-ED0E9894C852}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{E2C215F4-37AD-4ADD-9E07-996149881F5D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{EBB99DB7-6C1B-4C11-A0D4-2FE51DA9DF85}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{F2F6D2C8-B5A1-448F-8E7D-1371FEB5A597}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"TCP Query User{00050708-D6CF-4F19-8E91-064B1C65ACC6}C:\users\zero\downloads\sc2-battlereport-4_esrb-downloader.exe" = protocol=6 | dir=in | app=c:\users\zero\downloads\sc2-battlereport-4_esrb-downloader.exe |
"TCP Query User{0F2DC017-531E-4BAB-B9D7-DAE11C66B109}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{165567C8-4264-4D5A-ACEB-77C01B255B70}C:\users\zero\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\zero\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{3C398620-D4BC-41EF-A896-BD2000E2AEF6}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{5044BA39-B5B0-4598-BF90-49D4B5D9AEDB}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{650E7DFD-EC07-419C-8238-485DBF78FA55}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{6A13D5AF-8CFC-4698-8759-ED082426EC53}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{7D314246-5C46-4201-80B5-7BC99537C07A}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{96BA2C06-6AF1-4679-B3D4-4EEB7B7ED7B6}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{98D793F8-459E-4CED-B8AD-2E220DB5C647}C:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"TCP Query User{C64FF06D-71BE-4C03-9C2B-89C1AC97A4E5}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{FEDAC3E7-497A-441D-BD8A-BF54084F94B9}C:\program files\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe |
"UDP Query User{33FCCD93-F382-4CD9-AC54-F81A1D036498}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{36594AB3-DFA1-47E6-83AA-CEB376EAAFB8}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{3774F39A-ED9E-4BD2-8ED1-C97D019C607F}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{4D1AA3BE-8D49-425F-A8F6-8BB81EF25F14}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7CEB4CDA-6923-4ACA-89CC-A3665616DBB8}C:\users\zero\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\zero\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{859C8E17-DBFB-47E5-80A5-3CBD1D9E0087}C:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"UDP Query User{8CE75C64-EE21-4F1A-B697-DBF8A11C18F5}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{9DB59596-781C-45A3-86E3-F6F26FF4A4E2}C:\program files\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe |
"UDP Query User{B58A76C4-BC2C-4803-892E-8A41BB92454A}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{C3903B74-341F-4556-BE51-7AD75FF850A6}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{C6F2DF87-8473-4F62-8009-6E35B5AF8B54}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{DDDAC9BA-DA38-4F94-955E-9963C594BDE8}C:\users\zero\downloads\sc2-battlereport-4_esrb-downloader.exe" = protocol=17 | dir=in | app=c:\users\zero\downloads\sc2-battlereport-4_esrb-downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{02F719D7-95B0-6A85-062F-516ADCDA821C}" = Catalyst Control Center Graphics Previews Common
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15ED4AC8-983F-B054-0D80-04330387F26C}" = Catalyst Control Center Core Implementation
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AEC8F41-4701-415D-9782-F69CFB535463}" = Creative Zen MicroPhoto
"{20AEA7B1-6155-44A2-B58E-430F2C9F4ABD}" = AMD OverDrive
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{251ECFDE-D490-B9FB-187D-BAAB2558B3A0}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{281303FD-37EA-4F37-8A26-1C199BDD9859}" = Manga Reader v1.5.3
"{2C1ACA27-5C4D-EB1F-0F3A-5378C8E845D6}" = ATI Catalyst Install Manager
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{2E765F76-1552-122D-874D-4FDD43034287}" = Catalyst Control Center Graphics Previews Vista
"{30D12BB8-0C96-CD1E-ADA4-2407E8EE6462}" = ccc-core-static
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{46BCAA06-7F30-1172-0014-D84B0AA9946F}" = Catalyst Control Center Graphics Full Existing
"{4D18E222-300A-86AA-2F0A-8B1A4888BEE3}" = Catalyst Control Center HydraVision Full
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777079F5-AC3B-3E2C-16CF-98186F14BBDB}" = Catalyst Control Center Graphics Light
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7D920042-A1BA-E3E6-59A6-A5B066C367C7}" = ccc-utility
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}" = AMD Fusion for Gaming
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A687B4D9-0047-468F-ABCC-2783FA23768A}" = PE585QA-32
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B210130E-835C-4581-A695-CE10616B8B55}_is1" = Driver Sweeper 2.0.5
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BB36A7AC-AEB0-28D8-0436-6008A66D132C}" = Catalyst Control Center Graphics Full New
"{BC49C1CB-802A-4935-95D6-92A8C41169B2}" = Vz In Home Agent
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C49624DD-C504-4279-B9E0-65A2EB6E1619}" = PG583_32_inf
"{C9989922-56CD-C96C-54D5-AC093E947E6B}" = CCC Help English
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{E07F4F90-2BC6-4843-B62D-309D9170986E}" = resident evil 4
"{E1EFD7D3-4546-E5A2-3814-AB938AE69353}" = Catalyst Control Center InstallProxy
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E8244BEE-DAAA-63F6-7689-D19F35DE3BCD}" = Catalyst Control Center Localization All
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7C1C17E-70E3-475F-BD52-EA554391F15D}" = GameShadow
"8461-7759-5462-8226" = Vuze
"94838B7B13A76BE9FC61DA8A3B7C3F0BB00FFCF1" = Windows Driver Package - Conexant (cxpl_mhd) Media (11/07/2007 6.0.104.0038)
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"D7EC1A6C98F357A7E4C53FF66325D99F66B1F590" = Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.32.42)
"EADM" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"Fate-stay night English" = Fate/stay night English v3.2
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.8.5
"LimeWire" = LimeWire 5.1.2
"LogMeIn Hamachi" = LogMeIn Hamachi
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MBACWIN" = MELTY BLOOD Act Cadenza Ver.B WindowsӁ
"Melty Blood Act Cadenza English" = Melty Blood: Act Cadenza English v1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MV RegClean 5.9 English_is1" = MV RegClean 5.9 English
"Picasa 3" = Picasa 3
"PSP Video 9" = PSP Video 9 2.25
"RealPlayer 6.0" = RealPlayer
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Starcraft" = Starcraft
"Steam App 6510" = Lost Planet: Extreme Condition
"Steam App 8980" = Borderlands
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"Tsukihime Plus+Disc English_is1" = Tsukihime Plus+Disc English v1.2
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/12/2009 11:02:26 AM | Computer Name = Zero | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 5.

Error - 11/12/2009 12:04:15 PM | Computer Name = Zero | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 5.

Error - 11/12/2009 12:14:37 PM | Computer Name = Zero | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 5.

[ Application Events ]
Error - 11/6/2009 2:45:52 AM | Computer Name = Zero | Source = Application Hang | ID = 1002
Description = The program Steam.exe version 1.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 17b8 Start Time: 01ca5e83dec6d147 Termination Time: 46

Error - 11/6/2009 3:35:21 PM | Computer Name = Zero | Source = WinMgmt | ID = 10
Description =

Error - 11/6/2009 9:10:54 PM | Computer Name = Zero | Source = WinMgmt | ID = 10
Description =

Error - 11/7/2009 12:20:07 PM | Computer Name = Zero | Source = Application Hang | ID = 1002
Description = The program mplayerc.exe version 1.2.1008.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ddc Start Time: 01ca5fc4b7b147f0 Termination Time: 11

Error - 11/7/2009 10:12:09 PM | Computer Name = Zero | Source = Application Hang | ID = 1002
Description = The program custWizard.exe version 3.2.10.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1400 Start Time: 01ca6018259a3850 Termination Time: 23

Error - 11/9/2009 9:53:47 PM | Computer Name = Zero | Source = WinMgmt | ID = 10
Description =

Error - 11/10/2009 3:09:19 AM | Computer Name = Zero | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e037d7,
exception code 0xc0000005, fault offset 0x000472da, process id 0x1118, application
start time 0x01ca61c06f68d4fc.

Error - 11/10/2009 12:39:40 PM | Computer Name = Zero | Source = WinMgmt | ID = 10
Description =

Error - 11/10/2009 5:22:56 PM | Computer Name = Zero | Source = WinMgmt | ID = 10
Description =

Error - 11/10/2009 10:23:06 PM | Computer Name = Zero | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 5/22/2009 3:35:27 AM | Computer Name = Zero | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/11/2009 6:42:56 PM | Computer Name = Zero | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/12/2009 5:08:41 PM | Computer Name = Zero | Source = Service Control Manager | ID = 7026
Description =

Error - 11/12/2009 5:13:44 PM | Computer Name = Zero | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description =

Error - 11/12/2009 5:13:48 PM | Computer Name = Zero | Source = Microsoft Antimalware | ID = 3002
Description =

Error - 11/12/2009 5:14:44 PM | Computer Name = Zero | Source = Service Control Manager | ID = 7026
Description =

Error - 11/12/2009 5:26:44 PM | Computer Name = Zero | Source = Microsoft Antimalware | ID = 3002
Description =

Error - 11/12/2009 5:26:46 PM | Computer Name = Zero | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description =

Error - 11/12/2009 5:27:21 PM | Computer Name = Zero | Source = Service Control Manager | ID = 7026
Description =

Error - 11/12/2009 6:15:41 PM | Computer Name = Zero | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description =

Error - 11/12/2009 6:15:45 PM | Computer Name = Zero | Source = Microsoft Antimalware | ID = 3002
Description =

Error - 11/12/2009 6:16:43 PM | Computer Name = Zero | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Edited by matrixdude171, 14 November 2009 - 01:14 PM.

  • 0

Advertisements

#2
chamber
Posted 17 November 2009 - 07:42 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi there and sorry for the delay,

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  • 0

#3
matrixdude171
Posted 17 November 2009 - 10:12 AM

matrixdude171

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I've actually gotten most of this problem fixed after I ran combo-fix for the first time successfully. The only thing that I'm having trouble with now is getting it to run successfully a second time. It keeps on giving me a date-error message and then closing.
  • 0

#4
chamber
Posted 17 November 2009 - 10:24 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Post the log that it produced, don't try to run it a second time without guidence, it is a VERY powerful tool and should not be used casually.
  • 0

#5
matrixdude171
Posted 17 November 2009 - 10:41 AM

matrixdude171

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
The log disappeared after I tried uninstalling and doing a clean install of combo-fix.
  • 0

#6
chamber
Posted 17 November 2009 - 11:13 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Why did you try and uninstall it?


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

  • 0

#7
matrixdude171
Posted 17 November 2009 - 02:06 PM

matrixdude171

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I uninstalled it because it kept on giving date errors and did a clean install to see if that would do the trick.

I ran OTL like you asked and it still is only giving me OTL.txt, I've run OTL before and its given the extras.txt and I don't know why it won't give it now.

OTL logfile created on: 11/17/2009 11:57:26 AM - Run 4
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Users\Zero\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 85.06% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.69 Gb Total Space | 26.29 Gb Free Space | 18.56% Space Free | Partition Type: NTFS
Drive D: | 141.74 Gb Total Space | 13.46 Gb Free Space | 9.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 978.73 Mb Total Space | 510.72 Mb Free Space | 52.18% Space Free | Partition Type: FAT

Computer Name: ZERO
Current User Name: Zero
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Zero\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
PRC - C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe (Skype Technologies S.A.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
PRC - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)


========== Modules (SafeList) ==========

MOD - C:\Users\Zero\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (ZuneWlanCfgSvc) -- C:\Windows\System32\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (AODService) -- C:\Program Files\AMD\OverDrive\AODAssist.exe ()
SRV - (ASKUpgrade) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (rt70x86) -- C:\Windows\System32\drivers\netr70.sys (Ralink Technology Corp.)
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (MDC8021X) -- C:\Windows\System32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (IntcAzAudAddService) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (xnacc) -- C:\Windows\System32\drivers\xnacc.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)
DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (xusb21) -- C:\Windows\System32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (AtiPcie) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (WUSB54GPV4SRV) -- C:\Windows\System32\drivers\rt2500usb.sys (Ralink Technology Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: "http://slirsredirect...ir=2706&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 02:01:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/08 07:21:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/11 22:20:47 | 00,000,000 | ---D | M]

[2009/03/10 13:50:50 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Extensions
[2008/08/26 22:24:23 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/10 13:50:50 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/11/17 08:09:05 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions
[2009/10/21 19:35:46 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/07/02 01:52:43 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/07 16:19:58 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/18 15:18:09 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\{3eaacb33-878f-44fa-b4cd-6e67cbaf828b}
[2009/11/03 18:04:07 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/08/13 10:24:55 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/24 10:36:44 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]
[2009/07/05 08:04:27 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]
[2009/11/11 19:37:20 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]
[2009/07/05 08:04:27 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]
[2009/06/20 00:48:07 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]
[2009/04/17 22:22:28 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]
[2009/11/03 18:04:04 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]
[2009/07/24 10:36:47 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]\chrome\win\browser\extensions
[2009/07/24 10:36:47 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]\chrome\win\mozapps\extensions
[2009/11/16 21:06:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/08 07:21:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/03 20:21:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/03/05 07:49:45 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/24 13:53:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/07/05 16:19:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/04 13:04:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/10 08:46:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/11/03 23:41:39 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/11/08 07:21:49 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/08 07:21:49 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/02/06 11:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/11/08 07:21:50 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/06/29 02:36:34 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/06/29 02:36:46 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2009/06/29 02:36:24 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/08/02 15:45:40 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2009/07/10 23:41:03 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/07/10 23:41:03 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/28 19:40:11 | 00,002,273 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/07/10 23:41:03 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/07/10 23:41:03 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/07/10 23:41:03 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/07/10 23:41:03 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/07/10 23:41:03 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - Reg Error: Value error. File not found
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: BtwSrv - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 18:34:27 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^Zero^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: Acer Product Registration - hkey= - key= - C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
MsConfig - StartUpReg: BkupTray - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: Google Quick Search Box - hkey= - key= - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
MsConfig - StartUpReg: InstallMotiveFromCW - hkey= - key= - C:\Program Files\Verizon\FiOS\ihs\ConnWizard\AutoIT\CW_Motive.exe ()
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: Veoh - hkey= - key= - C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
MsConfig - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
MsConfig - StartUpReg: Zune Launcher - hkey= - key= - c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: rootrepeal.sys - Reg Error: Value error.
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co....hors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\Windows\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: VIDC.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\Windows\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\Windows\System32\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: wave2 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/11/16 22:14:35 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/11/16 17:35:30 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/11/16 17:35:16 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/11/16 17:22:31 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/11/16 08:29:18 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/11/16 08:29:17 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/11/16 08:29:16 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/11/16 08:29:16 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/11/16 08:29:16 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/11/16 08:29:01 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/11/16 08:29:01 | 00,053,328 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/11/16 08:17:12 | 00,000,000 | ---D | C] -- C:\Users\Zero\AppData\Local\temp
[2009/11/15 22:26:11 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Anti-Malware
[2009/11/15 14:23:33 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/11/12 14:24:48 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/12 13:10:54 | 00,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2009/11/12 11:09:18 | 00,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2009/11/12 08:13:47 | 00,074,328 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2009/11/12 08:13:41 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/11/11 19:49:27 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/11/11 19:46:37 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mphpryld.sys
[2009/11/11 19:01:06 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/11/11 19:01:06 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/11/11 19:01:06 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/11/11 19:01:02 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/11 19:00:44 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/10 18:15:56 | 02,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/11/10 18:15:50 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/11/10 08:46:21 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/11/10 08:46:21 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/11/10 08:46:21 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/11/04 16:23:02 | 00,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2009/11/04 16:22:23 | 00,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2009/11/03 21:31:23 | 00,000,000 | ---D | C] -- C:\Users\Zero\AppData\Roaming\GameRanger
[2009/11/03 20:24:50 | 00,000,000 | ---D | C] -- C:\Users\Zero\AppData\Roaming\skypePM
[2009/11/03 20:23:56 | 00,000,000 | ---D | C] -- C:\Users\Zero\AppData\Roaming\Skype
[2009/11/03 20:19:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/11/03 20:19:49 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/11/03 20:19:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/11/03 20:19:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/11/03 17:18:19 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/11/03 17:12:26 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2009/11/03 17:12:26 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2009/11/03 17:12:25 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2009/11/03 17:12:00 | 00,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/11/03 17:12:00 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/11/03 17:12:00 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009/11/03 17:12:00 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/11/03 17:11:59 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009/11/03 17:11:59 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/11/03 17:11:58 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009/11/03 17:11:58 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009/11/03 17:11:58 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/11/03 17:11:58 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009/11/03 17:11:58 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009/11/03 17:11:58 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009/11/03 17:11:58 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/11/03 17:11:58 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009/11/03 17:11:58 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009/11/03 17:11:58 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/11/03 17:11:58 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009/11/03 17:11:58 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009/11/03 17:11:58 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009/11/03 17:11:58 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009/11/03 17:11:58 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/11/03 17:11:58 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009/11/03 17:11:57 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009/11/03 17:11:57 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009/11/03 17:11:57 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009/11/03 17:11:57 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009/11/03 17:11:57 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009/11/03 17:11:36 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009/11/03 17:11:35 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdbusenum.dll
[2009/11/03 17:11:35 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009/11/03 17:11:23 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009/11/03 17:11:21 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdshext.dll
[2009/11/03 17:11:21 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/11/03 17:11:21 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009/11/03 17:11:21 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/11/03 17:11:21 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2009/11/03 17:11:21 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009/11/03 17:11:21 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/11/03 17:11:21 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/11/03 17:11:21 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
[2009/11/03 17:11:21 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2009/11/03 17:11:21 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WpdUsb.sys
[2009/11/03 17:11:21 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2009/11/03 17:10:25 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009/11/03 17:10:25 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
[2009/11/03 17:10:25 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009/11/03 17:03:08 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/11/03 17:03:08 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/10/30 13:13:20 | 00,000,000 | ---D | C] -- C:\Users\Zero\AppData\Local\LogMeIn Hamachi
[2009/10/28 19:34:55 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/10/28 19:34:53 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/10/28 19:34:53 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/10/28 17:53:43 | 10,627,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/10/28 17:53:41 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009/10/28 17:53:40 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/10/26 14:44:34 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2009/10/24 15:57:26 | 00,000,000 | ---D | C] -- C:\Users\Zero\AppData\Local\Citrix
[2009/10/21 15:18:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Logs
[2009/10/21 15:18:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Logs
[2009/10/21 15:16:31 | 00,000,000 | ---D | C] -- C:\Config.msi
[2009/10/19 19:59:14 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/10/19 16:23:47 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/19 12:50:19 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\DEVCON.EXE

========== Files - Modified Within 30 Days ==========

[2009/11/17 11:56:35 | 03,670,016 | -HS- | M] () -- C:\Users\Zero\ntuser.dat
[2009/11/17 11:53:29 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/17 11:53:29 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/17 11:53:28 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/17 11:53:21 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/17 11:53:16 | 29,498,69568 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/17 08:45:35 | 00,524,288 | -HS- | M] () -- C:\Users\Zero\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/11/17 08:45:35 | 00,065,536 | -HS- | M] () -- C:\Users\Zero\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/17 08:45:32 | 02,425,479 | -H-- | M] () -- C:\Users\Zero\AppData\Local\IconCache.db
[2009/11/17 08:10:54 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/17 08:10:54 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/17 08:10:54 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/16 22:28:19 | 00,180,736 | ---- | M] () -- C:\Users\Zero\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/16 22:15:02 | 00,001,597 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2009/11/16 21:07:02 | 00,001,634 | ---- | M] () -- C:\Users\Zero\Desktop\CCleaner.lnk
[2009/11/16 17:18:28 | 00,071,312 | ---- | M] () -- C:\Users\Zero\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/16 17:17:51 | 00,298,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/16 17:15:01 | 03,564,038 | R--- | M] () -- C:\Users\Zero\Desktop\ComboFix.exe
[2009/11/16 08:29:18 | 00,001,813 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/11/16 08:29:15 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/11/16 08:14:54 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/11/15 19:59:19 | 01,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2009/11/15 19:24:50 | 00,000,130 | ---- | M] () -- C:\Windows\cfplogvw.INI
[2009/11/15 17:41:35 | 00,074,328 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2009/11/15 11:16:34 | 00,001,838 | ---- | M] () -- C:\Users\Zero\Desktop\HijackThis.lnk
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe
[2009/11/12 14:34:32 | 00,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat
[2009/11/12 14:24:51 | 00,000,697 | ---- | M] () -- C:\Users\Zero\Desktop\NTREGOPT.lnk
[2009/11/12 14:24:51 | 00,000,678 | ---- | M] () -- C:\Users\Zero\Desktop\ERUNT.lnk
[2009/11/12 13:58:19 | 00,000,350 | ---- | M] () -- C:\Windows\System32\Partizan.RRI
[2009/11/12 13:27:15 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2009/11/12 13:11:39 | 00,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2009/11/12 13:11:39 | 00,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2009/11/11 19:46:37 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mphpryld.sys
[2009/11/11 19:09:44 | 00,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/08 17:45:56 | 00,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/11/07 22:49:30 | 00,001,404 | ---- | M] () -- C:\Users\Zero\Desktop\BEACHINGGIRL-PC - Shortcut.lnk
[2009/11/05 09:36:22 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/11/03 21:31:50 | 00,000,979 | ---- | M] () -- C:\Users\Zero\Desktop\GameRanger.lnk
[2009/11/03 20:19:50 | 00,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/11/03 17:17:51 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/03 17:13:50 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/10/28 23:33:58 | 59,850,3876 | ---- | M] () -- C:\Users\Zero\Documents\SC2_BattleReport_04_XVID.avi
[2009/10/27 23:52:18 | 00,000,152 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2009/10/27 23:52:18 | 00,000,152 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2009/10/27 23:52:18 | 00,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2009/10/27 23:52:18 | 00,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2009/10/27 23:52:18 | 00,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2009/10/27 23:52:18 | 00,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2009/10/27 23:52:18 | 00,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2009/10/27 23:52:18 | 00,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\Windows\MBR.exe
[2009/10/24 15:57:24 | 00,103,720 | ---- | M] () -- C:\Users\Zero\GoToAssistDownloadHelper.exe
[2009/10/24 15:40:30 | 00,002,501 | ---- | M] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2009/10/21 02:40:08 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/21 00:19:16 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/10/19 19:59:40 | 00,000,776 | ---- | M] () -- C:\Users\Zero\Desktop\SpywareBlaster.lnk

========== Files Created - No Company Name ==========

[2009/11/17 00:52:58 | 02,425,479 | -H-- | C] () -- C:\Users\Zero\AppData\Local\IconCache.db
[2009/11/16 21:02:03 | 29,498,69568 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/16 17:14:52 | 03,564,038 | R--- | C] () -- C:\Users\Zero\Desktop\ComboFix.exe
[2009/11/16 08:29:18 | 00,001,813 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/11/16 08:29:01 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009/11/15 19:24:50 | 00,000,130 | ---- | C] () -- C:\Windows\cfplogvw.INI
[2009/11/15 11:16:34 | 00,001,838 | ---- | C] () -- C:\Users\Zero\Desktop\HijackThis.lnk
[2009/11/12 14:34:32 | 00,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2009/11/12 14:24:51 | 00,000,697 | ---- | C] () -- C:\Users\Zero\Desktop\NTREGOPT.lnk
[2009/11/12 14:24:51 | 00,000,678 | ---- | C] () -- C:\Users\Zero\Desktop\ERUNT.lnk
[2009/11/12 13:39:45 | 00,000,350 | ---- | C] () -- C:\Windows\System32\Partizan.RRI
[2009/11/12 08:18:14 | 01,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2009/11/11 19:09:44 | 00,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/11 19:01:07 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/11/11 19:01:06 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
[2009/11/11 19:01:06 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/11/11 19:01:06 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/11/11 19:01:06 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/11/08 17:45:56 | 00,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/11/07 22:49:30 | 00,001,404 | ---- | C] () -- C:\Users\Zero\Desktop\BEACHINGGIRL-PC - Shortcut.lnk
[2009/11/03 21:31:50 | 00,000,979 | ---- | C] () -- C:\Users\Zero\Desktop\GameRanger.lnk
[2009/11/03 20:19:50 | 00,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/11/03 17:17:51 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/03 17:13:50 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/28 22:32:21 | 59,850,3876 | ---- | C] () -- C:\Users\Zero\Documents\SC2_BattleReport_04_XVID.avi
[2009/10/24 15:57:20 | 00,103,720 | ---- | C] () -- C:\Users\Zero\GoToAssistDownloadHelper.exe
[2009/10/24 15:06:01 | 00,002,501 | ---- | C] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2009/10/21 15:29:21 | 00,000,152 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2009/10/21 15:29:21 | 00,000,152 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2009/10/21 15:29:21 | 00,000,028 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2009/10/21 15:29:21 | 00,000,028 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2009/10/21 15:29:21 | 00,000,028 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2009/10/21 15:29:21 | 00,000,028 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2009/10/21 15:29:21 | 00,000,028 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2009/10/21 15:29:21 | 00,000,028 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2009/10/19 19:59:40 | 00,000,776 | ---- | C] () -- C:\Users\Zero\Desktop\SpywareBlaster.lnk
[2009/10/15 21:05:27 | 00,012,800 | ---- | C] () -- C:\Windows\System32\DeskHack.dll
[2009/08/07 18:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/31 15:51:04 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/30 21:15:01 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/05/30 21:15:00 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/05/30 21:14:59 | 02,402,304 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2009/05/30 21:14:59 | 00,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/30 21:14:59 | 00,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/30 21:14:58 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/05/30 21:14:56 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/05/30 21:14:56 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/02/06 22:59:45 | 00,000,000 | ---- | C] () -- C:\Windows\WB.ini
[2009/02/06 22:52:40 | 00,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2008/12/13 18:22:41 | 00,000,000 | ---- | C] () -- C:\Users\Zero\AppData\Roaming\wklnhst.dat
[2008/11/06 16:30:41 | 00,002,032 | ---- | C] () -- C:\Users\Zero\AppData\Local\d3d9caps.dat
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/10/01 14:01:13 | 00,072,072 | ---- | C] () -- C:\Users\Zero\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2008/09/02 06:31:22 | 00,001,087 | ---- | C] () -- C:\Windows\wininit.ini
[2008/08/26 23:27:59 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/08/26 22:45:04 | 00,180,736 | ---- | C] () -- C:\Users\Zero\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/26 22:19:12 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/26 21:36:50 | 00,071,312 | ---- | C] () -- C:\Users\Zero\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/08/26 20:17:50 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/08/26 20:17:50 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/03/15 15:06:25 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/03/15 15:06:25 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/03/15 14:36:54 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/03/15 14:33:51 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2006/11/02 04:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 04:37:35 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 04:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 04:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 04:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 04:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 02:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/01 23:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/26 15:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/08/26 22:59:42 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\acccore
[2008/08/26 21:37:04 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Acer
[2008/03/15 14:47:09 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Acer GameZone Console
[2009/09/01 15:58:12 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\ATI
[2009/11/17 08:08:17 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Azureus
[2009/09/12 15:19:12 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Bioshock
[2009/09/01 14:50:00 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Blitware
[2009/07/17 13:01:42 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\DAEMON Tools Lite
[2008/12/03 15:51:53 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\eSobi
[2009/11/03 21:31:49 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\GameRanger
[2008/08/26 21:37:00 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Leadertech
[2009/10/22 20:26:29 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\LimeWire
[2008/09/02 14:00:31 | 00,000,000 | RH-D | M] -- C:\Users\Zero\AppData\Roaming\SecuROM
[2009/10/14 21:23:07 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Stardock
[2009/09/01 14:05:54 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\SystemRequirementsLab
[2008/12/13 18:22:42 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Template
[2008/11/28 14:55:10 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Ubisoft
[2009/11/17 11:53:28 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/17 08:45:36 | 00,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/08/27 11:08:38 | 00,171,091 | ---- | M] () -- C:\WUSB54Gv4_v3.0.1.0.exe

< HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions >
"{20a82645-c095-46ed-80e3-08825760534b}" = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ -- [2009/07/01 02:01:07 | 00,000,000 | ---D | M]

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2008/01/20 18:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2008/01/20 18:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2008/01/20 18:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 18:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 18:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2008/02/21 21:03:50 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_3d9c5057\atapi.sys
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2006/11/02 01:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/20 18:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 18:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008/02/21 21:03:50 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18023_none_dd25892021975283\atapi.sys
[2008/02/21 20:59:12 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=76D70915EB81608DC6ACA87887FAB38F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22120_none_ddac250d3ab7a648\atapi.sys
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2006/11/02 01:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 288 bytes -> C:\Windows\System32\drivers\mphpryld.sys:changelist
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
  • 0

#8
chamber
Posted 18 November 2009 - 02:07 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi,

The extras.txt will only open the first time that it is run.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - (ASKUpgrade) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
[2009/11/16 22:14:35 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/11/17 08:08:17 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Azureus
[2009/10/22 20:26:29 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\LimeWire


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.
  • 0

#9
matrixdude171
Posted 18 November 2009 - 09:31 AM

matrixdude171

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
When the computer rebooted this log appeared from OTL

All processes killed
========== OTL ==========
Service ASKUpgrade stopped successfully!
Service ASKUpgrade deleted successfully!
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe moved successfully.
Service ASKService stopped successfully!
Service ASKService deleted successfully!
C:\Program Files\AskBarDis\bar\bin\AskService.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Program Files\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
File move failed. C:\Program Files\AskBarDis\ scheduled to be moved on reboot.
File move failed. C:\Users\Zero\AppData\Roaming\Azureus\ scheduled to be moved on reboot.
File move failed. C:\Users\Zero\AppData\Roaming\LimeWire\ scheduled to be moved on reboot.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Zero
->Temp folder emptied: 893811 bytes
->Temporary Internet Files folder emptied: 3109174 bytes
->Java cache emptied: 13689508 bytes
->FireFox cache emptied: 94630856 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 107.12 mb


OTL by OldTimer - Version 3.1.6.0 log created on 11182009_072149

Files\Folders moved on Reboot...
Folder move failed. C:\Program Files\AskBarDis\\bar\Settings scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskBarDis\\bar\bin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskBarDis\\bar scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskBarDis\ scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\Azureus\\updates scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\Azureus\\torrents scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\Azureus\\tmp\AZU32005.tmp scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\Azureus\\tmp scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\Azureus\\subs scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\Azureus\\shares scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\Azureus\\rss scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\Azureus\\plugins\azupnpav scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\Azureus\\plugins scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\Azureus\\net scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\Azureus\\logs\save scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\Azureus\\logs scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\Azureus\\dht\net3 scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\Azureus\\dht scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\Azureus\\devices scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\Azureus\\cache scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\Azureus\\active scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\Azureus\ scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\xml\data scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\xml scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\themes\windows_theme scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\themes scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\promotion scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\mozilla-profile\updates\0 scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\mozilla-profile\updates scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\mozilla-profile\extensions scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\mozilla-profile\Cache scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\mozilla-profile scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\certificate scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\browser\xulrunner\res\html scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\browser\xulrunner\res\fonts scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\browser\xulrunner\res\entityTables scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\browser\xulrunner\res\dtd scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\browser\xulrunner\res scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\browser\xulrunner\plugins scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\browser\xulrunner\modules scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\browser\xulrunner\greprefs scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\browser\xulrunner\dictionaries scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\browser\xulrunner\defaults\profile\US\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\browser\xulrunner\defaults\profile\US scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\browser\xulrunner\defaults\profile\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\browser\xulrunner\defaults\profile scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\browser\xulrunner\defaults\pref scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\browser\xulrunner\defaults\autoconfig scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\browser\xulrunner\defaults scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\browser\xulrunner\components scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\browser\xulrunner\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\browser\xulrunner scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\browser scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\\.AppSpecialShare scheduled to be moved on reboot.
Folder move failed. C:\Users\Zero\AppData\Roaming\LimeWire\ scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


This is the quick scan log

OTL logfile created on: 11/18/2009 7:28:10 AM - Run 5
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Users\Zero\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 86.79% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.69 Gb Total Space | 26.35 Gb Free Space | 18.59% Space Free | Partition Type: NTFS
Drive D: | 141.74 Gb Total Space | 13.46 Gb Free Space | 9.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 978.73 Mb Total Space | 510.72 Mb Free Space | 52.18% Space Free | Partition Type: FAT

Computer Name: ZERO
Current User Name: Zero
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Zero\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
PRC - C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe (Skype Technologies S.A.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe ()
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)


========== Modules (SafeList) ==========

MOD - C:\Users\Zero\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (ZuneWlanCfgSvc) -- C:\Windows\System32\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (AODService) -- C:\Program Files\AMD\OverDrive\AODAssist.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: "http://slirsredirect...ir=2706&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 02:01:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/08 07:21:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/11 22:20:47 | 00,000,000 | ---D | M]

[2009/03/10 13:50:50 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Extensions
[2008/08/26 22:24:23 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/10 13:50:50 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/11/17 22:14:56 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions
[2009/10/21 19:35:46 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/07/02 01:52:43 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/07 16:19:58 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/18 15:18:09 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\{3eaacb33-878f-44fa-b4cd-6e67cbaf828b}
[2009/11/03 18:04:07 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/08/13 10:24:55 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/24 10:36:44 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]
[2009/07/05 08:04:27 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]
[2009/11/11 19:37:20 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]
[2009/07/05 08:04:27 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]
[2009/06/20 00:48:07 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]
[2009/04/17 22:22:28 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]
[2009/11/03 18:04:04 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]
[2009/07/24 10:36:47 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]\chrome\win\browser\extensions
[2009/07/24 10:36:47 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Mozilla\Firefox\Profiles\58792aa1.default\extensions\[email protected]\chrome\win\mozapps\extensions
[2009/11/16 21:06:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/08 07:21:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/03 20:21:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/03/05 07:49:45 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/24 13:53:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/07/05 16:19:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/04 13:04:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/10 08:46:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/11/03 23:41:39 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/11/08 07:21:49 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/08 07:21:49 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/02/06 11:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/11/08 07:21:50 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/06/29 02:36:34 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/06/29 02:36:46 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2009/06/29 02:36:24 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/08/02 15:45:40 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2009/07/10 23:41:03 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/07/10 23:41:03 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/28 19:40:11 | 00,002,273 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/07/10 23:41:03 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/07/10 23:41:03 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/07/10 23:41:03 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/07/10 23:41:03 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/07/10 23:41:03 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - Reg Error: Value error. File not found
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/18 07:21:49 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/16 22:14:35 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/11/16 17:35:30 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/11/16 17:35:16 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/11/16 08:29:18 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/11/16 08:29:17 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/11/16 08:29:16 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/11/16 08:29:16 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/11/16 08:29:16 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/11/16 08:29:01 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/11/16 08:29:01 | 00,053,328 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/11/16 08:17:12 | 00,000,000 | ---D | C] -- C:\Users\Zero\AppData\Local\temp
[2009/11/15 22:26:11 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Anti-Malware
[2009/11/15 14:23:33 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/11/12 14:24:48 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/12 13:10:54 | 00,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2009/11/12 11:09:18 | 00,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2009/11/12 08:13:47 | 00,074,328 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2009/11/12 08:13:41 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/11/11 19:49:27 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/11/11 19:01:06 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/11/11 19:01:06 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/11/11 19:01:06 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/11/11 19:01:02 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/11 19:00:44 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/04 16:23:02 | 00,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2009/11/04 16:22:23 | 00,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi

========== Files - Modified Within 14 Days ==========

[2009/11/18 07:28:07 | 03,670,016 | -HS- | M] () -- C:\Users\Zero\ntuser.dat
[2009/11/18 07:24:11 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/18 07:24:10 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/18 07:24:10 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/18 07:24:03 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/18 07:23:59 | 29,519,29856 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/18 07:22:56 | 00,524,288 | -HS- | M] () -- C:\Users\Zero\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/11/18 07:22:56 | 00,065,536 | -HS- | M] () -- C:\Users\Zero\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/17 11:59:41 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/17 11:59:41 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/17 11:59:41 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/17 08:45:32 | 02,425,479 | -H-- | M] () -- C:\Users\Zero\AppData\Local\IconCache.db
[2009/11/16 22:28:19 | 00,180,736 | ---- | M] () -- C:\Users\Zero\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/16 22:15:02 | 00,001,597 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2009/11/16 21:07:02 | 00,001,634 | ---- | M] () -- C:\Users\Zero\Desktop\CCleaner.lnk
[2009/11/16 17:18:28 | 00,071,312 | ---- | M] () -- C:\Users\Zero\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/16 17:17:51 | 00,298,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/16 17:15:01 | 03,564,038 | R--- | M] () -- C:\Users\Zero\Desktop\ComboFix.exe
[2009/11/16 08:29:18 | 00,001,813 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/11/16 08:29:15 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/11/16 08:14:54 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/11/15 19:59:19 | 01,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2009/11/15 19:24:50 | 00,000,130 | ---- | M] () -- C:\Windows\cfplogvw.INI
[2009/11/15 17:41:35 | 00,074,328 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2009/11/15 11:16:34 | 00,001,838 | ---- | M] () -- C:\Users\Zero\Desktop\HijackThis.lnk
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe
[2009/11/12 14:34:32 | 00,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat
[2009/11/12 14:24:51 | 00,000,697 | ---- | M] () -- C:\Users\Zero\Desktop\NTREGOPT.lnk
[2009/11/12 14:24:51 | 00,000,678 | ---- | M] () -- C:\Users\Zero\Desktop\ERUNT.lnk
[2009/11/12 13:58:19 | 00,000,350 | ---- | M] () -- C:\Windows\System32\Partizan.RRI
[2009/11/12 13:27:15 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2009/11/12 13:11:39 | 00,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2009/11/12 13:11:39 | 00,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2009/11/11 19:09:44 | 00,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/08 17:45:56 | 00,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/11/07 22:49:30 | 00,001,404 | ---- | M] () -- C:\Users\Zero\Desktop\BEACHINGGIRL-PC - Shortcut.lnk

========== Files Created - No Company Name ==========

[2009/11/17 00:52:58 | 02,425,479 | -H-- | C] () -- C:\Users\Zero\AppData\Local\IconCache.db
[2009/11/16 21:02:03 | 29,519,29856 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/16 17:14:52 | 03,564,038 | R--- | C] () -- C:\Users\Zero\Desktop\ComboFix.exe
[2009/11/16 08:29:18 | 00,001,813 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/11/16 08:29:01 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009/11/15 19:24:50 | 00,000,130 | ---- | C] () -- C:\Windows\cfplogvw.INI
[2009/11/15 11:16:34 | 00,001,838 | ---- | C] () -- C:\Users\Zero\Desktop\HijackThis.lnk
[2009/11/12 14:34:32 | 00,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2009/11/12 14:24:51 | 00,000,697 | ---- | C] () -- C:\Users\Zero\Desktop\NTREGOPT.lnk
[2009/11/12 14:24:51 | 00,000,678 | ---- | C] () -- C:\Users\Zero\Desktop\ERUNT.lnk
[2009/11/12 13:39:45 | 00,000,350 | ---- | C] () -- C:\Windows\System32\Partizan.RRI
[2009/11/12 08:18:14 | 01,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2009/11/11 19:09:44 | 00,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/11 19:01:07 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/11/11 19:01:06 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
[2009/11/11 19:01:06 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/11/11 19:01:06 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/11/11 19:01:06 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/11/08 17:45:56 | 00,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/11/07 22:49:30 | 00,001,404 | ---- | C] () -- C:\Users\Zero\Desktop\BEACHINGGIRL-PC - Shortcut.lnk
[2009/10/15 21:05:27 | 00,012,800 | ---- | C] () -- C:\Windows\System32\DeskHack.dll
[2009/08/07 18:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/31 15:51:04 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/30 21:15:01 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/05/30 21:15:00 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/05/30 21:14:59 | 02,402,304 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2009/05/30 21:14:59 | 00,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/30 21:14:59 | 00,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/30 21:14:58 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/05/30 21:14:56 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/05/30 21:14:56 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/02/06 22:59:45 | 00,000,000 | ---- | C] () -- C:\Windows\WB.ini
[2009/02/06 22:52:40 | 00,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2008/12/13 18:22:41 | 00,000,000 | ---- | C] () -- C:\Users\Zero\AppData\Roaming\wklnhst.dat
[2008/11/06 16:30:41 | 00,002,032 | ---- | C] () -- C:\Users\Zero\AppData\Local\d3d9caps.dat
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/10/01 14:01:13 | 00,072,072 | ---- | C] () -- C:\Users\Zero\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2008/09/02 06:31:22 | 00,001,087 | ---- | C] () -- C:\Windows\wininit.ini
[2008/08/26 23:27:59 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/08/26 22:45:04 | 00,180,736 | ---- | C] () -- C:\Users\Zero\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/26 22:19:12 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/26 21:36:50 | 00,071,312 | ---- | C] () -- C:\Users\Zero\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/08/26 20:17:50 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/08/26 20:17:50 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/03/15 15:06:25 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/03/15 15:06:25 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/03/15 14:36:54 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/03/15 14:33:51 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2006/11/02 04:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 04:37:35 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 04:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 04:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 04:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 04:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 02:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/01 23:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/26 15:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/08/26 22:59:42 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\acccore
[2008/08/26 21:37:04 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Acer
[2008/03/15 14:47:09 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Acer GameZone Console
[2009/09/01 15:58:12 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\ATI
[2009/11/17 08:08:17 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Azureus
[2009/09/12 15:19:12 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Bioshock
[2009/09/01 14:50:00 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Blitware
[2009/07/17 13:01:42 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\DAEMON Tools Lite
[2008/12/03 15:51:53 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\eSobi
[2009/11/03 21:31:49 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\GameRanger
[2008/08/26 21:37:00 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Leadertech
[2009/10/22 20:26:29 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\LimeWire
[2008/09/02 14:00:31 | 00,000,000 | RH-D | M] -- C:\Users\Zero\AppData\Roaming\SecuROM
[2009/10/14 21:23:07 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Stardock
[2009/09/01 14:05:54 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\SystemRequirementsLab
[2008/12/13 18:22:42 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Template
[2008/11/28 14:55:10 | 00,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Ubisoft
[2009/11/18 07:24:11 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/18 07:23:06 | 00,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 288 bytes -> C:\Windows\System32\drivers\mphpryld.sys:changelist
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
  • 0

#10
chamber
Posted 18 November 2009 - 10:16 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Where you able to get ComboFix running using the instructions I gave above?
  • 0

Advertisements

#11
matrixdude171
Posted 18 November 2009 - 04:41 PM

matrixdude171

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I did the instructions and it didn't give me a date error, it just froze I think. I left it alone running for 6 hours just in case it was me who was freezing it but it didn't go. It stuck at the scanning page, and never moved on. When it did run right, it restarted my computer because it saw a rootkit and after the restart it worked.
  • 0

#12
chamber
Posted 19 November 2009 - 02:20 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
So ComboFix worked then? Do you have a log?
  • 0

#13
matrixdude171
Posted 19 November 2009 - 11:24 AM

matrixdude171

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
No, it didn't work. It froze at the scanning page even though I didn't touch anything.
  • 0

#14
chamber
Posted 19 November 2009 - 11:25 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Download avz4.zip from HERE
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
    Posted Image
  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
    Posted Image
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#15
matrixdude171
Posted 20 November 2009 - 01:02 AM

matrixdude171

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Okay, I've attached both files. It apparently picked up some stuff and has another log called virusinfo_cure, would you like me to upload that too?

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP